From b9a5f761e91ff5e2e6dca8a09e2c45b8fd41a4ce Mon Sep 17 00:00:00 2001 From: Jan Date: Fri, 27 Oct 2023 16:50:44 +0200 Subject: [PATCH 01/10] OM-47: assign msystem roles in imis system --- msystems/apps.py | 10 +++++ msystems/migrations/0002_add_roles.py | 47 +++++++++++++++++++++ msystems/services.py | 50 +++++++++++++++++++---- msystems/tests/data.py | 6 ++- msystems/tests/saml_user_service_tests.py | 33 +++++++++++---- 5 files changed, 127 insertions(+), 19 deletions(-) create mode 100644 msystems/migrations/0002_add_roles.py diff --git a/msystems/apps.py b/msystems/apps.py index 3ce8a7a..905e160 100644 --- a/msystems/apps.py +++ b/msystems/apps.py @@ -94,6 +94,16 @@ class MsystemsConfig(AppConfig): default_auto_field = 'django.db.models.BigAutoField' name = 'msystems' + ##### DO NOT CHANGE THAT #### + ADMIN = 'Admin' + INSPECTOR = 'Inspector' + EMPLOYER = 'Employer' + + ADMIN_ID = 64 + INSPECTOR_ID = 4194304 + EMPLOYER_ID = 8388608 + ##### ------------------ #### + saml_config = None base_login_redirect = None diff --git a/msystems/migrations/0002_add_roles.py b/msystems/migrations/0002_add_roles.py new file mode 100644 index 0000000..e31a0c4 --- /dev/null +++ b/msystems/migrations/0002_add_roles.py @@ -0,0 +1,47 @@ +# Generated by Django 3.2.19 on 2023-06-22 14:36 + +from django.db import migrations + +from core.models import Role + +INSPECTOR_ID = 4194304 +EMPLOYER_ID = 8388608 +ROLE_NAME_INSPECTOR = "Inspector" +ROLE_NAME_EMPLOYER = "Employer" + + +def _get_role(role_id): + return Role.objects.filter(is_system=role_id).first() + + +def _create_role(role_id, role_name): + role = _get_role(INSPECTOR_ID) + if not role: + role = Role(is_system=role_id, name=role_name, is_blocked=False) + role.save() + + +def _delete_role(role_id): + role = _get_role(role_id) + if role: + role.delete() + + +def on_migration(apps, schema_editor): + _create_role(INSPECTOR_ID, ROLE_NAME_INSPECTOR) + _create_role(EMPLOYER_ID, ROLE_NAME_EMPLOYER) + + +def on_migration_reverse(apps, schema_editor): + _delete_role(INSPECTOR_ID) + _delete_role(EMPLOYER_ID) + + +class Migration(migrations.Migration): + dependencies = [ + ('msystems', '0001_initial'), + ] + + operations = [ + migrations.RunPython(on_migration, on_migration_reverse) + ] diff --git a/msystems/services.py b/msystems/services.py index 957313c..4e048d3 100644 --- a/msystems/services.py +++ b/msystems/services.py @@ -7,9 +7,10 @@ from django.db.models import Q from secrets import token_hex -from core.models import User, InteractiveUser +from core.models import User, InteractiveUser, Role, UserRole from core.services.userServices import create_or_update_user_districts from location.models import Location +from msystems.apps import MsystemsConfig from policyholder.models import PolicyHolder, PolicyHolderUser logger = logging.getLogger(__name__) @@ -60,6 +61,12 @@ def _create_user(self, username: str, user_data: dict) -> User: create_or_update_user_districts(i_user, [self.location.parent.parent.id], 0) + msystem_roles = user_data.get('Role') + if msystem_roles: + imis_role_ids = [self._parse_msystem_role_to_imis_role_id(msystem_role_id) for msystem_role_id in + msystem_roles] + self._connect_role_with_user(i_user, imis_role_ids) + core_user = User(username=username) core_user.i_user = i_user core_user.save() @@ -68,14 +75,16 @@ def _create_user(self, username: str, user_data: dict) -> User: def _update_user(self, user: User, user_data: dict) -> None: data_first_name = user_data.get('FirstName')[0] data_last_name = user_data.get('LastName')[0] + msystem_roles = user_data.get('Role') + incoming_imis_role_ids = [self._parse_msystem_role_to_imis_role_id(msystem_role_id) for msystem_role_id in + msystem_roles] + current_user_roles = Role.objects.filter(userrole__user=user.i_user).values_list('is_system', flat=True) - # For now only first and last name can be updated with saml - if user.i_user.other_names != data_first_name \ - or user.i_user.last_name != data_last_name: - user.i_user.save_history() - user.i_user.other_names = data_first_name - user.i_user.last_name = data_last_name - user.i_user.save() + # Update first and last name if they are different + if user.i_user.other_names != data_first_name or user.i_user.last_name != data_last_name: + self._update_user_name(user.i_user, data_first_name, data_last_name) + if current_user_roles != incoming_imis_role_ids: + self._update_user_roles(user.i_user, incoming_imis_role_ids) def _update_user_legal_entities(self, user: User, user_data: dict) -> None: legal_entities = self._parse_legal_entities(user_data.get('OrganizationAdministrator')) @@ -84,6 +93,12 @@ def _update_user_legal_entities(self, user: User, user_data: dict) -> None: self._delete_old_user_policyholders(user, policyholders) self._add_new_user_policyholders(user, policyholders) + def _update_user_name(self, i_user, first_name, last_name): + i_user.save_history() + i_user.other_names = first_name + i_user.last_name = last_name + i_user.save() + def _parse_legal_entities(self, legal_entities) -> map: # The format of EU is "Name Tax_Number", splitting by the last space return map(lambda s: s.rsplit(' ', 1), legal_entities) @@ -121,3 +136,22 @@ def _add_new_user_policyholders(self, user: User, policyholders: List[PolicyHold for ph in policyholders: if ph not in current_policyholders: PolicyHolderUser(user=user, policy_holder=ph).save(username=user.username) + + def _update_user_roles(self, i_user, imis_role_ids): + self._remove_previous_user_roles(i_user) + self._connect_role_with_user(i_user, imis_role_ids) + + def _connect_role_with_user(self, i_user, imis_role_ids): + user_role = UserRole.objects.create(user=i_user, role__in=imis_role_ids) + user_role.save() + + def _remove_previous_user_roles(self, i_user): + UserRole.objects.filter(user=i_user).delete() + + def _parse_msystem_role_to_imis_role_id(self, msystem_role): + role_mapping = { + MsystemsConfig.ADMIN: MsystemsConfig.ADMIN_ID, + MsystemsConfig.EMPLOYER: MsystemsConfig.EMPLOYER_ID, + MsystemsConfig.INSPECTOR: MsystemsConfig.INSPECTOR_ID, + } + return role_mapping.get(msystem_role, None) diff --git a/msystems/tests/data.py b/msystems/tests/data.py index 91937c5..6810590 100644 --- a/msystems/tests/data.py +++ b/msystems/tests/data.py @@ -5,7 +5,8 @@ 'BirthDate': ['1970-01-01'], 'OrganizationAdministrator': [ 'Test Organisation 1 2345234523452', - ] + ], + 'Role': ['Employer'] } example_user_data_multiple_ph = { @@ -15,5 +16,6 @@ 'OrganizationAdministrator': [ 'Test Organisation 1 2345234523452', 'Test Organisation 2 1234123412341' - ] + ], + 'Role': ['Employer'] } \ No newline at end of file diff --git a/msystems/tests/saml_user_service_tests.py b/msystems/tests/saml_user_service_tests.py index c37d5fd..3f18573 100644 --- a/msystems/tests/saml_user_service_tests.py +++ b/msystems/tests/saml_user_service_tests.py @@ -1,10 +1,11 @@ from django.test import TestCase from copy import deepcopy from location.models import Location +from msystems.apps import MsystemsConfig from msystems.services import SamlUserService from msystems.tests.data import example_username, example_user_data, example_user_data_multiple_ph -from core.models import User, InteractiveUser +from core.models import User, InteractiveUser, UserRole, Role from policyholder.models import PolicyHolder @@ -25,10 +26,14 @@ def test_login(self): self.service.login(username=example_username, user_data=example_user_data) + user_instance = InteractiveUser.objects.filter( + login_name=example_username, validity_to__isnull=True) + self.assertTrue(User.objects.filter( username=example_username).exists()) - self.assertTrue(InteractiveUser.objects.filter( - login_name=example_username, validity_to__isnull=True).exists()) + self.assertTrue(user_instance.exists()) + self.assertEquals(UserRole.objects + .filter(user=user_instance).role, Role.objects.filter(is_system=MsystemsConfig.INSPECTOR_ID)) def test_multiple_logina_data_updated(self): self.service.login(username=example_username, user_data=example_user_data) @@ -40,15 +45,22 @@ def test_multiple_logina_data_updated(self): example_user_data_updated = deepcopy(example_user_data) example_user_data_updated['LastName'][0] = "Test_Last_Name_Updated" + example_user_data_updated['Role'] = ["Inspector"] self.service.login(username=example_username, user_data=example_user_data_updated) + active_user = InteractiveUser.objects.filter(login_name=example_username, + last_name=example_user_data_updated['LastName'][0], + validity_to__isnull=True) + active_role_qs = UserRole.objects.filter(user=active_user, validity_to__isnull=True) + deleted_role_qs = UserRole.objects.filter(user=active_user, validity_to__isnull=False) self.assertTrue( InteractiveUser.objects.filter(login_name=example_username, last_name=example_user_data['LastName'][0], validity_to__isnull=False).exists()) - self.assertTrue(InteractiveUser.objects.filter(login_name=example_username, - last_name=example_user_data_updated['LastName'][0], - validity_to__isnull=True).exists()) + self.assertTrue(active_user.exists()) + self.assertEquals(active_role_qs.count(), 1) + self.assertEquals(deleted_role_qs.count(), 1) + self.assertEquals(active_role_qs.role, Role.objects.filter(is_system=MsystemsConfig.INSPECTOR_ID)) def test_multiple_logins_no_data_update(self): self.service.login(username=example_username, user_data=example_user_data) @@ -59,12 +71,15 @@ def test_multiple_logins_no_data_update(self): self.service.login(username=example_username, user_data=example_user_data) + active_user = InteractiveUser.objects.filter(login_name=example_username, validity_to__isnull=True) + user_role_qs = UserRole.objects.filter(user=active_user, validity_to__isnull=True) + self.assertFalse(InteractiveUser.objects .filter(login_name=example_username, validity_to__isnull=False) .exists()) - self.assertTrue(InteractiveUser.objects - .filter(login_name=example_username, validity_to__isnull=True) - .exists()) + self.assertTrue(active_user.exists()) + self.assertEquals(user_role_qs.count(), 1) + self.assertEquals(user_role_qs.role, Role.objects.filter(is_system=MsystemsConfig.INSPECTOR_ID)) def test_user_district(self): self.service.login(username=example_username, user_data=example_user_data) From ae131e3e42566056898466e0a95abb738d206914 Mon Sep 17 00:00:00 2001 From: Jan Date: Mon, 30 Oct 2023 14:33:27 +0100 Subject: [PATCH 02/10] OM-47: fix user role creation --- msystems/services.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/msystems/services.py b/msystems/services.py index 4e048d3..2e8f4ac 100644 --- a/msystems/services.py +++ b/msystems/services.py @@ -142,8 +142,9 @@ def _update_user_roles(self, i_user, imis_role_ids): self._connect_role_with_user(i_user, imis_role_ids) def _connect_role_with_user(self, i_user, imis_role_ids): - user_role = UserRole.objects.create(user=i_user, role__in=imis_role_ids) - user_role.save() + for imis_role_id in imis_role_ids: + role = Role.objects.filter(is_system=imis_role_id) + UserRole.objects.create(user=i_user, role=role) def _remove_previous_user_roles(self, i_user): UserRole.objects.filter(user=i_user).delete() From 238b2b56f34349714b1826259f912981584624d1 Mon Sep 17 00:00:00 2001 From: Jan Date: Mon, 30 Oct 2023 14:53:29 +0100 Subject: [PATCH 03/10] OM-47: delete roles if exist --- msystems/migrations/0002_add_roles.py | 2 +- msystems/services.py | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/msystems/migrations/0002_add_roles.py b/msystems/migrations/0002_add_roles.py index e31a0c4..8b85ced 100644 --- a/msystems/migrations/0002_add_roles.py +++ b/msystems/migrations/0002_add_roles.py @@ -23,7 +23,7 @@ def _create_role(role_id, role_name): def _delete_role(role_id): role = _get_role(role_id) - if role: + if role.exists(): role.delete() diff --git a/msystems/services.py b/msystems/services.py index 2e8f4ac..da249b4 100644 --- a/msystems/services.py +++ b/msystems/services.py @@ -147,7 +147,9 @@ def _connect_role_with_user(self, i_user, imis_role_ids): UserRole.objects.create(user=i_user, role=role) def _remove_previous_user_roles(self, i_user): - UserRole.objects.filter(user=i_user).delete() + roles = UserRole.objects.filter(user=i_user) + if roles.exists(): + roles.delete() def _parse_msystem_role_to_imis_role_id(self, msystem_role): role_mapping = { From 5c62ec866478d7b5c0587f40b4ccf4ea0ab1b679 Mon Sep 17 00:00:00 2001 From: Jan Date: Mon, 30 Oct 2023 15:04:50 +0100 Subject: [PATCH 04/10] OM-47: remove exists from migration --- msystems/migrations/0002_add_roles.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/msystems/migrations/0002_add_roles.py b/msystems/migrations/0002_add_roles.py index 8b85ced..e31a0c4 100644 --- a/msystems/migrations/0002_add_roles.py +++ b/msystems/migrations/0002_add_roles.py @@ -23,7 +23,7 @@ def _create_role(role_id, role_name): def _delete_role(role_id): role = _get_role(role_id) - if role.exists(): + if role: role.delete() From 3c111af6c4912e35aea78a5a9ab3b634cc35170e Mon Sep 17 00:00:00 2001 From: Jan Date: Mon, 30 Oct 2023 15:13:53 +0100 Subject: [PATCH 05/10] OM-47: fix migration --- msystems/migrations/0002_add_roles.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/msystems/migrations/0002_add_roles.py b/msystems/migrations/0002_add_roles.py index e31a0c4..7730a77 100644 --- a/msystems/migrations/0002_add_roles.py +++ b/msystems/migrations/0002_add_roles.py @@ -15,7 +15,7 @@ def _get_role(role_id): def _create_role(role_id, role_name): - role = _get_role(INSPECTOR_ID) + role = _get_role(role_id) if not role: role = Role(is_system=role_id, name=role_name, is_blocked=False) role.save() From d8376f4f9ea3cd895821d605cb41fe292739e51f Mon Sep 17 00:00:00 2001 From: Jan Date: Mon, 30 Oct 2023 16:22:31 +0100 Subject: [PATCH 06/10] OM-47: adjust updating roles --- msystems/services.py | 30 +++++++++++------------ msystems/tests/saml_user_service_tests.py | 23 +++++++++-------- 2 files changed, 28 insertions(+), 25 deletions(-) diff --git a/msystems/services.py b/msystems/services.py index da249b4..f9a189f 100644 --- a/msystems/services.py +++ b/msystems/services.py @@ -29,6 +29,7 @@ def login(self, username: str, user_data: dict): with transaction.atomic(): try: user = self._get_or_create_user(username, user_data) + self._update_user_roles(user, user_data) self._update_user_legal_entities(user, user_data) return user except BaseException as e: @@ -61,12 +62,6 @@ def _create_user(self, username: str, user_data: dict) -> User: create_or_update_user_districts(i_user, [self.location.parent.parent.id], 0) - msystem_roles = user_data.get('Role') - if msystem_roles: - imis_role_ids = [self._parse_msystem_role_to_imis_role_id(msystem_role_id) for msystem_role_id in - msystem_roles] - self._connect_role_with_user(i_user, imis_role_ids) - core_user = User(username=username) core_user.i_user = i_user core_user.save() @@ -75,16 +70,10 @@ def _create_user(self, username: str, user_data: dict) -> User: def _update_user(self, user: User, user_data: dict) -> None: data_first_name = user_data.get('FirstName')[0] data_last_name = user_data.get('LastName')[0] - msystem_roles = user_data.get('Role') - incoming_imis_role_ids = [self._parse_msystem_role_to_imis_role_id(msystem_role_id) for msystem_role_id in - msystem_roles] - current_user_roles = Role.objects.filter(userrole__user=user.i_user).values_list('is_system', flat=True) # Update first and last name if they are different if user.i_user.other_names != data_first_name or user.i_user.last_name != data_last_name: self._update_user_name(user.i_user, data_first_name, data_last_name) - if current_user_roles != incoming_imis_role_ids: - self._update_user_roles(user.i_user, incoming_imis_role_ids) def _update_user_legal_entities(self, user: User, user_data: dict) -> None: legal_entities = self._parse_legal_entities(user_data.get('OrganizationAdministrator')) @@ -93,6 +82,16 @@ def _update_user_legal_entities(self, user: User, user_data: dict) -> None: self._delete_old_user_policyholders(user, policyholders) self._add_new_user_policyholders(user, policyholders) + def _update_user_roles(self, user, user_data): + msystem_roles = user_data.get('Role') + current_user_roles = Role.objects.filter(user_roles__user=user.i_user).values_list('is_system', flat=True) + current_user_roles_list = list(current_user_roles) + incoming_imis_role_ids = [self._parse_msystem_role_to_imis_role_id(msystem_role_id) for msystem_role_id in + msystem_roles] + + if current_user_roles_list != incoming_imis_role_ids: + self._update_roles(user.i_user, incoming_imis_role_ids) + def _update_user_name(self, i_user, first_name, last_name): i_user.save_history() i_user.other_names = first_name @@ -137,19 +136,20 @@ def _add_new_user_policyholders(self, user: User, policyholders: List[PolicyHold if ph not in current_policyholders: PolicyHolderUser(user=user, policy_holder=ph).save(username=user.username) - def _update_user_roles(self, i_user, imis_role_ids): + def _update_roles(self, i_user, imis_role_ids): self._remove_previous_user_roles(i_user) self._connect_role_with_user(i_user, imis_role_ids) def _connect_role_with_user(self, i_user, imis_role_ids): for imis_role_id in imis_role_ids: - role = Role.objects.filter(is_system=imis_role_id) + role = Role.objects.filter(is_system=imis_role_id).first() UserRole.objects.create(user=i_user, role=role) def _remove_previous_user_roles(self, i_user): roles = UserRole.objects.filter(user=i_user) if roles.exists(): - roles.delete() + for role in roles: + role.delete_history() def _parse_msystem_role_to_imis_role_id(self, msystem_role): role_mapping = { diff --git a/msystems/tests/saml_user_service_tests.py b/msystems/tests/saml_user_service_tests.py index 3f18573..484edfd 100644 --- a/msystems/tests/saml_user_service_tests.py +++ b/msystems/tests/saml_user_service_tests.py @@ -26,14 +26,14 @@ def test_login(self): self.service.login(username=example_username, user_data=example_user_data) - user_instance = InteractiveUser.objects.filter( + user_qs = InteractiveUser.objects.filter( login_name=example_username, validity_to__isnull=True) self.assertTrue(User.objects.filter( username=example_username).exists()) - self.assertTrue(user_instance.exists()) - self.assertEquals(UserRole.objects - .filter(user=user_instance).role, Role.objects.filter(is_system=MsystemsConfig.INSPECTOR_ID)) + self.assertTrue(user_qs.exists()) + self.assertEquals(UserRole.objects.filter(user=user_qs.first()).first().role, + Role.objects.filter(is_system=MsystemsConfig.EMPLOYER_ID).first()) def test_multiple_logina_data_updated(self): self.service.login(username=example_username, user_data=example_user_data) @@ -51,16 +51,19 @@ def test_multiple_logina_data_updated(self): active_user = InteractiveUser.objects.filter(login_name=example_username, last_name=example_user_data_updated['LastName'][0], validity_to__isnull=True) - active_role_qs = UserRole.objects.filter(user=active_user, validity_to__isnull=True) - deleted_role_qs = UserRole.objects.filter(user=active_user, validity_to__isnull=False) + active_role_qs = UserRole.objects.filter(user=active_user.first(), validity_to__isnull=True) + deleted_role_qs = UserRole.objects.filter(user=active_user.first(), validity_to__isnull=False) self.assertTrue( InteractiveUser.objects.filter(login_name=example_username, last_name=example_user_data['LastName'][0], validity_to__isnull=False).exists()) self.assertTrue(active_user.exists()) self.assertEquals(active_role_qs.count(), 1) - self.assertEquals(deleted_role_qs.count(), 1) - self.assertEquals(active_role_qs.role, Role.objects.filter(is_system=MsystemsConfig.INSPECTOR_ID)) + self.assertEquals(deleted_role_qs.count(), 2) # due to delete_history() it creates two instances + self.assertEquals( + active_role_qs.first().role, + Role.objects.filter(is_system=MsystemsConfig.INSPECTOR_ID).first() + ) def test_multiple_logins_no_data_update(self): self.service.login(username=example_username, user_data=example_user_data) @@ -72,14 +75,14 @@ def test_multiple_logins_no_data_update(self): self.service.login(username=example_username, user_data=example_user_data) active_user = InteractiveUser.objects.filter(login_name=example_username, validity_to__isnull=True) - user_role_qs = UserRole.objects.filter(user=active_user, validity_to__isnull=True) + user_role_qs = UserRole.objects.filter(user=active_user.first(), validity_to__isnull=True) self.assertFalse(InteractiveUser.objects .filter(login_name=example_username, validity_to__isnull=False) .exists()) self.assertTrue(active_user.exists()) self.assertEquals(user_role_qs.count(), 1) - self.assertEquals(user_role_qs.role, Role.objects.filter(is_system=MsystemsConfig.INSPECTOR_ID)) + self.assertEquals(user_role_qs.first().role, Role.objects.filter(is_system=MsystemsConfig.EMPLOYER_ID).first()) def test_user_district(self): self.service.login(username=example_username, user_data=example_user_data) From c6e7c27878d1965ff239f4552e47ad8941f9ef17 Mon Sep 17 00:00:00 2001 From: Jan Date: Tue, 31 Oct 2023 12:44:57 +0100 Subject: [PATCH 07/10] OM-47: address review comments --- msystems/apps.py | 6 +- msystems/migrations/0002_add_roles.py | 24 +++--- msystems/services.py | 36 +++++---- msystems/tests/saml_user_service_tests.py | 98 +++++++++++++++++------ 4 files changed, 104 insertions(+), 60 deletions(-) diff --git a/msystems/apps.py b/msystems/apps.py index 905e160..f7cf183 100644 --- a/msystems/apps.py +++ b/msystems/apps.py @@ -94,14 +94,10 @@ class MsystemsConfig(AppConfig): default_auto_field = 'django.db.models.BigAutoField' name = 'msystems' - ##### DO NOT CHANGE THAT #### + ##### DO NOT CHANGE THIS #### ADMIN = 'Admin' INSPECTOR = 'Inspector' EMPLOYER = 'Employer' - - ADMIN_ID = 64 - INSPECTOR_ID = 4194304 - EMPLOYER_ID = 8388608 ##### ------------------ #### saml_config = None diff --git a/msystems/migrations/0002_add_roles.py b/msystems/migrations/0002_add_roles.py index 7730a77..cf8a571 100644 --- a/msystems/migrations/0002_add_roles.py +++ b/msystems/migrations/0002_add_roles.py @@ -4,37 +4,35 @@ from core.models import Role -INSPECTOR_ID = 4194304 -EMPLOYER_ID = 8388608 ROLE_NAME_INSPECTOR = "Inspector" ROLE_NAME_EMPLOYER = "Employer" -def _get_role(role_id): - return Role.objects.filter(is_system=role_id).first() +def _get_role(role_name): + return Role.objects.filter(name=role_name).first() -def _create_role(role_id, role_name): - role = _get_role(role_id) +def _create_role(role_name): + role = _get_role(role_name) if not role: - role = Role(is_system=role_id, name=role_name, is_blocked=False) + role = Role(name=role_name, is_blocked=False, is_system=0) role.save() -def _delete_role(role_id): - role = _get_role(role_id) +def _delete_role(role_name): + role = _get_role(role_name) if role: role.delete() def on_migration(apps, schema_editor): - _create_role(INSPECTOR_ID, ROLE_NAME_INSPECTOR) - _create_role(EMPLOYER_ID, ROLE_NAME_EMPLOYER) + _create_role(ROLE_NAME_INSPECTOR) + _create_role(ROLE_NAME_EMPLOYER) def on_migration_reverse(apps, schema_editor): - _delete_role(INSPECTOR_ID) - _delete_role(EMPLOYER_ID) + _delete_role(ROLE_NAME_INSPECTOR) + _delete_role(ROLE_NAME_EMPLOYER) class Migration(migrations.Migration): diff --git a/msystems/services.py b/msystems/services.py index 3bace86..75fb38b 100644 --- a/msystems/services.py +++ b/msystems/services.py @@ -82,14 +82,10 @@ def _update_user_legal_entities(self, user: User, user_data: dict) -> None: self._add_new_user_policyholders(user, policyholders) def _update_user_roles(self, user, user_data): - msystem_roles = user_data.get('Role') - current_user_roles = Role.objects.filter(user_roles__user=user.i_user).values_list('is_system', flat=True) - current_user_roles_list = list(current_user_roles) - incoming_imis_role_ids = [self._parse_msystem_role_to_imis_role_id(msystem_role_id) for msystem_role_id in - msystem_roles] + msystem_roles_list = user_data.get('Role') - if current_user_roles_list != incoming_imis_role_ids: - self._update_roles(user.i_user, incoming_imis_role_ids) + self._delete_old_user_roles(user, msystem_roles_list) + self._add_new_user_roles(user, msystem_roles_list) def _update_user_name(self, i_user, first_name, last_name): i_user.save_history() @@ -128,6 +124,10 @@ def _delete_old_user_policyholders(self, user: User, policyholders: List[PolicyH for phu in PolicyHolderUser.objects.filter(~Q(policy_holder__in=policyholders), user=user, is_deleted=False): phu.delete(username=user.username) + def _delete_old_user_roles(self, user: User, roles: List[str]): + for user_role in UserRole.objects.filter(~Q(role__name__in=roles), user=user.i_user, validity_to__isnull=True): + user_role.delete_history() + def _add_new_user_policyholders(self, user: User, policyholders: List[PolicyHolder]): current_policyholders = (PolicyHolder.objects.filter(policyholderuser__user=user, policyholderuser__is_deleted=False, is_deleted=False)) @@ -135,13 +135,20 @@ def _add_new_user_policyholders(self, user: User, policyholders: List[PolicyHold if ph not in current_policyholders: PolicyHolderUser(user=user, policy_holder=ph).save(username=user.username) + def _add_new_user_roles(self, user: User, roles: List[str]): + current_user_roles = UserRole.objects.filter(user=user.i_user, validity_to__isnull=True) + for role in roles: + parsed_role = self._parse_msystem_role_to_imis_role(role) + if not current_user_roles.filter(role=parsed_role).exists(): + UserRole(user=user.i_user, role=parsed_role).save() + def _update_roles(self, i_user, imis_role_ids): self._remove_previous_user_roles(i_user) self._connect_role_with_user(i_user, imis_role_ids) - def _connect_role_with_user(self, i_user, imis_role_ids): - for imis_role_id in imis_role_ids: - role = Role.objects.filter(is_system=imis_role_id).first() + def _connect_role_with_user(self, i_user, role_names): + for role_name in role_names: + role = Role.objects.filter(name=role_name).first() UserRole.objects.create(user=i_user, role=role) def _remove_previous_user_roles(self, i_user): @@ -150,10 +157,5 @@ def _remove_previous_user_roles(self, i_user): for role in roles: role.delete_history() - def _parse_msystem_role_to_imis_role_id(self, msystem_role): - role_mapping = { - MsystemsConfig.ADMIN: MsystemsConfig.ADMIN_ID, - MsystemsConfig.EMPLOYER: MsystemsConfig.EMPLOYER_ID, - MsystemsConfig.INSPECTOR: MsystemsConfig.INSPECTOR_ID, - } - return role_mapping.get(msystem_role, None) + def _parse_msystem_role_to_imis_role(self, msystem_role): + return Role.objects.filter(name=msystem_role).first() diff --git a/msystems/tests/saml_user_service_tests.py b/msystems/tests/saml_user_service_tests.py index 484edfd..46b88ed 100644 --- a/msystems/tests/saml_user_service_tests.py +++ b/msystems/tests/saml_user_service_tests.py @@ -26,14 +26,10 @@ def test_login(self): self.service.login(username=example_username, user_data=example_user_data) - user_qs = InteractiveUser.objects.filter( - login_name=example_username, validity_to__isnull=True) - self.assertTrue(User.objects.filter( username=example_username).exists()) - self.assertTrue(user_qs.exists()) - self.assertEquals(UserRole.objects.filter(user=user_qs.first()).first().role, - Role.objects.filter(is_system=MsystemsConfig.EMPLOYER_ID).first()) + self.assertTrue(InteractiveUser.objects.filter( + login_name=example_username, validity_to__isnull=True).exists()) def test_multiple_logina_data_updated(self): self.service.login(username=example_username, user_data=example_user_data) @@ -45,25 +41,15 @@ def test_multiple_logina_data_updated(self): example_user_data_updated = deepcopy(example_user_data) example_user_data_updated['LastName'][0] = "Test_Last_Name_Updated" - example_user_data_updated['Role'] = ["Inspector"] self.service.login(username=example_username, user_data=example_user_data_updated) - active_user = InteractiveUser.objects.filter(login_name=example_username, - last_name=example_user_data_updated['LastName'][0], - validity_to__isnull=True) - active_role_qs = UserRole.objects.filter(user=active_user.first(), validity_to__isnull=True) - deleted_role_qs = UserRole.objects.filter(user=active_user.first(), validity_to__isnull=False) self.assertTrue( InteractiveUser.objects.filter(login_name=example_username, last_name=example_user_data['LastName'][0], validity_to__isnull=False).exists()) - self.assertTrue(active_user.exists()) - self.assertEquals(active_role_qs.count(), 1) - self.assertEquals(deleted_role_qs.count(), 2) # due to delete_history() it creates two instances - self.assertEquals( - active_role_qs.first().role, - Role.objects.filter(is_system=MsystemsConfig.INSPECTOR_ID).first() - ) + self.assertTrue(InteractiveUser.objects.filter(login_name=example_username, + last_name=example_user_data_updated['LastName'][0], + validity_to__isnull=True).exists()) def test_multiple_logins_no_data_update(self): self.service.login(username=example_username, user_data=example_user_data) @@ -74,15 +60,12 @@ def test_multiple_logins_no_data_update(self): self.service.login(username=example_username, user_data=example_user_data) - active_user = InteractiveUser.objects.filter(login_name=example_username, validity_to__isnull=True) - user_role_qs = UserRole.objects.filter(user=active_user.first(), validity_to__isnull=True) - self.assertFalse(InteractiveUser.objects .filter(login_name=example_username, validity_to__isnull=False) .exists()) - self.assertTrue(active_user.exists()) - self.assertEquals(user_role_qs.count(), 1) - self.assertEquals(user_role_qs.first().role, Role.objects.filter(is_system=MsystemsConfig.EMPLOYER_ID).first()) + self.assertTrue(InteractiveUser.objects + .filter(login_name=example_username, validity_to__isnull=True) + .exists()) def test_user_district(self): self.service.login(username=example_username, user_data=example_user_data) @@ -167,3 +150,68 @@ def test_add_policyholder(self): self.assertEqual(2, PolicyHolder.objects.filter(is_deleted=False, policyholderuser__user=user, policyholderuser__is_deleted=False).count()) + + + def test_login_user_roles(self): + role_employer_qs = Role.objects.filter(name=MsystemsConfig.EMPLOYER) + + self.assertFalse(UserRole.objects.filter(role=role_employer_qs.first()).exists()) + + self.service.login(username=example_username, + user_data=example_user_data) + + user_qs = InteractiveUser.objects.filter( + login_name=example_username, validity_to__isnull=True) + + self.assertTrue(user_qs.exists()) + self.assertEquals( + UserRole.objects.filter(user=user_qs.first()).first().role, role_employer_qs.first() + ) + + + def test_multiple_login_roles_updated(self): + role_employer_qs = Role.objects.filter(name=MsystemsConfig.EMPLOYER) + role_inspector_qs = Role.objects.filter(name=MsystemsConfig.INSPECTOR) + + self.assertFalse(UserRole.objects.filter(role=role_employer_qs.first()).exists()) + self.assertFalse(UserRole.objects.filter(role=role_inspector_qs.first()).exists()) + + self.service.login(username=example_username, user_data=example_user_data) + + user_qs = InteractiveUser.objects.filter( + login_name=example_username, validity_to__isnull=True + ) + + self.assertEquals( + UserRole.objects.filter(user=user_qs.first()).first().role, role_employer_qs.first() + ) + + example_user_data_updated = deepcopy(example_user_data) + example_user_data_updated['Role'] = ["Inspector"] + + self.service.login(username=example_username, user_data=example_user_data_updated) + user_qs = InteractiveUser.objects.filter(login_name=example_username, validity_to__isnull=True) + active_role_qs = UserRole.objects.filter(user=user_qs.first(), validity_to__isnull=True) + deleted_role_qs = UserRole.objects.filter(user=user_qs.first(), validity_to__isnull=False) + + self.assertEquals(active_role_qs.count(), 1) + self.assertEquals(deleted_role_qs.count(), 2) # due to delete_history() it creates two instances + self.assertEquals( + active_role_qs.first().role, + role_inspector_qs.first() + ) + + def test_multiple_logins_no_role_update(self): + role_employer_qs = Role.objects.filter(name=MsystemsConfig.EMPLOYER) + + self.assertFalse(UserRole.objects.filter(role=role_employer_qs.first()).exists()) + + self.service.login(username=example_username, user_data=example_user_data) + + self.service.login(username=example_username, user_data=example_user_data) + + user_qs = InteractiveUser.objects.filter(login_name=example_username, validity_to__isnull=True) + user_role_qs = UserRole.objects.filter(user=user_qs.first(), validity_to__isnull=True) + + self.assertEquals(user_role_qs.count(), 1) + self.assertEquals(user_role_qs.first().role, role_employer_qs.first()) From 680b928a74742801a9f25ae00def499470f9d800 Mon Sep 17 00:00:00 2001 From: Jan Date: Tue, 31 Oct 2023 13:00:22 +0100 Subject: [PATCH 08/10] OM-47: update migration --- msystems/migrations/0002_add_roles.py | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/msystems/migrations/0002_add_roles.py b/msystems/migrations/0002_add_roles.py index cf8a571..0e8ee00 100644 --- a/msystems/migrations/0002_add_roles.py +++ b/msystems/migrations/0002_add_roles.py @@ -8,31 +8,33 @@ ROLE_NAME_EMPLOYER = "Employer" -def _get_role(role_name): - return Role.objects.filter(name=role_name).first() +def _get_role(role_name, role_model): + return role_model.objects.filter(name=role_name).first() -def _create_role(role_name): +def _create_role(role_name, role_model): role = _get_role(role_name) if not role: role = Role(name=role_name, is_blocked=False, is_system=0) role.save() -def _delete_role(role_name): - role = _get_role(role_name) +def _delete_role(role_name, role_model): + role = _get_role(role_name, role_model) if role: role.delete() def on_migration(apps, schema_editor): - _create_role(ROLE_NAME_INSPECTOR) - _create_role(ROLE_NAME_EMPLOYER) + role_model = apps.get_model("core", "role") + _create_role(ROLE_NAME_INSPECTOR, role_model) + _create_role(ROLE_NAME_EMPLOYER, role_model) def on_migration_reverse(apps, schema_editor): - _delete_role(ROLE_NAME_INSPECTOR) - _delete_role(ROLE_NAME_EMPLOYER) + role_model = apps.get_model("core", "role") + _delete_role(ROLE_NAME_INSPECTOR, role_model) + _delete_role(ROLE_NAME_EMPLOYER, role_model) class Migration(migrations.Migration): From 927b94e23cf453222a1ec36dcc9bacd1ec099b16 Mon Sep 17 00:00:00 2001 From: Jan Date: Tue, 31 Oct 2023 13:01:30 +0100 Subject: [PATCH 09/10] OM-47: update migration --- msystems/migrations/0002_add_roles.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/msystems/migrations/0002_add_roles.py b/msystems/migrations/0002_add_roles.py index 0e8ee00..ec2bb90 100644 --- a/msystems/migrations/0002_add_roles.py +++ b/msystems/migrations/0002_add_roles.py @@ -13,7 +13,7 @@ def _get_role(role_name, role_model): def _create_role(role_name, role_model): - role = _get_role(role_name) + role = _get_role(role_name, role_model) if not role: role = Role(name=role_name, is_blocked=False, is_system=0) role.save() From 66dd83e79cb8a6d4e9aa46c52867027cc023d78a Mon Sep 17 00:00:00 2001 From: Jan Date: Tue, 31 Oct 2023 13:06:09 +0100 Subject: [PATCH 10/10] OM-47: update migration --- msystems/migrations/0002_add_roles.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/msystems/migrations/0002_add_roles.py b/msystems/migrations/0002_add_roles.py index ec2bb90..53e5cb0 100644 --- a/msystems/migrations/0002_add_roles.py +++ b/msystems/migrations/0002_add_roles.py @@ -2,8 +2,6 @@ from django.db import migrations -from core.models import Role - ROLE_NAME_INSPECTOR = "Inspector" ROLE_NAME_EMPLOYER = "Employer" @@ -15,7 +13,7 @@ def _get_role(role_name, role_model): def _create_role(role_name, role_model): role = _get_role(role_name, role_model) if not role: - role = Role(name=role_name, is_blocked=False, is_system=0) + role = role_model(name=role_name, is_blocked=False, is_system=0) role.save()