Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assign Owner permission to creator for organization account UserProfile #1757

Merged
merged 3 commits into from
Jan 9, 2020
Merged

Assign Owner permission to creator for organization account UserProfile #1757

merged 3 commits into from
Jan 9, 2020

Conversation

DavisRayM
Copy link
Contributor

@DavisRayM DavisRayM commented Jan 7, 2020
edited
Loading

Changes / Features implemented

  • Add OwnerRole permissions to creator for OrganizationalProfile.userprofile_ptr
  • Remove Role permissions from a user when they are removed from an organization

Pending work on PR

  • Make sure users added into the organization have the correct permissions
  • Make sure users permissions are removed when the user is removed from the organization

Steps taken to verify this change does what is intended

  • Added a test to verify that the change works

Side effects of implementing this change

  • In order for these changes to take effect for all existing organizations the set_api_permissions management command needs to be run

Additional Information

Issue #1754 is being caused because the User object returned through User.objects.get and get_object_or_404 links to a UserProfile and not a OrganizationProfile when user.profile is called. The user / creator in this case normally doesn't have the OwnerRole / can_add_xform attached to the UserProfile / org.userprofile_ptr.

The UserProfile is present due to how django handles model inheritances(more info on that here), as such it seems for some reason the User object defaults to linking to org_profile.userprofile_ptr

Closes #1754

@DavisRayM DavisRayM force-pushed the 1754-ownerrole-org-permissions branch from c2b11f6 to 60affe6 Compare January 7, 2020 13:43
@DavisRayM
Copy link
Contributor Author

DavisRayM commented Jan 7, 2020
edited
Loading

This PR contains one approach on how to solve the Issue.

The approach: Assign Permissions for org.userprofile_ptr to users

@DavisRayM DavisRayM force-pushed the 1754-ownerrole-org-permissions branch 3 times, most recently from 98f4b69 to 47f0caf Compare January 8, 2020 05:50
@DavisRayM DavisRayM changed the title [WIP] Assign Owner permission to creator for organization account UserProfile Assign Owner permission to creator for organization account UserProfile Jan 8, 2020
@DavisRayM DavisRayM force-pushed the 1754-ownerrole-org-permissions branch 2 times, most recently from bed93a4 to aa04155 Compare January 8, 2020 11:42
ivermac
ivermac suggested changes Jan 8, 2020
View reviewed changes
Copy link
Contributor

@ivermac ivermac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other than the single comment, it looks good to me!

onadata/apps/api/tests/viewsets/test_organization_profile_viewset.py Outdated Show resolved Hide resolved
@DavisRayM DavisRayM force-pushed the 1754-ownerrole-org-permissions branch from aa04155 to ebf9753 Compare January 8, 2020 13:44
ivermac
ivermac previously approved these changes Jan 8, 2020
View reviewed changes
Copy link
Contributor

@ivermac ivermac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

@DavisRayM
Assign Owner permission to creator for organization account UserProfile
6944ad5 
- Add OwnerRole permissions to creator for OrganizationalProfile.userprofile_ptr
@DavisRayM
Update set_api_permissions management command
12fc9ea 
- Assign permission for OrganizationProfile.userprofile_ptr to the Owner of an Org
@DavisRayM
Remove object permissions from user when removed from organization
20c29db 
- Rename test_creator_and_user_permission to test_creator_permissions
- Update test to verify object permissions are revoked
@DavisRayM DavisRayM force-pushed the 1754-ownerrole-org-permissions branch from ebf9753 to 20c29db Compare January 9, 2020 05:43
@ukanga ukanga merged commit 3badc7c into master Jan 9, 2020
@ukanga ukanga deleted the 1754-ownerrole-org-permissions branch January 9, 2020 12:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ukanga ukanga ukanga approved these changes

@ivermac ivermac ivermac left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Assign OwnerRole explicitly to and org creator
3 participants
@DavisRayM @ukanga @ivermac