Changes for "can_request_access" feature

api/institutions/serializers.py

@@ -41,6 +41,7 @@ class InstitutionSerializer(JSONAPISerializer):
         ser.CharField(read_only=True),
         permission='view_institutional_metrics',
     )
+    can_request_access = ser.CharField(read_only=True)
     links = LinksField({
         'self': 'get_api_url',
         'html': 'get_absolute_html_url',

api_tests/requests/views/test_node_request_institutional_access.py

@@ -18,7 +18,7 @@ def url(self, project):
 
     @pytest.fixture()
     def institution(self):
-        return InstitutionFactory()
+        return InstitutionFactory(can_request_access=True)
 
     @pytest.fixture()
     def institution2(self):

api_tests/users/views/test_user_message_institutional_access.py

@@ -7,6 +7,7 @@
     InstitutionFactory
 )
 from website.mails import USER_MESSAGE_INSTITUTIONAL_ACCESS_REQUEST
+from webtest import AppError
 
 
 @pytest.mark.django_db
@@ -17,6 +18,10 @@ class TestUserMessageInstitutionalAccess:
 
     @pytest.fixture()
     def institution(self):
+        return InstitutionFactory(can_request_access=True)
+
+    @pytest.fixture()
+    def institution_without_access(self):
         return InstitutionFactory()
 
     @pytest.fixture()
@@ -33,16 +38,32 @@ def user_with_affiliation(self, institution):
         user.add_or_update_affiliated_institution(institution)
         return user
 
+    @pytest.fixture()
+    def user_with_affiliation_on_institution_without_access(self, institution_without_access):
+        user = AuthUserFactory()
+        user.add_or_update_affiliated_institution(institution_without_access)
+        return user
+
     @pytest.fixture()
     def institutional_admin(self, institution):
         admin_user = AuthUserFactory()
         institution.get_group('institutional_admins').user_set.add(admin_user)
         return admin_user
 
+    @pytest.fixture()
+    def institutional_admin_on_institution_without_access(self, institution_without_access):
+        admin_user = AuthUserFactory()
+        institution_without_access.get_group('institutional_admins').user_set.add(admin_user)
+        return admin_user
+
     @pytest.fixture()
     def url_with_affiliation(self, user_with_affiliation):
         return f'/{API_BASE}users/{user_with_affiliation._id}/messages/'
 
+    @pytest.fixture()
+    def url_with_affiliation_on_institution_without_access(self, user_with_affiliation_on_institution_without_access):
+        return f'/{API_BASE}users/{user_with_affiliation_on_institution_without_access._id}/messages/'
+
     @pytest.fixture()
     def url_without_affiliation(self, user):
         return f'/{API_BASE}users/{user._id}/messages/'
@@ -89,6 +110,26 @@ def test_institutional_admin_can_create_message(self, mock_send_mail, app, insti
         assert 'Requesting user access for collaboration' in mock_send_mail.call_args[1]['message_text']
         assert user_message._id == data['id']
 
+    @mock.patch('osf.models.user_message.send_mail')
+    def test_institutional_admin_can_not_create_message(self, mock_send_mail, app, institutional_admin_on_institution_without_access,
+                                                        institution_without_access, url_with_affiliation_on_institution_without_access,
+                                                        payload):
+        """
+        Ensure an institutional admin cannot create a `UserMessage` with a `message` and `institution` witch has 'can_request_access' as False
+        """
+        mock_send_mail.return_value = mock.MagicMock()
+
+        # Use pytest.raises to explicitly expect the 403 error
+        with pytest.raises(AppError) as exc_info:
+            app.post_json_api(
+                url_with_affiliation_on_institution_without_access,
+                payload,
+                auth=institutional_admin_on_institution_without_access.auth
+            )
+
+        # Assert that the raised error contains the 403 Forbidden status
+        assert '403 Forbidden' in str(exc_info.value)
+
     def test_unauthenticated_user_cannot_create_message(self, app, user, url_with_affiliation, payload):
         """
         Ensure that unauthenticated users cannot create a `UserMessage`.

framework/email/tasks.py

@@ -12,7 +12,6 @@
     Category,
     Attachment,
     FileContent,
-    Email,
     To,
     Personalization,
     Cc,
@@ -163,7 +162,8 @@ def _send_with_sendgrid(
 
     client = client or SendGridAPIClient(settings.SENDGRID_API_KEY)
     mail = Mail(
-        from_email=Email(from_addr),
+        from_email=from_addr,
+        to_emails=to_addr,
         html_content=message,
         subject=subject,
     )
@@ -191,7 +191,7 @@ def _send_with_sendgrid(
     mail.add_personalization(personalization)
 
     if categories:
-        mail.add_category([Category(x) for x in categories])
+        mail.category = [Category(x) for x in categories]
 
     if attachment_name and attachment_content:
         attachment = Attachment(

osf/migrations/0026_institution_can_request_access.py

@@ -0,0 +1,18 @@
+# Generated by Django 4.2.15 on 2024-12-27 14:08
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('osf', '0025_noderequest_requested_permissions_and_more'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='institution',
+            name='can_request_access',
+            field=models.BooleanField(db_index=True, default=False),
+        ),
+    ]

osf/models/institution.py

@@ -103,6 +103,7 @@ class Institution(DirtyFieldsMixin, Loggable, ObjectIDMixin, BaseModel, Guardian
         related_name='institutions'
     )
 
+    can_request_access = models.BooleanField(default=False)
     is_deleted = models.BooleanField(default=False, db_index=True)
     deleted = NonNaiveDateTimeField(null=True, blank=True)
     deactivated = NonNaiveDateTimeField(null=True, blank=True)

osf/models/user.py

@@ -646,7 +646,7 @@ def osf_groups(self):
 
     def is_institutional_admin(self, institution):
         group_name = institution.format_group('institutional_admins')
-        return self.groups.filter(name=group_name).exists()
+        return self.groups.filter(name=group_name).exists() and institution.can_request_access
 
     def group_role(self, group):
         """

osf_tests/factories.py

@@ -257,10 +257,14 @@ class InstitutionFactory(DjangoModelFactory):
     email_domains = FakeList('domain_name', n=1)
     orcid_record_verified_source = ''
     delegation_protocol = ''
+    can_request_access = False
 
     class Meta:
         model = models.Institution
 
+    @classmethod
+    def _create(cls, *args, **kwargs):
+        return super()._create(*args, **kwargs)
 
 class NodeLicenseRecordFactory(DjangoModelFactory):
     year = factory.Faker('year')