Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix #1008 -- Unassign policies when roles are deleted #1062

Merged
merged 2 commits into from
Jan 23, 2017
Merged

Fix #1008 -- Unassign policies when roles are deleted #1062

merged 2 commits into from
Jan 23, 2017

Conversation

oliverroick
Copy link
Member

Proposed changes in this pull request

  • Fixes Permissions issue: user changed from DC to PU in a project is still able to add/edit/delete records #1008: As @seav stated in the original bug report, permission policies were not removed from the user's assign policies when a project role is deleted. Policies were also not removed correctly when an organization admin role was deleted (as reported by @linzjax in the comments).
  • Introduces a post_delete hook for ProjectRole instances that makes sure policies are unassigned correctly. The functionality to reassign project roles now lives in assign_prj_policies, which is used for both updating and removing project roles.
  • Adds changes to assign_org_policies (formerly reassign_user_policies to make sure policies are removed when an organization admin role instance is deleted.
  • I also refactored functions related to permission assignment for both organisations and projects to make naming and functionality more consistent:
    • reassign_user_policies renamed to assign_org_policies
    • remove_project_membership renamed to remove_org_permissions
    • assign_org_policies to use delete flag instead of adding
  • organization.tests.test_models.ProjectRoleTest was refactored to test whether the policies are assigned to the user instead of specific permissions. This was necessary because the project user policy does not currently contain any permissions; it would not be possible to test if the role is assigned correctly.

When should this PR be merged

ASAP

Risks

None

Follow up actions

None

Checklist (for reviewing)

General

  • Is this PR explained thoroughly? All code changes must be accounted for in the PR description.
  • Is the PR labeled correctly? It should have the migration label if a new migration is added.
    Is the risk level assessment sufficient? The risks section should contain all risks that might be introduced with the PR and which actions we need to take to mitigate these risks. Possible risks are database migrations, new libraries that need to be installed or changes to deployment scripts.

Functionality

  • Are all requirements met? Compare implemented functionality with the requirements specification.
  • Does the UI work as expected? There should be no Javascript errors in the console; all resources should load. There should be no unexpected errors. Deliberately try to break the feature to find out if there are corner cases that are not handled.

Code

  • Do you fully understand the introduced changes to the code? If not ask for clarification, it might uncover ways to solve a problem in a more elegant and efficient way.
  • Does the PR introduce any inefficient database requests? Use the debug server to check for duplicate requests.
  • Are all necessary strings marked for translation? All strings that are exposed to users via the UI must be marked for translation.

Tests

  • Are there sufficient test cases? Ensure that all components are tested individually; models, forms, and serializers should be tested in isolation even if a test for a view covers these components.
  • If this is a bug fix, are tests for the issue in place There must be a test case for the bug to ensure the issue won’t regress. Make sure that the tests break without the new code to fix the issue.

Documentation

  • Are changes to the UI documented in the platform docs? If this PR introduces new platform site functionality or changes existing ones, the changes must be documented in the Cadasta Platform Documentation.
  • Are changes to the API documented in the API docs? If this PR introduces new API functionality or changes existing ones, the changes must be documented in the API docs.
  • Are reusable components documented? If this PR introduces components that are relevant to other developers (for instance a mixin for a view or a generic form) they should be documented in the Wiki.

bjohare
bjohare suggested changes Jan 16, 2017
View reviewed changes
Copy link
Contributor

@bjohare bjohare left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor issue with unused code in ProjectRoleTest. Other than that it looks good to me. Permissions were tested in the UI and using ODK and look correct.

cadasta/organization/tests/test_models.py
@@ -174,10 +183,22 @@ def test_has_records(self):


class ProjectRoleTest(UserTestCase, TestCase):
def _get_roles(self):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't appear to be needed?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed, that's removed now.

@amplifi amplifi merged commit 5f288e9 into master Jan 23, 2017
@amplifi amplifi deleted the bugfix/#1008 branch January 23, 2017 15:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@linzjax linzjax linzjax approved these changes

@bjohare bjohare bjohare approved these changes

Assignees
No one assigned
Labels
PR: approved PR: bugfix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Permissions issue: user changed from DC to PU in a project is still able to add/edit/delete records
4 participants
@oliverroick @bjohare @linzjax @amplifi