Merge pull request #743 from Ilhasoft/merge-to-develop

Merged master into to develop

bothub/api/v2/internal/organization/views.py

@@ -5,10 +5,7 @@
 
 from bothub.api.v2.metadata import Metadata
 from bothub.authentication.models import User
-from bothub.common.models import (
-    Organization,
-    OrganizationAuthorization
-)
+from bothub.common.models import Organization, OrganizationAuthorization
 from bothub.api.v2.internal.organization.serializers import (
     OrganizationSerializer,
     OrgCreateSerializer,

bothub/api/v2/tests/test_repository.py

@@ -320,48 +320,57 @@ def test_authorization_with_user(self):
             )
 
     def test_authorization_permission_admin_in_organization(self):
+        """Validate that the owner user has full access to the repository
+        while a common user only has read access"""
         for repository in self.repositories:
-            perm = OrganizationAuthorization.objects.create(
+
+            # Create repository and organization authorizations
+            organization_authorization = OrganizationAuthorization.objects.create(
                 user=self.user,
                 organization=self.organization,
                 role=OrganizationAuthorization.ROLE_ADMIN,
             )
-
-            repo_auth = RepositoryAuthorization.objects.create(
-                user=self.organization, repository=repository, role=3
-            )
-            user, user_token = (
-                (self.owner, self.owner_token)
-                if repository.is_private
-                else (self.user, self.user_token)
+            repository_authorization = RepositoryAuthorization.objects.create(
+                user=self.organization,
+                repository=repository,
+                role=RepositoryAuthorization.ROLE_ADMIN,
             )
+
+            user, user_token = (self.owner, self.owner_token) if repository.is_private else (self.user, self.user_token)
             response, content_data = self.request(repository, user_token)
             authorization = content_data.get("authorization")
             self.assertIsNotNone(authorization)
-            self.assertEqual(
-                authorization.get("level"), OrganizationAuthorization.ROLE_ADMIN
-            )
             self.assertTrue(authorization.get("can_read"))
-            self.assertTrue(authorization.get("can_contribute"))
-            self.assertTrue(authorization.get("can_write"))
-            self.assertTrue(authorization.get("can_translate"))
-            self.assertTrue(authorization.get("is_admin"))
+
+            # Assert owner access vs common user access behavior
+            if user is self.owner:
+                self.assertEqual(authorization.get("level"), OrganizationAuthorization.ROLE_ADMIN)
+                self.assertTrue(authorization.get("can_contribute"))
+                self.assertTrue(authorization.get("can_write"))
+                self.assertTrue(authorization.get("can_translate"))
+                self.assertTrue(authorization.get("is_admin"))
+            else:  # is not owner
+                self.assertEqual(authorization.get("level"), OrganizationAuthorization.ROLE_USER)
+                self.assertFalse(authorization.get("can_contribute"))
+                self.assertFalse(authorization.get("can_write"))
+                self.assertFalse(authorization.get("can_translate"))
+                self.assertFalse(authorization.get("is_admin"))
+
             self.assertEqual(len(authorization.get("organizations")), 1)
-            perm.delete()
+
+            # User should have role==ROLE_USER when they lose their authorization in the organization
+            organization_authorization.delete()
             response, content_data = self.request(repository, user_token)
             authorization = content_data.get("authorization")
             self.assertIsNotNone(authorization)
-            self.assertEqual(
-                authorization.get("level"), OrganizationAuthorization.ROLE_USER
-            )
+            self.assertEqual(authorization.get("level"), OrganizationAuthorization.ROLE_USER)
 
-            repo_auth.delete()
+            # User should have role==ROLE_USER when they lose their authorization in the repository
+            repository_authorization.delete()
             response, content_data = self.request(repository, user_token)
             authorization = content_data.get("authorization")
             self.assertIsNotNone(authorization)
-            self.assertEqual(
-                authorization.get("level"), OrganizationAuthorization.ROLE_USER
-            )
+            self.assertEqual(authorization.get("level"), OrganizationAuthorization.ROLE_USER)
 
 
 class RepositoryAvailableRequestAuthorizationTestCase(TestCase):

bothub/common/models.py

@@ -906,7 +906,7 @@ def get_user_authorization(self, user):
 
             if repo_auth.role < org_auth.role:
                 repo_auth.role = org_auth.role
-                repo_auth.save(update_fields=['role'])
+                repo_auth.save(update_fields=["role"])
         return repo_auth
 
     def get_absolute_url(self):
@@ -2007,26 +2007,9 @@ def save(self, *args, **kwargs):
     @property
     def get_role(self):
         if self.role < RepositoryAuthorization.ROLE_USER and self.user:
-            org = (
-                self.user.organization_user_authorization.exclude(
-                    role=RepositoryAuthorization.ROLE_NOT_SETTED
-                )
-                .filter(
-                    Q(
-                        organization__in=RepositoryAuthorization.objects.filter(
-                            repository=self.repository,
-                            user__in=self.user.organization_user_authorization.exclude(
-                                role=OrganizationAuthorization.ROLE_NOT_SETTED
-                            ).values_list("organization", flat=True),
-                        )
-                        .exclude(role=OrganizationAuthorization.ROLE_NOT_SETTED)
-                        .order_by("-role")
-                        .values_list("user")
-                    )
-                )
-                .order_by("-role")
-            ).first()
-            return org.role if org else RepositoryAuthorization.LEVEL_NOTHING
+            # Get role directly from repository
+            auth = self.repository.get_user_authorization(self.user)
+            return auth.role
         return self.role
 
     @property

bothub/common/tests.py

@@ -16,7 +16,7 @@
     QAKnowledgeBase,
     QAtext,
     Organization,
-    OrganizationAuthorization
+    OrganizationAuthorization,
 )
 from .models import RepositoryAuthorization
 from .models import RepositoryEntity
@@ -546,7 +546,9 @@ class RepositoryAuthorizationTestCase(TestCase):
     def setUp(self):
         self.owner = User.objects.create_user("owner@user.com", "owner")
         self.user = User.objects.create_user("fake@user.com", "user")
-        self.collaborator = User.objects.create_user("colaborator@user.com", "collaborator")
+        self.collaborator = User.objects.create_user(
+            "colaborator@user.com", "collaborator"
+        )
 
         self.repository = Repository.objects.create(
             owner=self.owner.repository_owner, name="Test", slug="test"
@@ -561,7 +563,7 @@ def setUp(self):
         self.organization_repository = Repository.objects.create(
             owner=self.organization,
             name="Organization Repository",
-            slug="organization_repository"
+            slug="organization_repository",
         )
 
     def test_admin_level(self):
@@ -702,16 +704,25 @@ def test_organization_auth_over_repository_auth(self):
         initial_organization_role = OrganizationAuthorization.ROLE_ADMIN
 
         # Set user's role to a low level at the Repository
-        collaborator_repository_auth, created = RepositoryAuthorization.objects.get_or_create(
-            user=self.collaborator, repository=self.organization_repository, role=RepositoryAuthorization.ROLE_USER
+        (
+            collaborator_repository_auth,
+            created,
+        ) = RepositoryAuthorization.objects.get_or_create(
+            user=self.collaborator,
+            repository=self.organization_repository,
+            role=RepositoryAuthorization.ROLE_USER,
         )
         # Set user's role to a high level at the Organization
-        collaborator_organization_auth = self.organization.organization_authorizations.create(
-            user=self.collaborator, role=initial_organization_role
+        collaborator_organization_auth = (
+            self.organization.organization_authorizations.create(
+                user=self.collaborator, role=initial_organization_role
+            )
         )
 
         # Validate that their access level corresponds to their role in the Organization and not the Repository, as it is higher at this point.
-        user_authorization = self.organization_repository.get_user_authorization(self.collaborator)
+        user_authorization = self.organization_repository.get_user_authorization(
+            self.collaborator
+        )
         self.assertEqual(user_authorization.role, collaborator_organization_auth.role)
 
         # Lower their level inside the Organization
@@ -723,7 +734,9 @@ def test_organization_auth_over_repository_auth(self):
         self.assertEqual(collaborator_repository_auth.role, initial_organization_role)
 
         # Validate that the user's level is now the Repository's and not the Organization's, as it is higher.
-        user_authorization = self.organization_repository.get_user_authorization(self.collaborator)
+        user_authorization = self.organization_repository.get_user_authorization(
+            self.collaborator
+        )
         self.assertEqual(user_authorization.role, collaborator_repository_auth.role)