OM-70: add additional roles (#11)

* OM-70: add additional roles * OM-70: get models using get_model --------- Co-authored-by: Jan <[email protected]>
openimis · Nov 6, 2023 · b59ae37 · b59ae37
1 parent 81098af
commit b59ae37
Show file tree

Hide file tree

Showing 4 changed files with 68 additions and 11 deletions.
diff --git a/msystems/apps.py b/msystems/apps.py
@@ -99,6 +99,7 @@ class MsystemsConfig(AppConfig):
     INSPECTOR = 'Inspector'
     EMPLOYER = 'Employer'
     IMIS_ADMIN = 'IMIS Administrator'
+    ENROLMENT_OFFICER = 'Enrolment Officer'
     ##### ------------------ ####
 
     saml_config = None

diff --git a/msystems/migrations/0003_add_search_policyholders_perms.py b/msystems/migrations/0003_add_search_policyholders_perms.py
@@ -0,0 +1,50 @@
+# Generated by Django 3.2.21 on 2023-11-03 16:46
+
+from django.db import migrations
+
+
+POLICY_HOLDER_SEARCH_PERM = [150101, 150201, 150301]
+ROLE_NAME_INSPECTOR = "Inspector"
+ROLE_NAME_EMPLOYER = "Employer"
+
+
+def add_rights(role_name, role_model, role_right_model):
+    role = role_model.objects.get(name=role_name)
+    for right_id in POLICY_HOLDER_SEARCH_PERM:
+        if not role_right_model.objects.filter(validity_to__isnull=True, role=role, right_id=right_id).exists():
+            _add_right_for_role(role, right_id, role_right_model)
+
+
+def _add_right_for_role(role, right_id, role_right_model):
+    role_right_model.objects.create(role=role, right_id=right_id, audit_user_id=1)
+
+
+def remove_rights(role_id, role_right_model):
+    role_right_model.objects.filter(
+        role__is_system=role_id,
+        right_id__in=POLICY_HOLDER_SEARCH_PERM,
+        validity_to__isnull=True
+    ).delete()
+
+
+def on_migration(apps, schema_editor):
+    role_model = apps.get_model("core", "role")
+    role_right_model = apps.get_model("core", "roleright")
+    add_rights(ROLE_NAME_INSPECTOR, role_model, role_right_model)
+    add_rights(ROLE_NAME_EMPLOYER, role_model, role_right_model)
+
+
+def on_reverse_migration(apps, schema_editor):
+    role_right_model = apps.get_model("core", "roleright")
+    remove_rights(ROLE_NAME_INSPECTOR, role_right_model)
+    remove_rights(ROLE_NAME_EMPLOYER, role_right_model)
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('msystems', '0002_add_roles'),
+    ]
+
+    operations = [
+    ]
diff --git a/msystems/services.py b/msystems/services.py
@@ -142,10 +142,13 @@ def _add_new_user_policyholders(self, user: User, policyholders: List[PolicyHold
 
     def _add_new_user_roles(self, user: User, roles: List[str]):
         current_user_roles = UserRole.objects.filter(user=user.i_user, validity_to__isnull=True)
-        for role in roles:
-            parsed_role = self._parse_msystem_role_to_imis_role(role)
-            if not current_user_roles.filter(role=parsed_role).exists():
-                UserRole(user=user.i_user, role=parsed_role).save()
+
+        parsed_roles = [parsed_role for role in roles for parsed_role in self._parse_msystem_role_to_imis_role(role)]
+
+        new_roles = [parsed_role for parsed_role in parsed_roles if
+                     not current_user_roles.filter(role=parsed_role).exists()]
+
+        UserRole.objects.bulk_create([UserRole(user=user.i_user, role=role) for role in new_roles])
 
     def _update_roles(self, i_user, imis_role_ids):
         self._remove_previous_user_roles(i_user)
@@ -163,10 +166,13 @@ def _remove_previous_user_roles(self, i_user):
                 role.delete_history()
 
     def _parse_msystem_role_to_imis_role(self, msystem_role):
-        role_string = msystem_role
-        if msystem_role == MsystemsConfig.ADMIN:
-            role_string = MsystemsConfig.IMIS_ADMIN
-        return Role.objects.filter(name=role_string).first()
+        role_mapping = {
+            MsystemsConfig.ADMIN: [MsystemsConfig.IMIS_ADMIN, MsystemsConfig.ENROLMENT_OFFICER],
+            MsystemsConfig.EMPLOYER: [MsystemsConfig.EMPLOYER, MsystemsConfig.ENROLMENT_OFFICER],
+            MsystemsConfig.INSPECTOR: [MsystemsConfig.INSPECTOR, MsystemsConfig.ENROLMENT_OFFICER],
+        }
+
+        return [Role.objects.get(name=imis_role) for imis_role in role_mapping.get(msystem_role, [])]
 
     def _validate_incoming_roles(self, role):
         if role not in [MsystemsConfig.ADMIN, MsystemsConfig.EMPLOYER, MsystemsConfig.INSPECTOR]:

diff --git a/msystems/tests/saml_user_service_tests.py b/msystems/tests/saml_user_service_tests.py
@@ -194,8 +194,8 @@ def test_multiple_login_roles_updated(self):
         active_role_qs = UserRole.objects.filter(user=user_qs.first(), validity_to__isnull=True)
         deleted_role_qs = UserRole.objects.filter(user=user_qs.first(), validity_to__isnull=False)
 
-        self.assertEquals(active_role_qs.count(), 1)
-        self.assertEquals(deleted_role_qs.count(), 2)  # due to delete_history() it creates two instances
+        self.assertEquals(active_role_qs.count(), 2)
+        self.assertEquals(deleted_role_qs.count(), 4)  # due to delete_history() it creates four instances
         self.assertEquals(
             active_role_qs.first().role,
             role_inspector_qs.first()
@@ -213,5 +213,5 @@ def test_multiple_logins_no_role_update(self):
         user_qs = InteractiveUser.objects.filter(login_name=example_username, validity_to__isnull=True)
         user_role_qs = UserRole.objects.filter(user=user_qs.first(), validity_to__isnull=True)
 
-        self.assertEquals(user_role_qs.count(), 1)
+        self.assertEquals(user_role_qs.count(), 2)
         self.assertEquals(user_role_qs.first().role, role_employer_qs.first())