Merge pull request #2323 from onaio/fix-org-members-permissions

Fix org members permissions
onaio · Oct 6, 2022 · 35ee5e1 · 35ee5e1
2 parents ab11478 + f5ea169
commit 35ee5e1
Show file tree

Hide file tree

Showing 2 changed files with 62 additions and 8 deletions.
diff --git a/onadata/apps/api/tests/viewsets/test_organization_profile_viewset.py b/onadata/apps/api/tests/viewsets/test_organization_profile_viewset.py
@@ -23,7 +23,7 @@
 from onadata.apps.api.viewsets.project_viewset import ProjectViewSet
 from onadata.apps.api.viewsets.user_profile_viewset import UserProfileViewSet
 from onadata.apps.main.models import UserProfile
-from onadata.libs.permissions import OwnerRole
+from onadata.libs.permissions import OwnerRole, EditorRole
 
 
 # pylint: disable=too-many-public-methods
@@ -283,7 +283,6 @@ def test_add_members_to_org(self):
         request = self.factory.post(
             "/", data=json.dumps(data), content_type="application/json", **self.extra
         )
-
         response = view(request, user="denoinc")
         self.assertEqual(response.status_code, 201)
         self.assertEqual(set(response.data), set(["denoinc", "aboy"]))
@@ -812,6 +811,37 @@ def test_org_members_added_to_projects(self):
         self.assertIn("aboy", users_in_users)
         self.assertIn("alice", users_in_users)
 
+    def test_member_added_to_org_with_correct_perms(self):
+        # create org
+        self._org_create()
+        project_data = {"owner": self.company_data["user"]}
+
+        # create project under org
+        self._project_create(project_data)
+        self._publish_xls_form_to_project()
+
+        # add member to org
+        view = OrganizationProfileViewSet.as_view({"post": "members"})
+
+        # create new user
+        self.profile_data["username"] = "aboy"
+        self.profile_data["email"] = "[email protected]"
+        self._create_user_profile()
+        data = {"username": "aboy", "role": "editor"}
+
+        # add new user as member to org with editor permissions
+        request = self.factory.post(
+            "/", data=json.dumps(data), content_type="application/json", **self.extra
+        )
+        response = view(request, user="denoinc")
+        self.assertEqual(response.status_code, 201)
+
+        member = User.objects.get(username="aboy")
+
+        # Assert that user has xform and project permissions
+        self.assertTrue(EditorRole.user_has_role(member, self.xform))
+        self.assertTrue(EditorRole.user_has_role(member, self.project))
+
     def test_put_role_user_none_existent(self):
         self._org_create()
         newname = "i-do-no-exist"

diff --git a/onadata/libs/serializers/organization_member_serializer.py b/onadata/libs/serializers/organization_member_serializer.py
@@ -17,9 +17,13 @@
     remove_user_from_organization,
     remove_user_from_team,
 )
-from onadata.libs.models.share_project import ShareProject
-from onadata.libs.permissions import ROLES, OwnerRole, is_organization
+from onadata.libs.permissions import (
+    ROLES, OwnerRole, is_organization
+)
 from onadata.libs.serializers.fields.organization_field import OrganizationField
+from onadata.libs.serializers.share_project_serializer import (
+    ShareProjectSerializer
+)
 from onadata.settings.common import DEFAULT_FROM_EMAIL, SHARE_ORG_SUBJECT
 
 User = get_user_model()
@@ -40,15 +44,35 @@ def _set_organization_role_to_user(organization, user, role):
 
     owners_team = get_or_create_organization_owners_team(organization)
 
-    # add the owner to owners team
+    # add user to their respective team
     if role == OwnerRole.name:
+        # add user to owners team
         role_cls.add(user, organization.userprofile_ptr)
         add_user_to_team(owners_team, user)
         # add user to org projects
         for project in organization.user.project_org.all():
-            ShareProject(project, user.username, role).save()
-
-    if role != OwnerRole.name:
+            data = {
+                "project": project.pk,
+                "username": user.username,
+                "role": role
+            }
+            serializer = ShareProjectSerializer(data=data)
+            if serializer.is_valid():
+                serializer.save()
+
+    elif role != OwnerRole.name:
+        # add user to org projects
+        for project in organization.user.project_org.all():
+            data = {
+                "project": project.pk,
+                "username": user.username,
+                "role": role
+            }
+            serializer = ShareProjectSerializer(data=data)
+            if serializer.is_valid():
+                serializer.save()
+
+        # remove user from owners team
         remove_user_from_team(owners_team, user)