Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add check if user has permission to add a project to a profile. #1385

Merged
merged 10 commits into from
Apr 27, 2018
Merged

Add check if user has permission to add a project to a profile. #1385

merged 10 commits into from
Apr 27, 2018

Conversation

ukanga
Copy link
Member

@ukanga ukanga commented Apr 26, 2018

No description provided.

@ukanga ukanga requested a review from moshthepitt April 26, 2018 12:18
@pld
Copy link
Member

pld commented Apr 26, 2018

is there an issue this is tied to?

@moshthepitt
Copy link
Contributor

@pld I believe this is tied to https://github.com/onaio/core/issues/1357

pld
pld requested changes Apr 26, 2018
View reviewed changes
Copy link
Member

@pld pld left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only thing to change is the typo.

But also, I don't see any explicit tested for project creation in another users account that replicates the production error.

onadata/apps/api/management/commands/apply_can_add_project_perms.py Outdated
@@ -0,0 +1,55 @@
# -*- coding: utf-8 -*-
"""
Command apply_can_add_preject_perms - applys can_add_project permission to all
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo, preject -> project

onadata/apps/api/management/commands/apply_can_add_project_perms.py

class Command(BaseCommand):
"""
Command apply_can_add_preject_perms - applys can_add_project permission to
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo

onadata/libs/serializers/project_serializer.py Outdated
PROJ_BASE_FORMS_CACHE, PROJ_FORMS_CACHE, PROJ_NUM_DATASET_CACHE,
PROJ_PERM_CACHE, PROJ_SUB_DATE_CACHE, PROJ_TEAM_USERS_CACHE,
PROJECT_LINKED_DATAVIEWS, safe_delete)
from onadata.libs.utils.decorators import check_obj


def get_obj_xforms(obj):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't remember if there's a historical reason why we have obj throughout this namespace, but it looks like a future refactor would be to change that to project

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Migration from being in the serializer which expects obj to being a function outside of the serializer, this are the remnants.

onadata/libs/serializers/project_serializer.py
).first()
if md and hasattr(md, 'data_value') and md.data_value:
return True
fields = ('name', 'formid', 'id_string', 'num_of_submissions',
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👎

@moshthepitt
Copy link
Contributor

@ukanga would we need the same kind of fix for XForms?

@pld
Copy link
Member

pld commented Apr 26, 2018

Does the same kind of error exist for XForm?

@ukanga
Copy link
Member Author

ukanga commented Apr 26, 2018

But also, I don't see any explicit tested for project creation in another users account that replicates the production error.

@pld are you talking about this test?

onadata/onadata/apps/api/tests/viewsets/test_project_viewset.py

Line 1500 in 387212f

self.assertEqual(response.status_code, 400)

@pld
Copy link
Member

pld commented Apr 26, 2018

No, since that's tests for moving a project. Replicating the error would be on creating a project in another users account.

ukanga added 9 commits April 27, 2018 09:46
@ukanga
Add 'can_add_project' permission to User/Organization Profiles.
f5cb772
@ukanga
Checkuser has permission to create a project in the account
a697f79
@ukanga
Update user/org profile permissions for roles.
520af1b
@ukanga
Code cleanup in organization_profile.py
b883995
@ukanga
Code cleanup
3c2243d
@ukanga
Add management command apply_can_add_project_perms
90621e7 
Command apply_can_add_project_perms - applies can_add_project permission
to all users who have can_add_xform permission to a user/organization
profile.

This was necessary because we previously, before April 2018, did not
have can_add_project permission on the UserProfile and
OrganizationProfile classes. An attempt on doing this in migrations
seems not to be a recommended approach.
@ukanga
Update CHANGES.rst
96a4478
@ukanga
Test a user requires permission to create projects in a diffrent user…
838dcb9 
… account.
@ukanga
Fix typo
caa1b54
@ukanga ukanga force-pushed the project-owner-check branch from 387212f to caa1b54 Compare April 27, 2018 09:15
@ukanga
Copy link
Member Author

ukanga commented Apr 27, 2018

@ukanga would we need the same kind of fix for XForms?

@moshthepitt no, when using the projects endpoint the user needs to be a manager of the project. On the forms endpoint there is an explicit check if a user has 'can_add_xform'. On the xforms front this is not an issue.

@ukanga
Copy link
Member Author

ukanga commented Apr 27, 2018

@pld I have added the test 838dcb9 and fixed the typo caa1b54 .

@pld
Copy link
Member

pld commented Apr 27, 2018

nearly green, let's merge, get it in next release

@ukanga ukanga merged commit bdcd539 into master Apr 27, 2018
@ukanga ukanga deleted the project-owner-check branch April 27, 2018 13:53
@ukanga ukanga added this to the Week 17 - 18 milestone Apr 30, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@moshthepitt moshthepitt moshthepitt approved these changes

@pld pld pld approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Week 17 - 18
Development

Successfully merging this pull request may close these issues.
3 participants
@ukanga @pld @moshthepitt