def members(self, request, *args, **kwargs): team = self.get_object() data = {} status_code = status.HTTP_200_OK if request.method in ['DELETE', 'POST']: username = request.DATA.get('username') or\ request.QUERY_PARAMS.get('username') if username: try: user = User.objects.get(username__iexact=username) except User.DoesNotExist: status_code = status.HTTP_400_BAD_REQUEST data['username'] = [ _(u"User `%(username)s` does not exist." % {'username': username})] else: if request.method == 'POST': add_user_to_team(team, user) elif request.method == 'DELETE': remove_user_from_team(team, user) status_code = status.HTTP_201_CREATED else: status_code = status.HTTP_400_BAD_REQUEST data['username'] = [_(u"This field is required.")] if status_code in [status.HTTP_200_OK, status.HTTP_201_CREATED]: data = [u.username for u in team.user_set.all()] return Response(data, status=status_code)
def _set_organization_role_to_user(organization, user, role): role_cls = ROLES.get(role) role_cls.add(user, organization) owners_team = get_organization_owners_team(organization) # add the owner to owners team if role == OwnerRole.name: add_user_to_team(owners_team, user) if role != OwnerRole.name: remove_user_from_team(owners_team, user)
def test_add_project_perms_to_team(self): # create an org, user, team organization = self._create_organization("test org", self.user) user_deno = self._create_user('deno', 'deno') # add a member to the team team = tools.create_organization_team(organization, "test team") tools.add_user_to_team(team, user_deno) project = Project.objects.create(name="Test Project", organization=organization, created_by=user_deno, metadata='{}') # confirm that the team has no permissions self.assertFalse(team.groupobjectpermission_set.all()) # set DataEntryRole role of project on team DataEntryRole.add(team, project) content_type = ContentType.objects.get( model=project.__class__.__name__.lower(), app_label=project.__class__._meta.app_label) object_permissions = team.groupobjectpermission_set.filter( object_pk=project.pk, content_type=content_type) permission_names = sorted( [p.permission.codename for p in object_permissions]) self.assertEqual([ CAN_EXPORT_PROJECT, CAN_ADD_SUBMISSIONS_PROJECT, CAN_VIEW_PROJECT ], permission_names) self.assertEqual(get_team_project_default_permissions(team, project), DataEntryRole.name) # Add a new user user_sam = self._create_user('Sam', 'sammy_') self.assertFalse(user_sam.has_perm(CAN_VIEW_PROJECT, project)) self.assertFalse(user_sam.has_perm(CAN_ADD_XFORM, project)) # Add the user to the group tools.add_user_to_team(team, user_sam) # assert that team member has default perm set on team self.assertTrue(user_sam.has_perm(CAN_VIEW_PROJECT, project)) # assert that removing team member revokes perms tools.remove_user_from_team(team, user_sam) self.assertFalse(user_sam.has_perm(CAN_VIEW_PROJECT, project)) self.assertFalse(user_sam.has_perm(CAN_ADD_XFORM, project))
def _set_organization_role_to_user(organization, user, role): role_cls = ROLES.get(role) role_cls.add(user, organization) owners_team = get_organization_owners_team(organization) # add the owner to owners team if role == OwnerRole.name: add_user_to_team(owners_team, user) # add user to org projects for project in organization.user.project_org.all(): ShareProject(project, user.username, role).save() if role != OwnerRole.name: remove_user_from_team(owners_team, user)
def test_add_project_perms_to_team(self): # create an org, user, team organization = self._create_organization("test org", self.user) user_deno = self._create_user("deno", "deno") # add a member to the team team = tools.create_organization_team(organization, "test team") tools.add_user_to_team(team, user_deno) project = Project.objects.create( name="Test Project", organization=organization, created_by=user_deno, metadata="{}" ) # confirm that the team has no permissions self.assertFalse(team.groupobjectpermission_set.all()) # set DataEntryRole role of project on team DataEntryRole.add(team, project) content_type = ContentType.objects.get( model=project.__class__.__name__.lower(), app_label=project.__class__._meta.app_label ) object_permissions = team.groupobjectpermission_set.filter(object_pk=project.pk, content_type=content_type) permission_names = sorted([p.permission.codename for p in object_permissions]) self.assertEqual([CAN_EXPORT_PROJECT, CAN_ADD_SUBMISSIONS_PROJECT, CAN_VIEW_PROJECT], permission_names) self.assertEqual(get_team_project_default_permissions(team, project), DataEntryRole.name) # Add a new user user_sam = self._create_user("Sam", "sammy_") self.assertFalse(user_sam.has_perm(CAN_VIEW_PROJECT, project)) self.assertFalse(user_sam.has_perm(CAN_ADD_XFORM, project)) # Add the user to the group tools.add_user_to_team(team, user_sam) # assert that team member has default perm set on team self.assertTrue(user_sam.has_perm(CAN_VIEW_PROJECT, project)) # assert that removing team member revokes perms tools.remove_user_from_team(team, user_sam) self.assertFalse(user_sam.has_perm(CAN_VIEW_PROJECT, project)) self.assertFalse(user_sam.has_perm(CAN_ADD_XFORM, project))
def _check_set_role(request, organization, username, required=False): """ Confirms the role and assigns the role to the organization """ role = request.data.get('role') role_cls = ROLES.get(role) if not role or not role_cls: if required: message = (_(u"'%s' is not a valid role." % role) if role else _(u"This field is required.")) else: message = _(u"'%s' is not a valid role." % role) return status.HTTP_400_BAD_REQUEST, {'role': [message]} else: data, status_code = _update_username_role(organization, username, role_cls) if status_code not in [status.HTTP_200_OK, status.HTTP_201_CREATED]: return (status_code, data) owners_team = get_organization_owners_team(organization) try: user = User.objects.get(username=username) except User.DoesNotExist: data = { 'username': [ _(u"User `%(username)s` does not exist." % {'username': username}) ] } return (status.HTTP_400_BAD_REQUEST, data) # add the owner to owners team if role == OwnerRole.name: add_user_to_team(owners_team, user) if role != OwnerRole.name: remove_user_from_team(owners_team, user) return (status.HTTP_200_OK, []) if request.method == 'PUT' \ else (status.HTTP_201_CREATED, [])
def test_add_project_perms_to_team(self): # create an org, user, team organization = self._create_organization("test org", self.user) user_deno = self._create_user('deno', 'deno') # add a member to the team team = tools.create_organization_team(organization, "test team") tools.add_user_to_team(team, user_deno) project = Project.objects.create(name="Test Project", organization=organization, created_by=user_deno, metadata='{}') # confirm that the team has no permissions on project self.assertFalse(get_perms(team, project)) # set DataEntryRole role of project on team DataEntryRole.add(team, project) self.assertEqual([CAN_EXPORT_PROJECT, CAN_ADD_SUBMISSIONS_PROJECT, CAN_VIEW_PROJECT, CAN_VIEW_PROJECT_ALL, CAN_VIEW_PROJECT_DATA], sorted(get_perms(team, project))) self.assertEqual(get_team_project_default_permissions(team, project), DataEntryRole.name) # Add a new user user_sam = self._create_user('Sam', 'sammy_') self.assertFalse(user_sam.has_perm(CAN_VIEW_PROJECT, project)) self.assertFalse(user_sam.has_perm(CAN_ADD_XFORM, project)) # Add the user to the group tools.add_user_to_team(team, user_sam) # assert that team member has default perm set on team self.assertTrue(user_sam.has_perm(CAN_VIEW_PROJECT, project)) # assert that removing team member revokes perms tools.remove_user_from_team(team, user_sam) self.assertFalse(user_sam.has_perm(CAN_VIEW_PROJECT, project)) self.assertFalse(user_sam.has_perm(CAN_ADD_XFORM, project))
def test_add_project_perms_to_team(self): # create an org, user, team organization = self._create_organization("test org", self.user) user_deno = self._create_user('deno', 'deno') # add a member to the team team = tools.create_organization_team(organization, "test team") tools.add_user_to_team(team, user_deno) project = Project.objects.create(name="Test Project", organization=organization, created_by=user_deno, metadata='{}') # confirm that the team has no permissions on project self.assertFalse(get_perms(team, project)) # set DataEntryRole role of project on team DataEntryRole.add(team, project) self.assertEqual([ CAN_EXPORT_PROJECT, CAN_ADD_SUBMISSIONS_PROJECT, CAN_VIEW_PROJECT, CAN_VIEW_PROJECT_ALL, CAN_VIEW_PROJECT_DATA ], sorted(get_perms(team, project))) self.assertEqual(get_team_project_default_permissions(team, project), DataEntryRole.name) # Add a new user user_sam = self._create_user('Sam', 'sammy_') self.assertFalse(user_sam.has_perm(CAN_VIEW_PROJECT, project)) self.assertFalse(user_sam.has_perm(CAN_ADD_XFORM, project)) # Add the user to the group tools.add_user_to_team(team, user_sam) # assert that team member has default perm set on team self.assertTrue(user_sam.has_perm(CAN_VIEW_PROJECT, project)) # assert that removing team member revokes perms tools.remove_user_from_team(team, user_sam) self.assertFalse(user_sam.has_perm(CAN_VIEW_PROJECT, project)) self.assertFalse(user_sam.has_perm(CAN_ADD_XFORM, project))
def _check_set_role(request, organization, username, required=False): """ Confirms the role and assigns the role to the organization """ role = request.DATA.get('role') role_cls = ROLES.get(role) if not role or not role_cls: if required: message = (_(u"'%s' is not a valid role." % role) if role else _(u"This field is required.")) else: message = _(u"'%s' is not a valid role." % role) return status.HTTP_400_BAD_REQUEST, {'role': [message]} else: _update_username_role(organization, username, role_cls) owners_team = get_organization_owners_team(organization) try: user = User.objects.get(username=username) except User.DoesNotExist: data = {'username': [_(u"User `%(username)s` does not exist." % {'username': username})]} return (status.HTTP_400_BAD_REQUEST, data) # add the owner to owners team if role == OwnerRole.name: add_user_to_team(owners_team, user) if role != OwnerRole.name: remove_user_from_team(owners_team, user) return (status.HTTP_200_OK, []) if request.method == 'PUT' \ else (status.HTTP_201_CREATED, [])