1- from Access .models import User , GroupV2 , MembershipV2 , Role
1+ from Access .models import User , GroupV2 , MembershipV2
22from Access import helpers , views_helper , notifications
33from django .db import transaction
44import datetime
1717
1818NEW_GROUP_CREATE_ERROR_MESSAGE = {
1919 "error_msg" : "Internal Error" ,
20- "msg" : "Error Occured while load ing the page. Please contact admin" ,
20+ "msg" : "Error Occured while loading the page. Please contact admin" ,
2121}
2222
2323NEW_GROUP_CREATE_ERROR_GROUP_EXISTS = {
2626}
2727
2828REQUEST_NOT_FOUND_ERROR = "Error request not found OR Invalid request type"
29- SELF_APPROVAL_ERROR = "You cannot approve your own request. Please ask other admins to do that"
30- GROUP_APPROVAL_ERROR = "Error Occured while Approving group creation. Please contact admin - "
29+ SELF_APPROVAL_ERROR = (
30+ "You cannot approve your own request. Please ask other admins to do that"
31+ )
32+ GROUP_APPROVAL_ERROR = (
33+ "Error Occured while Approving group creation. Please contact admin - "
34+ )
3135APPROVAL_ERROR = "Error Occured while Approving the request. Please contact admin - "
3236REQUEST_PROCESSING = "The Request {requestId} is now being processed"
3337REQUEST_PROCESSED_BY = "The Request {requestId} is already Processed By : {user}"
3438
39+ LIST_GROUP_ACCESSES_GROUP_DONT_EXIST_ERROR = {
40+ "error_msg" : "Invalid Group Name" ,
41+ "msg" : "A group with {group_name} doesn't exist." ,
42+ }
43+
44+ LIST_GROUP_ACCESSES_PERMISSION_DENIED = {
45+ "error_msg" : "Permission Denied" ,
46+ "msg" : "Permission denied, requester is non owner" ,
47+ }
48+
49+ UPDATE_OWNERS_REQUEST_ERROR = {
50+ "error_msg" : "Bad request" ,
51+ "msg" : "The requested URL is of POST method but was called with other." ,
52+ }
53+
3554
3655def create_group (request ):
3756 base_datetime_prefix = datetime .datetime .utcnow ().strftime ("%Y%m%d%H%M%S" )
@@ -84,8 +103,10 @@ def create_group(request):
84103
85104 if "selectedUserList" in data :
86105 initial_members = list (map (str , selected_users ))
87- new_group .add_members (users = User .objects .filter (email__in = initial_members ),
88- requested_by = request .user .user )
106+ new_group .add_members (
107+ users = User .objects .filter (email__in = initial_members ),
108+ requested_by = request .user .user ,
109+ )
89110 else :
90111 initial_members = [request .user .email ]
91112
@@ -103,45 +124,125 @@ def create_group(request):
103124 return context
104125
105126
106- def getGroupAccessList (request , groupName ):
107- return {}
127+ def get_generic_access (group_mapping ):
128+ access_details = {}
129+ for each_access_module in helpers .getAvailableAccessModules ():
130+ if group_mapping .access .access_tag == each_access_module .tag ():
131+ access_details = group_mapping .getAccessRequestDetails (each_access_module )
132+ break
133+
134+ logger .debug ("Generic access generated: " + str (access_details ))
135+ return access_details
136+
137+
138+ def get_group_access_list (request , group_name ):
139+ context = {}
140+ group = GroupV2 .get_active_group_by_name (group_name )
141+ if not group :
142+ logger .debug (f"Group does not exist with group name { group_name } )
143+ context = {
144+ "error" : {
145+ "error_msg" : LIST_GROUP_ACCESSES_GROUP_DONT_EXIST_ERROR ["error_msg" ],
146+ "msg" : LIST_GROUP_ACCESSES_GROUP_DONT_EXIST_ERROR ["msg" ],
147+ }
148+ }
149+ return context
150+
151+ group_members = group .get_all_members ().filter (status = "Approved" )
152+ auth_user = request .user
153+
154+ if not auth_user .user .is_allowed_admin_actions_on_group (group ):
155+ logger .debug ("Permission denied, requester is non owner" )
156+ context = {
157+ "error" : {
158+ "error_msg" : LIST_GROUP_ACCESSES_PERMISSION_DENIED ["error_msg" ],
159+ "msg" : LIST_GROUP_ACCESSES_PERMISSION_DENIED ["msg" ],
160+ }
161+ }
162+ return context
163+
164+ group_members = [
165+ {
166+ "name" : member .user .name ,
167+ "email" : member .user .email ,
168+ "is_owner" : member .is_owner ,
169+ "current_state" : member .user .current_state (),
170+ "membership_id" : member .membership_id ,
171+ }
172+ for member in group_members
173+ ]
174+ context ["userList" ] = group_members
175+ context ["groupName" ] = group_name
176+
177+ allow_revoke = False
178+ if auth_user .user .is_allowed_to_offboard_user_from_group (group ):
179+ allow_revoke = True
180+ context ["allowRevoke" ] = allow_revoke
181+
182+ group_mappings = group .get_active_accesses ()
183+ context ["genericAccesses" ] = [
184+ get_generic_access (group_mapping ) for group_mapping in group_mappings
185+ ]
186+ if (context ["genericAccesses" ] == [{}]):
187+ context ["genericAccesses" ] = []
188+
189+ return context
190+
108191
192+ def update_owners (request , group_name ):
193+ context = {}
194+ group = GroupV2 .get_active_group_by_name (group_name )
195+ if not group :
196+ context = {
197+ "error" : {
198+ "error_msg" : LIST_GROUP_ACCESSES_GROUP_DONT_EXIST_ERROR ["error_msg" ],
199+ "msg" : LIST_GROUP_ACCESSES_GROUP_DONT_EXIST_ERROR ["msg" ],
200+ }
201+ }
202+ return context
109203
110- def updateOwner (request , group , context ):
111204 logger .debug (
112205 "updating owners for group "
113206 + group .name
114207 + " requested by "
115208 + request .user .username
116209 )
210+ if not request .POST :
211+ logger .debug ("Update Owners POST request not found." )
212+ return {"error" : UPDATE_OWNERS_REQUEST_ERROR }
213+
117214 data = request .POST
118215 data = dict (data .lists ())
119-
120216 if "owners" not in data :
121217 data ["owners" ] = []
122- destination = [request .user .user .email ]
218+
219+ auth_user = request .user
220+ destination = [auth_user .user .email ]
221+
222+ group_members = (
223+ group .get_all_members ().filter (status = "Approved" ).exclude (user = auth_user .user )
224+ )
123225
124226 # we will only get data["owners"] as owners who are checked in UI
125227 # (exluding disabled checkbox owner who requested the change)
126- for membership_obj in MembershipV2 .objects .filter (
127- group = group , status = "Approved"
128- ).exclude (user = request .user .user ):
129- if membership_obj .user .email in data ["owners" ]:
130- membership_obj .is_owner = True
131- destination .append (membership_obj .user .email )
132- else :
133- membership_obj .is_owner = False
134- membership_obj .save ()
228+ with transaction .atomic ():
229+ for membership in group_members :
230+ if membership .user .email in data ["owners" ]:
231+ membership .is_owner = True
232+ destination .append (membership .user .email )
233+ else :
234+ membership .is_owner = False
235+ membership .save ()
135236
136237 logger .debug ("Owners changed to " + ", " .join (destination ))
137- subject = "Enigma Group '" + group .name + "' owners changed"
138- body = "\n Group Name :- {} \n updated owners :- {} \n updated by :- {}" .format (
139- group .name , ", " .join (destination ), request .user .user .email
140- )
141238 destination .extend (MAIL_APPROVER_GROUPS )
142- general .emailSES (destination , subject , body )
239+ notifications .send_group_owners_update_mail (
240+ destination , group_name , auth_user .user .email
241+ )
143242 context ["notification" ] = "Owner's updated"
144243
244+ return context
245+
145246
146247def isAllowedGroupAdminFunctions (request , groupMembers ):
147248 ownersEmail = [member .user .email for member in groupMembers .filter (is_owner = True )]
@@ -206,12 +307,16 @@ def approve_new_group_request(request, group_id):
206307 initial_members = group .get_all_members ()
207308 initial_member_names = [user .user .name for user in initial_members ]
208309 try :
209- notifications .send_new_group_approved_notification (group = group ,
210- group_id = group_id ,
211- initial_member_names = initial_member_names )
310+ notifications .send_new_group_approved_notification (
311+ group = group ,
312+ group_id = group_id ,
313+ initial_member_names = initial_member_names ,
314+ )
212315 except Exception as e :
213316 logger .exception (e )
214- logger .error ("Group approved, but Error in sending group approval notification" )
317+ logger .error (
318+ "Group approved, but Error in sending group approval notification"
319+ )
215320 logger .debug (
216321 "Approved group creation for - "
217322 + group_id
@@ -230,10 +335,7 @@ def approve_new_group_request(request, group_id):
230335 logger .exception (e )
231336 logger .error ("Error in Approving New Group request." )
232337 context = {}
233- context ["error" ] = (
234- GROUP_APPROVAL_ERROR
235- + str (e )
236- )
338+ context ["error" ] = GROUP_APPROVAL_ERROR + str (e )
237339 return context
238340
239341
@@ -440,42 +542,52 @@ def accept_member(request, requestId, shouldRender=True):
440542 except Exception as e :
441543 logger .error ("Error request not found OR Invalid request type" )
442544 context = {}
443- context [' error' = REQUEST_NOT_FOUND_ERROR + str (e )
545+ context [" error" = REQUEST_NOT_FOUND_ERROR + str (e )
444546 return context
445547 try :
446548 if membership .is_already_processed ():
447- logger .warning ("An Already Approved/Declined/Processing Request was accessed by - "
448- + request .user .username )
549+ logger .warning (
550+ "An Already Approved/Declined/Processing Request was accessed by - "
551+ + request .user .username
552+ )
449553 context = {}
450- context ['error' ] = REQUEST_PROCESSED_BY .format (requestId = requestId ,
451- user = membership .approver .user .username )
554+ context ["error" ] = REQUEST_PROCESSED_BY .format (
555+ requestId = requestId , user = membership .approver .user .username
556+ )
452557 return context
453558 elif membership .is_self_approval (approver = request .user .user ):
454559 context = {}
455560 context ["error" ] = SELF_APPROVAL_ERROR
456561 return context
457562 else :
458563 context = {}
459- context [' msg' = REQUEST_PROCESSING .format (requestId = requestId )
564+ context [" msg" = REQUEST_PROCESSING .format (requestId = requestId )
460565 with transaction .atomic ():
461566 membership .approve (request .user .user )
462567 group = membership .group
463568 user = membership .user
464- userMappingsList = views_helper .generateUserMappings (user , group , membership )
569+ userMappingsList = views_helper .generateUserMappings (
570+ user , group , membership
571+ )
465572
466573 # TODO: Add celery task for executeGroupAccess
467574 # accessAcceptThread = threading.Thread(target=executeGroupAccess,
468575 # args=(request, group.name, userMappingsList))
469576 # accessAcceptThread.start()
470577
471- notifications .send_membership_accepted_notification (user = user ,
472- group = group , membership = membership )
473- logger .debug ("Process has been started for the Approval of request - "
474- + requestId + " - Approver=" + request .user .username )
578+ notifications .send_membership_accepted_notification (
579+ user = user , group = group , membership = membership
580+ )
581+ logger .debug (
582+ "Process has been started for the Approval of request - "
583+ + requestId
584+ + " - Approver="
585+ + request .user .username
586+ )
475587 return context
476588 except Exception as e :
477589 logger .exception (e )
478590 logger .error ("Error in Accept of New Member in Group request." )
479591 context = {}
480- context [' error' = APPROVAL_ERROR + str (e )
592+ context [" error" = APPROVAL_ERROR + str (e )
481593 return context
0 commit comments