From 6c0a0fc770e1139973128d6a862199ade2904337 Mon Sep 17 00:00:00 2001
From: Nivesh Mittapally <mittapally.nivesh@gmail.com>
Date: Mon, 22 May 2023 19:18:13 +0530
Subject: [PATCH 1/4] fix: access mapping creating issue

---
 Access/accessrequest_helper.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/Access/accessrequest_helper.py b/Access/accessrequest_helper.py
index e7f25918..d2ebc8dc 100644
--- a/Access/accessrequest_helper.py
+++ b/Access/accessrequest_helper.py
@@ -511,6 +511,10 @@ def _create_access(
                     access_label=json.dumps(access.access_label)
                 ),
             }
+    else:
+        access = AccessV2.objects.create(
+            access_tag=access_tag, access_label=access_label
+        )
 
     try:
         _create_access_mapping(
@@ -531,11 +535,7 @@ def _create_access(
 def _create_access_mapping(
     user_identity, access, request_id, access_reason
 ):
-    """ Create AccessV2 and UserAccessMapping in db """
-    if not access:
-        access = AccessV2.objects.create(
-            access_tag=access.access_tag, access_label=access.access_label
-        )
+    """ Create UserAccessMapping in db """
 
     user_identity.user_access_mapping.create(
         request_id=request_id, request_reason=access_reason, access=access

From 4c7dcda114c1642023d8924df63ee4a430af9397 Mon Sep 17 00:00:00 2001
From: Nivesh Mittapally <mittapally.nivesh@gmail.com>
Date: Mon, 22 May 2023 20:47:34 +0530
Subject: [PATCH 2/4] feat: added decline for membership

---
 Access/accessrequest_helper.py | 11 +++++++++--
 Access/models.py               |  8 ++++++++
 Access/views.py                |  1 +
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/Access/accessrequest_helper.py b/Access/accessrequest_helper.py
index 25f94d34..3a8efc8e 100644
--- a/Access/accessrequest_helper.py
+++ b/Access/accessrequest_helper.py
@@ -737,6 +737,9 @@ def decline_individual_access(request, access_type, request_id, reason):
     if access_type == "declineNewGroup":
         access_mapping = GroupV2.get_pending_group(request_id)
         decline_new_group = True
+    elif access_type == "declineMember":
+        access_mapping = MembershipV2.get_membership(request_id)
+        decline_membership = True
     else:
         access_mapping = UserAccessMapping.get_access_request(request_id)
         access_type = access_mapping.access.access_tag
@@ -747,7 +750,7 @@ def decline_individual_access(request, access_type, request_id, reason):
         )
         return json_response
 
-    if not decline_new_group:
+    if not decline_new_group and not decline_membership:
         json_response = validate_approver_permissions(
             access_mapping, access_type, request)
         if "error" in json_response:
@@ -765,7 +768,7 @@ def decline_individual_access(request, access_type, request_id, reason):
 
         access_mapping.save()
 
-    if not decline_new_group:
+    if not decline_new_group and not decline_membership:
         access_module = helpers.get_available_access_module_from_tag(
             access_type)
         access_labels = [access_mapping.access.access_label]
@@ -773,6 +776,10 @@ def decline_individual_access(request, access_type, request_id, reason):
         notifications.send_mail_for_request_decline(
             request, description, request_id, reason, access_type
         )
+    elif decline_membership:
+        notifications.send_mail_for_request_decline(
+            request, "Membership Creation", request_id, reason, access_type
+        )
     else:
         MembershipV2.update_membership(access_mapping, reason)
         notifications.send_mail_for_request_decline(
diff --git a/Access/models.py b/Access/models.py
index 4422a694..cd131dab 100644
--- a/Access/models.py
+++ b/Access/models.py
@@ -435,6 +435,14 @@ def approve_membership(membership_id, approver):
         membership = MembershipV2.objects.get(membership_id=membership_id)
         membership.approve(approver=approver)
 
+    def decline_access(self, reason):
+        self.status = "Declined"
+        self.decline_reason = reason
+        self.save()
+
+    def is_already_processed(self):
+        return self.status in ["Declined", "Approved", "Processing", "Revoked"]
+
     def revoke_membership(self):
         self.status = "Revoked"
         self.save()
diff --git a/Access/views.py b/Access/views.py
index 034e76c3..387b6ef3 100644
--- a/Access/views.py
+++ b/Access/views.py
@@ -424,6 +424,7 @@ def _get_request_ids_for_bulk_processing(posted_request_ids, selector):
 
 
 @login_required
+@user_any_approver
 def decline_access(request, access_type, request_id):
     """Decline an access request.
 

From 2597003b55fc34cceda0e7f7638b9f29071cb038 Mon Sep 17 00:00:00 2001
From: Nivesh Mittapally <mittapally.nivesh@gmail.com>
Date: Mon, 22 May 2023 21:15:48 +0530
Subject: [PATCH 3/4] fix: lint issues for decline membership

---
 Access/accessrequest_helper.py | 47 ++++++++++++++++++++++++++++------
 Access/models.py               |  3 ++-
 2 files changed, 41 insertions(+), 9 deletions(-)

diff --git a/Access/accessrequest_helper.py b/Access/accessrequest_helper.py
index 3a8efc8e..28f2e5f1 100644
--- a/Access/accessrequest_helper.py
+++ b/Access/accessrequest_helper.py
@@ -729,6 +729,42 @@ def run_accept_request_task(
     return json_response
 
 
+def decline_group_membership(request, access_type, request_id, reason):
+    """ Decline group membership """
+    json_response = {}
+    membership = MembershipV2.get_membership(request_id)
+
+    if not membership:
+        json_response["error"] = INVALID_REQUEST_ERROR_MSG
+        return json_response
+
+    if not is_request_valid(request_id, membership):
+        json_response["error"] = USER_REQUEST_IN_PROCESS_ERR_MSG.format(
+            request_id=request_id,
+        )
+        return json_response
+
+    with transaction.atomic():
+        membership.decline(reason, request.user.user)
+
+    notifications.send_mail_for_request_decline(
+        request, "Membership Creation", request_id, reason, access_type
+    )
+
+    logger.debug(
+        USER_REQUEST_DECLINE_MSG.format(
+            request_id=request_id,
+            decline_reason=reason,
+        )
+    )
+    json_response = {}
+    json_response["msg"] = USER_REQUEST_DECLINE_MSG.format(
+        request_id=request_id,
+        decline_reason=reason,
+    )
+    return json_response
+
+
 def decline_individual_access(request, access_type, request_id, reason):
     """ Decline individual access """
     json_response = {}
@@ -738,8 +774,7 @@ def decline_individual_access(request, access_type, request_id, reason):
         access_mapping = GroupV2.get_pending_group(request_id)
         decline_new_group = True
     elif access_type == "declineMember":
-        access_mapping = MembershipV2.get_membership(request_id)
-        decline_membership = True
+        return decline_group_membership(request, access_type, request_id, reason)
     else:
         access_mapping = UserAccessMapping.get_access_request(request_id)
         access_type = access_mapping.access.access_tag
@@ -750,7 +785,7 @@ def decline_individual_access(request, access_type, request_id, reason):
         )
         return json_response
 
-    if not decline_new_group and not decline_membership:
+    if not decline_new_group:
         json_response = validate_approver_permissions(
             access_mapping, access_type, request)
         if "error" in json_response:
@@ -768,7 +803,7 @@ def decline_individual_access(request, access_type, request_id, reason):
 
         access_mapping.save()
 
-    if not decline_new_group and not decline_membership:
+    if not decline_new_group:
         access_module = helpers.get_available_access_module_from_tag(
             access_type)
         access_labels = [access_mapping.access.access_label]
@@ -776,10 +811,6 @@ def decline_individual_access(request, access_type, request_id, reason):
         notifications.send_mail_for_request_decline(
             request, description, request_id, reason, access_type
         )
-    elif decline_membership:
-        notifications.send_mail_for_request_decline(
-            request, "Membership Creation", request_id, reason, access_type
-        )
     else:
         MembershipV2.update_membership(access_mapping, reason)
         notifications.send_mail_for_request_decline(
diff --git a/Access/models.py b/Access/models.py
index cd131dab..cf67345a 100644
--- a/Access/models.py
+++ b/Access/models.py
@@ -435,9 +435,10 @@ def approve_membership(membership_id, approver):
         membership = MembershipV2.objects.get(membership_id=membership_id)
         membership.approve(approver=approver)
 
-    def decline_access(self, reason):
+    def decline(self, reason, decliner):
         self.status = "Declined"
         self.decline_reason = reason
+        self.approver = decliner
         self.save()
 
     def is_already_processed(self):

From a1f6609fb421a203ee5bced8b58850bd35ddcbb2 Mon Sep 17 00:00:00 2001
From: Nivesh Mittapally <mittapally.nivesh@gmail.com>
Date: Tue, 23 May 2023 11:51:26 +0530
Subject: [PATCH 4/4] refactor: removed unwanted transaction in decline
 membership

---
 Access/accessrequest_helper.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/Access/accessrequest_helper.py b/Access/accessrequest_helper.py
index 28f2e5f1..724a2de7 100644
--- a/Access/accessrequest_helper.py
+++ b/Access/accessrequest_helper.py
@@ -744,8 +744,7 @@ def decline_group_membership(request, access_type, request_id, reason):
         )
         return json_response
 
-    with transaction.atomic():
-        membership.decline(reason, request.user.user)
+    membership.decline(reason, request.user.user)
 
     notifications.send_mail_for_request_decline(
         request, "Membership Creation", request_id, reason, access_type