Assign Owner permission to creator for organization account UserProfile

- Add OwnerRole permissions to creator for OrganizationalProfile.userprofile_ptr
onaio · Jan 7, 2020 · 98f4b69 · 98f4b69
1 parent aae8938
commit 98f4b69
Show file tree

Hide file tree

Showing 3 changed files with 74 additions and 1 deletion.
diff --git a/onadata/apps/api/models/organization_profile.py b/onadata/apps/api/models/organization_profile.py
@@ -52,6 +52,25 @@ def create_owner_team_and_permissions(sender, instance, created, **kwargs):
             if instance.created_by and instance.created_by != instance.creator:
                 assign_perm(perm.codename, instance.created_by, instance)
 
+        if instance.userprofile_ptr:
+            for perm in get_perms_for_model(
+                    instance.userprofile_ptr.__class__):
+                assign_perm(
+                    perm.codename, instance.user, instance.userprofile_ptr)
+
+                if instance.creator:
+                    assign_perm(
+                        perm.codename,
+                        instance.creator,
+                        instance.userprofile_ptr)
+
+                if instance.created_by and\
+                        instance.created_by != instance.creator:
+                    assign_perm(
+                        perm.codename,
+                        instance.created_by,
+                        instance.userprofile_ptr)
+
 
 @python_2_unicode_compatible
 class OrganizationProfile(UserProfile):

diff --git a/onadata/apps/api/tests/viewsets/test_organization_profile_viewset.py b/onadata/apps/api/tests/viewsets/test_organization_profile_viewset.py
@@ -3,14 +3,15 @@
 from builtins import str as text
 
 from django.contrib.auth.models import User
+from django.shortcuts import get_object_or_404
 
 from onadata.apps.api.tests.viewsets.test_abstract_viewset import\
     TestAbstractViewSet
 from onadata.apps.api.viewsets.organization_profile_viewset import\
     OrganizationProfileViewSet
 from onadata.apps.api.viewsets.user_profile_viewset import UserProfileViewSet
 from onadata.apps.api.viewsets.project_viewset import ProjectViewSet
-from onadata.libs.permissions import OwnerRole
+from onadata.libs.permissions import EditorRole, OwnerRole
 from onadata.apps.api.tools import (get_organization_owners_team,
                                     add_user_to_organization)
 from onadata.apps.api.models.organization_profile import OrganizationProfile
@@ -1028,3 +1029,55 @@ def test_creator_in_users(self):
             'gravatar': self.user.profile.gravatar
         }
         self.assertIn(expected_user, response.data[0]['users'])
+
+    def test_creator_and_user_permissions(self):
+        """
+        Test that the creator of the organization has the necessary
+        permissions
+        """
+        self._org_create()
+        request = self.factory.get('/', **self.extra)
+        response = self.view(request)
+        self.assertNotEqual(response.get('Cache-Control'), None)
+        self.assertEqual(response.status_code, 200)
+
+        orgs = OrganizationProfile.objects.filter(creator=self.user)
+        self.assertEqual(orgs.count(), 1)
+        org = OrganizationProfile.objects.filter(creator=self.user).first()
+
+        self.assertTrue(OwnerRole.user_has_role(self.user, org))
+        self.assertTrue(OwnerRole.user_has_role(self.user, org.userprofile_ptr))
+
+        members_view = OrganizationProfileViewSet.as_view({
+            'post': 'members',
+        })
+
+        self.profile_data['username'] = "dave"
+        dave = self._create_user_profile().user
+
+        data = {'username': 'dave',
+                'role': 'owner'}
+        request = self.factory.post(
+            '/', data=json.dumps(data),
+            content_type="application/json", **self.extra)
+        response = members_view(request, user='denoinc')
+        self.assertEqual(response.status_code, 201)
+
+        self.assertTrue(OwnerRole.user_has_role(dave, org))
+        self.assertTrue(
+            OwnerRole.user_has_role(dave, org.userprofile_ptr))
+
+        # The following is currently only here to express the need to assign
+        # perms to the `userprofile_ptr`
+        user = get_object_or_404(User, username=org.user.username)
+
+        # the user object returned by get_object_or_404 links to
+        # the userprofile_ptr for some reason..
+        self.assertNotEqual(user.profile, org)
+        self.assertEqual(user.profile, org.userprofile_ptr)
+
+        user = User.objects.get(username=org.user.username)
+        # the user object returned by the User model also links to
+        # userprofile_ptr for some reason
+        self.assertNotEqual(user.profile, org)
+        self.assertEqual(user.profile, org.userprofile_ptr)
diff --git a/onadata/libs/serializers/organization_member_serializer.py b/onadata/libs/serializers/organization_member_serializer.py
@@ -41,6 +41,7 @@ def _set_organization_role_to_user(organization, user, role):
 
     # add the owner to owners team
     if role == OwnerRole.name:
+        role_cls.add(user, organization.userprofile_ptr)
         add_user_to_team(owners_team, user)
         # add user to org projects
         for project in organization.user.project_org.all():