remove scopes

HewlettPackard · Sep 15, 2023 · 275a2df · 275a2df
1 parent a5bb85d
commit 275a2df
Show file tree

Hide file tree

Showing 7 changed files with 5 additions and 592 deletions.
diff --git a/profiles/models/quota.py b/profiles/models/quota.py
@@ -84,19 +84,19 @@ def get_q_filter(cls, user, perm):
             scope__rbac__role__permissions__codename=codename,
             scope__rbac__role__permissions__content_type__app_label=app_label
         ) | Q(
-            ### Scopes - Org - Default roles
+            ### Scope - Org - Default roles
             scope__rbac__user=user,
             scope__roles__permissions__codename=codename,
             scope__roles__permissions__content_type__app_label=app_label
         ) | Q(
-            ## Scopes - Team - User
+            ## Scope - Team - User
             scope__in=Team.objects.filter(
                 org__rbac__user=user,
                 org__rbac__role__permissions__codename=codename,
                 org__rbac__role__permissions__content_type__app_label=app_label
             )
         ) | Q(
-            ## Scopes - Team - Default roles
+            ## Scope - Team - Default roles
             scope__in=Team.objects.filter(
                 org__rbac__user=user,
                 org__roles__permissions__codename=codename,

diff --git a/service_catalog/filters/instance_filter.py b/service_catalog/filters/instance_filter.py
@@ -31,7 +31,7 @@ class Meta:
 
     state = MultipleChoiceFilter(choices=InstanceState.choices)
     quota_scope = MultipleChoiceFilter(
-        choices=AbstractScope.objects.exclude(id=GlobalPermission.load().id).values_list("id", "name"))
+        choices=AbstractScope.objects.filter(id__in=Scope.objects.values_list("id",flat=True)).values_list("id", "name"))
     service = MultipleChoiceFilter(choices=Service.objects.values_list("id", "name"))
     requester = MultipleChoiceFilter(choices=User.objects.values_list("id", "username"))
     no_requesters = BooleanFilter(method='no_requester', label="No requester", widget=CheckboxInput())

diff --git a/service_catalog/migrations/0014_auto_20230622_1722.py b/service_catalog/migrations/0014_auto_20230622_1722.py
@@ -76,12 +76,6 @@ class Migration(migrations.Migration):
             old_name='spoc',
             new_name='requester',
         ),
-        migrations.AddField(
-            model_name='instance',
-            name='scopes',
-            field=models.ManyToManyField(blank=True, related_name='instances', related_query_name='instance',
-                                         to='profiles.Scope')
-        ),
         migrations.RunPython(create_default_org),
         migrations.AddField(
             model_name='instance',

diff --git a/service_catalog/models/instance.py b/service_catalog/models/instance.py
@@ -38,12 +38,6 @@ class Meta:
     user_spec = JSONField(default=dict, blank=True, verbose_name="User spec")
     service = ForeignKey(Service, blank=True, null=True, on_delete=CASCADE)
     requester = ForeignKey(User, null=True, help_text='Initial requester', verbose_name="Requester", on_delete=PROTECT)
-    scopes = ManyToManyField(
-        Scope,
-        blank=True,
-        related_name='scope_instances',
-        related_query_name='scope_instance'
-    )
 
     quota_scope = ForeignKey(
         Scope,
@@ -86,10 +80,7 @@ def get_q_filter(cls, user, perm):
         )
 
     def get_scopes(self):
-        qs = self.quota_scope.get_scopes()
-        for scope in self.scopes.all():
-            qs = qs | scope.get_scopes()
-        return qs.distinct()
+        return self.quota_scope.get_scopes()
 
     def __str__(self):
         return f"{self.name} (#{self.id})"

diff --git a/tests/test_profiles/test_model/test_get_queryset_instance.py b/tests/test_profiles/test_model/test_get_queryset_instance.py
@@ -95,192 +95,6 @@ def test_get_queryset_globalpermission_perm_specific_user(self):
         self._assert_can_see_nothing(self.user1)
         self._assert_can_see_nothing(self.user2)
 
-    def test_get_queryset_instance_with_organization_role(self):
-        """
-        Test the organization's role
-        """
-        # No instances
-        self._assert_can_see_nothing(self.superuser)
-        self._assert_can_see_nothing(self.user1)
-        self._assert_can_see_nothing(self.user2)
-
-        # create a new instance
-        instance1 = Instance.objects.create(name="Instance #1", quota_scope=self.default_quota_scope)
-        self.assertTrue(instance1 in Instance.objects.all())
-        self.assertEqual(Instance.objects.count(), 1)
-
-        # Add org1 into instance1 scopes
-        org1 = Organization.objects.create(name="Organization #1")
-        instance1.scopes.add(org1)
-
-        # assign a view instance to user1
-        org1.add_user_in_role(self.user1, self.role_view_instance)
-
-        # everyone can see except user2
-        self._assert_can_see_everything(self.superuser)
-        self._assert_can_see_everything(self.user1)
-        self._assert_can_see_nothing(self.user2)
-
-        # unassign view instance role to user1
-        org1.remove_user_in_role(self.user1, self.role_view_instance)
-
-        # only super can see
-        self._assert_can_see_everything(self.superuser)
-        self._assert_can_see_nothing(self.user1)
-        self._assert_can_see_nothing(self.user2)
-
-    def test_get_queryset_instance_with_organization_default_role(self):
-        """
-        Test the organization default role
-        """
-        # No instances
-        self._assert_can_see_nothing(self.superuser)
-        self._assert_can_see_nothing(self.user1)
-        self._assert_can_see_nothing(self.user2)
-        self._assert_can_see_nothing(self.user3)
-
-        # create a new instance
-        instance1 = Instance.objects.create(name="Instance #1", quota_scope=self.default_quota_scope)
-        self.assertTrue(instance1 in Instance.objects.all())
-        self.assertEqual(Instance.objects.count(), 1)
-
-        # Add org1 into instance1 scopes
-        org1 = Organization.objects.create(name="Organization #1")
-        instance1.scopes.add(org1)
-
-        # Add view instance to all organization's user
-        org1.roles.add(self.role_view_instance)
-
-        # No user in org1 so only superuser can see
-        self._assert_can_see_everything(self.superuser)
-        self._assert_can_see_nothing(self.user1)
-        self._assert_can_see_nothing(self.user2)
-        self._assert_can_see_nothing(self.user3)
-
-        # assign an empty role to user1 and user2
-        org1.add_user_in_role(self.user1, self.empty_role)
-        org1.add_user_in_role(self.user2, self.empty_role)
-
-        # everyone can see except user3
-        self._assert_can_see_everything(self.superuser)
-        self._assert_can_see_everything(self.user1)
-        self._assert_can_see_everything(self.user2)
-        self._assert_can_see_nothing(self.user3)
-
-        # remove user2 from org
-        org1.remove_user_in_role(self.user2, self.empty_role)
-
-        # user1 is still in organization
-        self._assert_can_see_everything(self.superuser)
-        self._assert_can_see_everything(self.user1)
-        self._assert_can_see_nothing(self.user2)
-        self._assert_can_see_nothing(self.user3)
-
-        # Remove view instance to all organization's user
-        org1.roles.remove(self.role_view_instance)
-
-        # only super can see
-        self._assert_can_see_everything(self.superuser)
-        self._assert_can_see_nothing(self.user1)
-        self._assert_can_see_nothing(self.user2)
-        self._assert_can_see_nothing(self.user3)
-
-    def test_get_queryset_instance_on_team_instance_with_organization_role(self):
-        """
-        Test organization's role for Team instances
-        """
-        # No instances
-        self._assert_can_see_nothing(self.superuser)
-        self._assert_can_see_nothing(self.user1)
-        self._assert_can_see_nothing(self.user2)
-
-        # create a new instance
-        instance1 = Instance.objects.create(name="Instance #1", quota_scope=self.default_quota_scope)
-        self.assertTrue(instance1 in Instance.objects.all())
-        self.assertEqual(Instance.objects.count(), 1)
-
-        # Add org1 into instance1 scopes
-        org1 = Organization.objects.create(name="Organization #1")
-        team1 = Team.objects.create(name="Team #1", org=org1)
-        instance1.scopes.add(team1)
-
-        # No user in org1 so only superuser can see
-        self._assert_can_see_everything(self.superuser)
-        self._assert_can_see_nothing(self.user1)
-        self._assert_can_see_nothing(self.user2)
-
-        # assign role_view_instance to user1
-        org1.add_user_in_role(self.user1, self.role_view_instance)
-
-        # user1 can see
-        self._assert_can_see_everything(self.superuser)
-        self._assert_can_see_everything(self.user1)
-        self._assert_can_see_nothing(self.user2)
-
-        # Remove view instance to user1
-        org1.remove_user_in_role(self.user1, self.role_view_instance)
-
-        # only super can see
-        self._assert_can_see_everything(self.superuser)
-        self._assert_can_see_nothing(self.user1)
-        self._assert_can_see_nothing(self.user2)
-
-    def test_get_queryset_instance_on_team_instance_with_organization_default_role(self):
-        """
-        Test organization's default role for Team instances
-        """
-        # No instances
-        self._assert_can_see_nothing(self.superuser)
-        self._assert_can_see_nothing(self.user1)
-        self._assert_can_see_nothing(self.user2)
-        self._assert_can_see_nothing(self.user3)
-
-        # create a new instance
-        instance1 = Instance.objects.create(name="Instance #1", quota_scope=self.default_quota_scope)
-        self.assertTrue(instance1 in Instance.objects.all())
-        self.assertEqual(Instance.objects.count(), 1)
-
-        # Add org1 into instance1 scopes
-        org1 = Organization.objects.create(name="Organization #1")
-        team1 = Team.objects.create(name="Team #1", org=org1)
-        instance1.scopes.add(team1)
-
-        # Add view instance to all organization's user
-        org1.roles.add(self.role_view_instance)
-
-        # No user in org1 so only superuser can see
-        self._assert_can_see_everything(self.superuser)
-        self._assert_can_see_nothing(self.user1)
-        self._assert_can_see_nothing(self.user2)
-        self._assert_can_see_nothing(self.user3)
-
-        # assign an empty role to user1 and user2
-        org1.add_user_in_role(self.user1, self.empty_role)
-        org1.add_user_in_role(self.user2, self.empty_role)
-
-        # everyone can see except user3
-        self._assert_can_see_everything(self.superuser)
-        self._assert_can_see_everything(self.user1)
-        self._assert_can_see_everything(self.user2)
-        self._assert_can_see_nothing(self.user3)
-
-        # remove user2 from org
-        org1.remove_user_in_role(self.user2, self.empty_role)
-
-        # user1 is still in organization
-        self._assert_can_see_everything(self.superuser)
-        self._assert_can_see_everything(self.user1)
-        self._assert_can_see_nothing(self.user2)
-        self._assert_can_see_nothing(self.user3)
-
-        # Remove view instance to all organization's user
-        org1.roles.remove(self.role_view_instance)
-
-        # only super can see
-        self._assert_can_see_everything(self.superuser)
-        self._assert_can_see_nothing(self.user1)
-        self._assert_can_see_nothing(self.user2)
-        self._assert_can_see_nothing(self.user3)
 
     ####################
     def test_get_queryset_instance_with_organization_role_with_quota_scope(self):