Publically joinable Groups (#697)

* Add public field to AuthGroup * Add permission for users to join non-public groups By default this permission will be applied to the "Member" group to maintain the current behaviour. * Allow users to join public groups Users without the 'groupmanagement.request_groups' permission will be able to join groups marked as public but will not be able to see or join any other groups. * Prevent None state change from purging groups Currently when a user drops from Blue or Member state all groups and permissions are discarded. This softens that approach by not removing public groups and creates a distinction between the two activities. An argument could maybe be made for not removing permissions on a state change, but that is beyond the scope of this change. * Correct syntax for removing filtered groups * Add unit tests for disable user and member * Update services signals tests * Correct mocking call * Remove permissions checking from menu item
2026-02-06 07:06:19 +01:00 · 2017-02-12 13:03:39 +10:00
parent b636262e0c
commit 918ecf812c
12 changed files with 244 additions and 56 deletions
--- a/authentication/tasks.py
+++ b/authentication/tasks.py
@@ -20,7 +20,28 @@ def generate_alliance_group_name(alliancename):


 def disable_member(user):
+    """
+    Disable a member who is transitioning to a NONE state.
+    :param user: django.contrib.auth.models.User to disable
+    :return:
+    """
    logger.debug("Disabling member %s" % user)
+    if user.user_permissions.all().exists():
+        logger.info("Clearning user %s permission to deactivate user." % user)
+        user.user_permissions.clear()
+    if user.groups.all().exists():
+        logger.info("Clearing all non-public user %s groups to disable member." % user)
+        user.groups.remove(*user.groups.filter(authgroup__public=False))
+    validate_services(user, None)
+
+
+def disable_user(user):
+    """
+    Disable a user who is being set inactive or deleted
+    :param user: django.contrib.auth.models.User to disable
+    :return:
+    """
+    logger.debug("Disabling user %s" % user)
    if user.user_permissions.all().exists():
        logger.info("Clearning user %s permission to deactivate user." % user)
        user.user_permissions.clear()
--- a/authentication/tests.py
+++ b/authentication/tests.py
@@ -1 +0,0 @@
-# Create your tests here.
--- a/authentication/tests/init.py
+++ b/authentication/tests/init.py
--- a/authentication/tests/test_tasks.py
+++ b/authentication/tests/test_tasks.py
@@ -0,0 +1,84 @@
+from __future__ import unicode_literals
+
+try:
+    # Py3
+    from unittest import mock
+except ImportError:
+    # Py2
+    import mock
+
+from django.test import TestCase
+from django.contrib.auth.models import Group, Permission
+
+from alliance_auth.tests.auth_utils import AuthUtils
+
+from authentication.tasks import disable_member, disable_user
+
+
+class AuthenticationTasksTestCase(TestCase):
+    def setUp(self):
+        self.member = AuthUtils.create_member('auth_member')
+        self.none_user = AuthUtils.create_user('none_user', disconnect_signals=True)
+
+    @mock.patch('services.signals.transaction')
+    def test_disable_member(self, transaction):
+        # Inert signals action
+        transaction.on_commit.side_effect = lambda fn: fn()
+
+        # Add permission
+        perm = Permission.objects.create(codename='test_perm', name='test perm', content_type_id=1)
+
+        # Add public group
+        pub_group = Group.objects.create(name="A Public group")
+        pub_group.authgroup.internal = False
+        pub_group.authgroup.public = True
+        pub_group.save()
+
+        # Setup member
+        self.member.user_permissions.add(perm)
+        self.member.groups.add(pub_group)
+
+        # Pre assertion
+        self.assertIn(pub_group, self.member.groups.all())
+        self.assertGreater(len(self.member.groups.all()), 1)
+
+        # Act
+        disable_member(self.member)
+
+        # Assert
+        self.assertIn(pub_group, self.member.groups.all())
+        # Everything but the single public group wiped
+        self.assertEqual(len(self.member.groups.all()), 1)
+        # All permissions wiped
+        self.assertEqual(len(self.member.user_permissions.all()), 0)
+
+    @mock.patch('services.signals.transaction')
+    def test_disable_user(self, transaction):
+        # Inert signals action
+        transaction.on_commit.side_effect = lambda fn: fn()
+
+        # Add permission
+        perm = Permission.objects.create(codename='test_perm', name='test perm', content_type_id=1)
+
+        # Add public group
+        pub_group = Group.objects.create(name="A Public group")
+        pub_group.authgroup.internal = False
+        pub_group.authgroup.public = True
+        pub_group.save()
+
+        # Setup member
+        self.member.user_permissions.add(perm)
+        self.member.groups.add(pub_group)
+
+        # Pre assertion
+        self.assertIn(pub_group, self.member.groups.all())
+        self.assertGreater(len(self.member.groups.all()), 1)
+
+        # Act
+        disable_user(self.member)
+
+        # Assert
+        # All groups wiped
+        self.assertEqual(len(self.member.groups.all()), 0)
+        # All permissions wiped
+        self.assertEqual(len(self.member.user_permissions.all()), 0)