From cbf94d7b04597eeb3e5820a978829470097cca35 Mon Sep 17 00:00:00 2001
From: Jan <j.dolkowski@soldevelo.com>
Date: Fri, 3 Nov 2023 17:59:24 +0100
Subject: [PATCH 1/4] OM-70: add additional roles

---
 msystems/apps.py                              |  1 +
 .../0003_add_search_policyholders_perms.py    | 48 +++++++++++++++++++
 msystems/services.py                          | 22 +++++----
 msystems/tests/saml_user_service_tests.py     |  6 +--
 4 files changed, 66 insertions(+), 11 deletions(-)
 create mode 100644 msystems/migrations/0003_add_search_policyholders_perms.py

diff --git a/msystems/apps.py b/msystems/apps.py
index e4f9eb8..6ef55f5 100644
--- a/msystems/apps.py
+++ b/msystems/apps.py
@@ -99,6 +99,7 @@ class MsystemsConfig(AppConfig):
     INSPECTOR = 'Inspector'
     EMPLOYER = 'Employer'
     IMIS_ADMIN = 'IMIS Administrator'
+    ENROLMENT_OFFICER = 'Enrolment Officer'
     ##### ------------------ ####
 
     saml_config = None
diff --git a/msystems/migrations/0003_add_search_policyholders_perms.py b/msystems/migrations/0003_add_search_policyholders_perms.py
new file mode 100644
index 0000000..6a8f436
--- /dev/null
+++ b/msystems/migrations/0003_add_search_policyholders_perms.py
@@ -0,0 +1,48 @@
+# Generated by Django 3.2.21 on 2023-11-03 16:46
+
+from django.db import migrations
+
+from core.models import Role, RoleRight
+
+POLICY_HOLDER_SEARCH_PERM = [150101, 150201, 150301]
+ROLE_NAME_INSPECTOR = "Inspector"
+ROLE_NAME_EMPLOYER = "Employer"
+
+
+def add_rights(role_name):
+    role = Role.objects.get(name=role_name)
+    for right_id in POLICY_HOLDER_SEARCH_PERM:
+        if not RoleRight.objects.filter(validity_to__isnull=True, role=role, right_id=right_id).exists():
+            _add_right_for_role(role, right_id)
+
+
+def _add_right_for_role(role, right_id):
+    RoleRight.objects.create(role=role, right_id=right_id, audit_user_id=1)
+
+
+def remove_rights(role_id):
+    RoleRight.objects.filter(
+        role__is_system=role_id,
+        right_id__in=POLICY_HOLDER_SEARCH_PERM,
+        validity_to__isnull=True
+    ).delete()
+
+
+def on_migration(apps, schema_editor):
+    add_rights(ROLE_NAME_INSPECTOR)
+    add_rights(ROLE_NAME_EMPLOYER)
+
+
+def on_reverse_migration(apps, schema_editor):
+    remove_rights(ROLE_NAME_INSPECTOR)
+    remove_rights(ROLE_NAME_EMPLOYER)
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('msystems', '0002_add_roles'),
+    ]
+
+    operations = [
+    ]
diff --git a/msystems/services.py b/msystems/services.py
index 7487f3d..e1cda6b 100644
--- a/msystems/services.py
+++ b/msystems/services.py
@@ -142,10 +142,13 @@ def _add_new_user_policyholders(self, user: User, policyholders: List[PolicyHold
 
     def _add_new_user_roles(self, user: User, roles: List[str]):
         current_user_roles = UserRole.objects.filter(user=user.i_user, validity_to__isnull=True)
-        for role in roles:
-            parsed_role = self._parse_msystem_role_to_imis_role(role)
-            if not current_user_roles.filter(role=parsed_role).exists():
-                UserRole(user=user.i_user, role=parsed_role).save()
+
+        parsed_roles = [parsed_role for role in roles for parsed_role in self._parse_msystem_role_to_imis_role(role)]
+
+        new_roles = [parsed_role for parsed_role in parsed_roles if
+                     not current_user_roles.filter(role=parsed_role).exists()]
+
+        UserRole.objects.bulk_create([UserRole(user=user.i_user, role=role) for role in new_roles])
 
     def _update_roles(self, i_user, imis_role_ids):
         self._remove_previous_user_roles(i_user)
@@ -163,10 +166,13 @@ def _remove_previous_user_roles(self, i_user):
                 role.delete_history()
 
     def _parse_msystem_role_to_imis_role(self, msystem_role):
-        role_string = msystem_role
-        if msystem_role == MsystemsConfig.ADMIN:
-            role_string = MsystemsConfig.IMIS_ADMIN
-        return Role.objects.filter(name=role_string).first()
+        role_mapping = {
+            MsystemsConfig.ADMIN: [MsystemsConfig.IMIS_ADMIN, MsystemsConfig.ENROLMENT_OFFICER],
+            MsystemsConfig.EMPLOYER: [MsystemsConfig.EMPLOYER, MsystemsConfig.ENROLMENT_OFFICER],
+            MsystemsConfig.INSPECTOR: [MsystemsConfig.INSPECTOR, MsystemsConfig.ENROLMENT_OFFICER],
+        }
+
+        return [Role.objects.get(name=imis_role) for imis_role in role_mapping.get(msystem_role, [])]
 
     def _validate_incoming_roles(self, role):
         if role not in [MsystemsConfig.ADMIN, MsystemsConfig.EMPLOYER, MsystemsConfig.INSPECTOR]:
diff --git a/msystems/tests/saml_user_service_tests.py b/msystems/tests/saml_user_service_tests.py
index 46b88ed..39cbc15 100644
--- a/msystems/tests/saml_user_service_tests.py
+++ b/msystems/tests/saml_user_service_tests.py
@@ -194,8 +194,8 @@ def test_multiple_login_roles_updated(self):
         active_role_qs = UserRole.objects.filter(user=user_qs.first(), validity_to__isnull=True)
         deleted_role_qs = UserRole.objects.filter(user=user_qs.first(), validity_to__isnull=False)
 
-        self.assertEquals(active_role_qs.count(), 1)
-        self.assertEquals(deleted_role_qs.count(), 2)  # due to delete_history() it creates two instances
+        self.assertEquals(active_role_qs.count(), 2)
+        self.assertEquals(deleted_role_qs.count(), 4)  # due to delete_history() it creates four instances
         self.assertEquals(
             active_role_qs.first().role,
             role_inspector_qs.first()
@@ -213,5 +213,5 @@ def test_multiple_logins_no_role_update(self):
         user_qs = InteractiveUser.objects.filter(login_name=example_username, validity_to__isnull=True)
         user_role_qs = UserRole.objects.filter(user=user_qs.first(), validity_to__isnull=True)
 
-        self.assertEquals(user_role_qs.count(), 1)
+        self.assertEquals(user_role_qs.count(), 2)
         self.assertEquals(user_role_qs.first().role, role_employer_qs.first())

From 62fd6364f58c6dabd39497daa4a072a2f1121490 Mon Sep 17 00:00:00 2001
From: Jan <j.dolkowski@soldevelo.com>
Date: Mon, 6 Nov 2023 09:37:45 +0100
Subject: [PATCH 2/4] OM-70: get models using get_model

---
 .../0003_add_search_policyholders_perms.py    | 28 ++++++++++---------
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/msystems/migrations/0003_add_search_policyholders_perms.py b/msystems/migrations/0003_add_search_policyholders_perms.py
index 6a8f436..2010cdd 100644
--- a/msystems/migrations/0003_add_search_policyholders_perms.py
+++ b/msystems/migrations/0003_add_search_policyholders_perms.py
@@ -2,26 +2,25 @@
 
 from django.db import migrations
 
-from core.models import Role, RoleRight
 
 POLICY_HOLDER_SEARCH_PERM = [150101, 150201, 150301]
 ROLE_NAME_INSPECTOR = "Inspector"
 ROLE_NAME_EMPLOYER = "Employer"
 
 
-def add_rights(role_name):
-    role = Role.objects.get(name=role_name)
+def add_rights(role_name, role_model, role_right_model):
+    role = role_model.objects.get(name=role_name)
     for right_id in POLICY_HOLDER_SEARCH_PERM:
-        if not RoleRight.objects.filter(validity_to__isnull=True, role=role, right_id=right_id).exists():
-            _add_right_for_role(role, right_id)
+        if not role_right_model.objects.filter(validity_to__isnull=True, role=role, right_id=right_id).exists():
+            _add_right_for_role(role, right_id, role_right_model)
 
 
-def _add_right_for_role(role, right_id):
-    RoleRight.objects.create(role=role, right_id=right_id, audit_user_id=1)
+def _add_right_for_role(role, right_id, role_right_model):
+    role_right_model.objects.create(role=role, right_id=right_id, audit_user_id=1)
 
 
-def remove_rights(role_id):
-    RoleRight.objects.filter(
+def remove_rights(role_id, role_right_model):
+    role_right_model.objects.filter(
         role__is_system=role_id,
         right_id__in=POLICY_HOLDER_SEARCH_PERM,
         validity_to__isnull=True
@@ -29,13 +28,16 @@ def remove_rights(role_id):
 
 
 def on_migration(apps, schema_editor):
-    add_rights(ROLE_NAME_INSPECTOR)
-    add_rights(ROLE_NAME_EMPLOYER)
+    role_model = apps.get_model("core", "role")
+    role_right_model = apps.get_model("core", "roleright")
+    add_rights(ROLE_NAME_INSPECTOR, role_model, role_right_model)
+    add_rights(ROLE_NAME_EMPLOYER, role_model, role_right_model)
 
 
 def on_reverse_migration(apps, schema_editor):
-    remove_rights(ROLE_NAME_INSPECTOR)
-    remove_rights(ROLE_NAME_EMPLOYER)
+    role_right_model = apps.get_model("core", "roleright")
+    remove_rights(ROLE_NAME_INSPECTOR, role_right_model)
+    remove_rights(ROLE_NAME_EMPLOYER, role_right_model)
 
 
 class Migration(migrations.Migration):

From 22ed12d26bd99b73f87ebf73eb9804b7252f3615 Mon Sep 17 00:00:00 2001
From: Jan <j.dolkowski@soldevelo.com>
Date: Mon, 6 Nov 2023 10:31:33 +0100
Subject: [PATCH 3/4] OM-70: add migration that adds modal view right

---
 msystems/migrations/0004_add_modal_right.py | 46 +++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 msystems/migrations/0004_add_modal_right.py

diff --git a/msystems/migrations/0004_add_modal_right.py b/msystems/migrations/0004_add_modal_right.py
new file mode 100644
index 0000000..a918555
--- /dev/null
+++ b/msystems/migrations/0004_add_modal_right.py
@@ -0,0 +1,46 @@
+# Generated by Django 3.2.21 on 2023-11-06 09:29
+
+from django.db import migrations
+
+POLICY_HOLDER_SEARCH_PERM = [203000]
+ROLE_NAME_EMPLOYER = "Employer"
+
+
+def add_rights(role_name, role_model, role_right_model):
+    role = role_model.objects.get(name=role_name)
+    for right_id in POLICY_HOLDER_SEARCH_PERM:
+        if not role_right_model.objects.filter(validity_to__isnull=True, role=role, right_id=right_id).exists():
+            _add_right_for_role(role, right_id, role_right_model)
+
+
+def _add_right_for_role(role, right_id, role_right_model):
+    role_right_model.objects.create(role=role, right_id=right_id, audit_user_id=1)
+
+
+def remove_rights(role_id, role_right_model):
+    role_right_model.objects.filter(
+        role__is_system=role_id,
+        right_id__in=POLICY_HOLDER_SEARCH_PERM,
+        validity_to__isnull=True
+    ).delete()
+
+
+def on_migration(apps, schema_editor):
+    role_model = apps.get_model("core", "role")
+    role_right_model = apps.get_model("core", "roleright")
+    add_rights(ROLE_NAME_EMPLOYER, role_model, role_right_model)
+
+
+def on_reverse_migration(apps, schema_editor):
+    role_right_model = apps.get_model("core", "roleright")
+    remove_rights(ROLE_NAME_EMPLOYER, role_right_model)
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('msystems', '0003_add_search_policyholders_perms'),
+    ]
+
+    operations = [
+    ]

From dd8b34ed187183b4553794ef2c08aff719d53f59 Mon Sep 17 00:00:00 2001
From: Jan <j.dolkowski@soldevelo.com>
Date: Mon, 6 Nov 2023 14:24:44 +0100
Subject: [PATCH 4/4] OM-70: add operation in migrations

---
 msystems/migrations/0003_add_search_policyholders_perms.py | 1 +
 msystems/migrations/0004_add_modal_right.py                | 1 +
 2 files changed, 2 insertions(+)

diff --git a/msystems/migrations/0003_add_search_policyholders_perms.py b/msystems/migrations/0003_add_search_policyholders_perms.py
index 2010cdd..b5774c0 100644
--- a/msystems/migrations/0003_add_search_policyholders_perms.py
+++ b/msystems/migrations/0003_add_search_policyholders_perms.py
@@ -47,4 +47,5 @@ class Migration(migrations.Migration):
     ]
 
     operations = [
+        migrations.RunPython(on_migration, on_reverse_migration),
     ]
diff --git a/msystems/migrations/0004_add_modal_right.py b/msystems/migrations/0004_add_modal_right.py
index a918555..3b1aaef 100644
--- a/msystems/migrations/0004_add_modal_right.py
+++ b/msystems/migrations/0004_add_modal_right.py
@@ -43,4 +43,5 @@ class Migration(migrations.Migration):
     ]
 
     operations = [
+        migrations.RunPython(on_migration, on_reverse_migration),
     ]