Fix organization users API issues

- Fix #603: org/project user deletion
- Fix #608: new org users as admins

cadasta/organization/serializers.py

@@ -153,8 +153,12 @@ def validate_username(self, value):
     def create(self, validated_data):
         obj = self.context[self.Meta.context_key]
 
+        role_value = validated_data['role']
+        if role_value.lower() == 'false':
+            role_value = False
+
         create_kwargs = {
-            self.Meta.role_key: validated_data['role'],
+            self.Meta.role_key: role_value,
             self.Meta.context_key: obj,
             'user': self.user,
         }

cadasta/organization/tests/test_views_api_organizations.py

@@ -8,6 +8,7 @@
 from tutelary.models import Policy, assign_user_policies
 
 from core.tests.base_test_case import UserTestCase
+from accounts.models import User
 from accounts.tests.factories import UserFactory
 from .factories import OrganizationFactory, clause
 from ..models import Organization, OrganizationRole
@@ -372,6 +373,8 @@ def test_add_user(self):
         org = self.create_normal_org()
         new_user = UserFactory.create()
         self._post(org, {'username': new_user.username}, status=201, count=3)
+        r = OrganizationRole.objects.get(organization=org, user=new_user)
+        assert not r.admin
 
     def test_add_user_with_unauthorized_user(self):
         org = self.create_normal_org()
@@ -481,6 +484,7 @@ def test_remove_user(self):
         org = OrganizationFactory.create(add_users=[user, user_to_remove])
         self._delete(org, user_to_remove.username, status=204, count=1)
         assert user_to_remove not in org.users.all()
+        assert user_to_remove in User.objects.all()
 
     def test_remove_with_unauthorized_user(self):
         user = UserFactory.create()

cadasta/organization/tests/test_views_api_projects.py

@@ -8,6 +8,7 @@
 from tutelary.models import Policy, assign_user_policies
 
 from core.tests.base_test_case import UserTestCase
+from accounts.models import User
 from accounts.tests.factories import UserFactory
 from .factories import OrganizationFactory, ProjectFactory, clause
 from ..models import Project, ProjectRole, OrganizationRole
@@ -199,6 +200,7 @@ def _delete(self, org, project, user, auth=None, status=None, count=None):
             assert response.status_code == status
         if count is not None:
             assert project.users.count() == count
+        assert User.objects.get(username=user) in User.objects.all()
 
     def test_get_user(self):
         user = UserFactory.create()

cadasta/organization/views/api.py

@@ -4,7 +4,7 @@
 
 from accounts.models import User
 
-from ..models import Organization
+from ..models import Organization, OrganizationRole, ProjectRole
 from .. import serializers
 from . import mixins
 
@@ -63,9 +63,9 @@ class OrganizationUsersDetail(APIPermissionRequiredMixin,
     permission_required = 'org.users.remove'
 
     def destroy(self, request, *args, **kwargs):
-        user = self.get_object()
-        role = self.org.users.get(id=user.id)
-        role.delete()
+        OrganizationRole.objects.get(
+            organization=self.org, user=self.get_object()
+        ).delete()
 
         return Response(status=status.HTTP_204_NO_CONTENT)
 
@@ -195,8 +195,8 @@ class ProjectUsersDetail(APIPermissionRequiredMixin,
     }
 
     def destroy(self, request, *args, **kwargs):
-        user = self.get_object()
-        role = self.prj.users.get(id=user.id)
-        role.delete()
+        ProjectRole.objects.get(
+            project=self.prj, user=self.get_object()
+        ).delete()
 
         return Response(status=status.HTTP_204_NO_CONTENT)