Create internal module, module permission and updated WeniOIDCAuthent…

…icationBackend to add permission if the user is a module
weni-ai · May 20, 2022 · b49b233 · b49b233
1 parent 0c31123
commit b49b233
Show file tree

Hide file tree

Showing 6 changed files with 100 additions and 43 deletions.
diff --git a/bothub/api/v2/internal/__init__.py b/bothub/api/v2/internal/__init__.py
diff --git a/bothub/api/v2/internal/permissions.py b/bothub/api/v2/internal/permissions.py
@@ -0,0 +1,9 @@
+from rest_framework import permissions
+
+
+class ModuleHasPermission(permissions.BasePermission):
+    def has_permission(self, request, view):  # pragma: no cover
+        return request.user.has_perm("authentication.can_communicate_internally")
+
+    def has_object_permission(self, request, view, obj):
+        return self.has_permission(request, view)
diff --git a/bothub/api/v2/tests/test_repository.py b/bothub/api/v2/tests/test_repository.py
@@ -42,48 +42,11 @@
 from bothub.common.models import RepositoryVote
 from bothub.common.models import RequestRepositoryAuthorization
 
-
-def get_valid_mockups(categories):
-    return [
-        {
-            "name": "Repository 1",
-            "slug": "repository-1",
-            "description": "",
-            "language": languages.LANGUAGE_EN,
-            "categories": [category.pk for category in categories],
-        },
-        {
-            "name": "Repository 2",
-            "description": "",
-            "language": languages.LANGUAGE_PT,
-            "categories": [category.pk for category in categories],
-        },
-    ]
-
-
-def get_invalid_mockups(categories):
-    return [
-        {
-            "name": "",
-            "slug": "repository-1",
-            "language": languages.LANGUAGE_EN,
-            "categories": [category.pk for category in categories],
-        },
-        {
-            "name": "Repository 3",
-            "language": "out",
-            "categories": [category.pk for category in categories],
-            "is_private": False,
-        },
-    ]
-
-
-def create_repository_from_mockup(owner, categories, **mockup):
-    r = Repository.objects.create(owner_id=owner.id, **mockup)
-    r.current_version()
-    for category in categories:
-        r.categories.add(category)
-    return r
+from bothub.api.v2.tests.utils import (
+    get_valid_mockups,
+    get_invalid_mockups,
+    create_repository_from_mockup,
+)
 
 
 class CreateRepositoryAPITestCase(TestCase):

diff --git a/bothub/api/v2/tests/utils.py b/bothub/api/v2/tests/utils.py
@@ -1,9 +1,58 @@
+from bothub.utils import check_module_permission
 from rest_framework.authtoken.models import Token
 
 from bothub.authentication.models import User
+from bothub.common import languages
+from bothub.common.models import Repository
 
 
-def create_user_and_token(nickname="fake"):
+def create_user_and_token(nickname="fake", module=False):
     user = User.objects.create_user("{}@user.com".format(nickname), nickname)
+    if module is True:
+        check_module_permission({"can_communicate_internally": module}, user)
+        user = User.objects.get(email=user.email)
     token, create = Token.objects.get_or_create(user=user)
     return (user, token)
+
+
+def get_valid_mockups(categories):
+    return [
+        {
+            "name": "Repository 1",
+            "slug": "repository-1",
+            "description": "",
+            "language": languages.LANGUAGE_EN,
+            "categories": [category.pk for category in categories],
+        },
+        {
+            "name": "Repository 2",
+            "description": "",
+            "language": languages.LANGUAGE_PT,
+            "categories": [category.pk for category in categories],
+        },
+    ]
+
+
+def get_invalid_mockups(categories):
+    return [
+        {
+            "name": "",
+            "slug": "repository-1",
+            "language": languages.LANGUAGE_EN,
+            "categories": [category.pk for category in categories],
+        },
+        {
+            "name": "Repository 3",
+            "language": "out",
+            "categories": [category.pk for category in categories],
+            "is_private": False,
+        },
+    ]
+
+
+def create_repository_from_mockup(owner, categories, **mockup):
+    r = Repository.objects.create(owner_id=owner.id, **mockup)
+    r.current_version()
+    for category in categories:
+        r.categories.add(category)
+    return r
diff --git a/bothub/authentication/authorization.py b/bothub/authentication/authorization.py
@@ -1,6 +1,9 @@
 import logging
 
 from django.utils.translation import ugettext_lazy as _
+from bothub.utils import check_module_permission
+
+
 from mozilla_django_oidc.auth import OIDCAuthenticationBackend
 from rest_framework import exceptions
 from rest_framework.authentication import TokenAuthentication, get_authorization_header
@@ -97,11 +100,14 @@ def create_user(self, claims):
         user.name = claims.get("name", "")
         user.save()
 
+        check_module_permission(claims, user)
+
         return user
 
     def update_user(self, user, claims):
         user.name = claims.get("name", "")
         user.email = claims.get("email", "")
         user.save()
+        check_module_permission(claims, user)
 
         return user
diff --git a/bothub/utils.py b/bothub/utils.py
@@ -20,6 +20,7 @@
 from rest_framework import status
 from rest_framework.exceptions import APIException, ValidationError
 
+
 entity_regex = re.compile(
     r"\[(?P<entity_text>[^\]]+)" r"\]\((?P<entity>[^:)]*?)" r"(?:\:(?P<value>[^)]+))?\)"
 )
@@ -375,6 +376,17 @@ def get_organization(request, organization_id: int):
         )
 
 
+def get_user_and_organization(user_email: str, organization_id: int):
+    from bothub.authentication.models import User
+    from bothub.common.models import Organization
+
+    org = Organization.objects.get(pk=organization_id)
+    user, created = User.objects.get_or_create(
+        email=user_email, defaults={"nickname": user_email}
+    )
+    return user, org
+
+
 class TimeBasedDocument(Document):
     def save(self, action="create", **kwargs):
         return super().save(action=action, **kwargs)
@@ -462,3 +474,21 @@ def filter_has_invalid_entities(self, queryset, name, value):
         return filter_validate_entities(queryset, value).exclude(
             original_entities_count=F("entities_count")
         )
+
+
+def check_module_permission(claims, user):
+    from django.contrib.auth.models import Permission
+    from django.contrib.contenttypes.models import ContentType
+    from bothub.common.models import User
+
+    if claims.get("can_communicate_internally", False):
+        content_type = ContentType.objects.get_for_model(User)
+        permission, created = Permission.objects.get_or_create(
+            codename="can_communicate_internally",
+            name="can communicate internally",
+            content_type=content_type,
+        )
+        if not user.has_perm("authentication.can_communicate_internally"):
+            user.user_permissions.add(permission)
+        return True
+    return False