From 9b016fe5fd1c164869ba0ff3ee79bd6099d4553b Mon Sep 17 00:00:00 2001 From: Anthony Belhadj Date: Fri, 15 Sep 2023 12:02:37 +0200 Subject: [PATCH] remove scopes --- profiles/models/quota.py | 6 +- service_catalog/filters/instance_filter.py | 2 +- .../migrations/0014_auto_20230622_1722.py | 12 -- service_catalog/models/instance.py | 11 +- .../test_model/test_get_queryset_instance.py | 186 ----------------- .../test_model/test_get_queryset_request.py | 191 ----------------- .../test_model/test_get_queryset_support.py | 195 ------------------ 7 files changed, 5 insertions(+), 598 deletions(-) diff --git a/profiles/models/quota.py b/profiles/models/quota.py index 726dd064a..bced00680 100644 --- a/profiles/models/quota.py +++ b/profiles/models/quota.py @@ -84,19 +84,19 @@ def get_q_filter(cls, user, perm): scope__rbac__role__permissions__codename=codename, scope__rbac__role__permissions__content_type__app_label=app_label ) | Q( - ### Scopes - Org - Default roles + ### Scope - Org - Default roles scope__rbac__user=user, scope__roles__permissions__codename=codename, scope__roles__permissions__content_type__app_label=app_label ) | Q( - ## Scopes - Team - User + ## Scope - Team - User scope__in=Team.objects.filter( org__rbac__user=user, org__rbac__role__permissions__codename=codename, org__rbac__role__permissions__content_type__app_label=app_label ) ) | Q( - ## Scopes - Team - Default roles + ## Scope - Team - Default roles scope__in=Team.objects.filter( org__rbac__user=user, org__roles__permissions__codename=codename, diff --git a/service_catalog/filters/instance_filter.py b/service_catalog/filters/instance_filter.py index 7cf4c6456..581ec6456 100644 --- a/service_catalog/filters/instance_filter.py +++ b/service_catalog/filters/instance_filter.py @@ -31,7 +31,7 @@ class Meta: state = MultipleChoiceFilter(choices=InstanceState.choices) quota_scope = MultipleChoiceFilter( - choices=AbstractScope.objects.exclude(id=GlobalPermission.load().id).values_list("id", "name")) + choices=AbstractScope.objects.filter(id__in=Scope.objects.values_list("id",flat=True)).values_list("id", "name")) service = MultipleChoiceFilter(choices=Service.objects.values_list("id", "name")) requester = MultipleChoiceFilter(choices=User.objects.values_list("id", "username")) no_requesters = BooleanFilter(method='no_requester', label="No requester", widget=CheckboxInput()) diff --git a/service_catalog/migrations/0014_auto_20230622_1722.py b/service_catalog/migrations/0014_auto_20230622_1722.py index e58b3e32c..e121472a0 100644 --- a/service_catalog/migrations/0014_auto_20230622_1722.py +++ b/service_catalog/migrations/0014_auto_20230622_1722.py @@ -76,12 +76,6 @@ class Migration(migrations.Migration): old_name='spoc', new_name='requester', ), - migrations.AddField( - model_name='instance', - name='scopes', - field=models.ManyToManyField(blank=True, related_name='instances', related_query_name='instance', - to='profiles.Scope') - ), migrations.RunPython(create_default_org), migrations.AddField( model_name='instance', @@ -91,12 +85,6 @@ class Migration(migrations.Migration): related_query_name='quota_instance', to='profiles.scope'), ), migrations.RunPython(assign_default_to_instances), - migrations.AlterField( - model_name='instance', - name='scopes', - field=models.ManyToManyField(blank=True, related_name='scope_instances', - related_query_name='scope_instance', to='profiles.Scope'), - ), migrations.RunPython(billing_group_to_org), migrations.AlterField( model_name='instance', diff --git a/service_catalog/models/instance.py b/service_catalog/models/instance.py index 95022a18c..0ba145ab9 100644 --- a/service_catalog/models/instance.py +++ b/service_catalog/models/instance.py @@ -38,12 +38,6 @@ class Meta: user_spec = JSONField(default=dict, blank=True, verbose_name="User spec") service = ForeignKey(Service, blank=True, null=True, on_delete=CASCADE) requester = ForeignKey(User, null=True, help_text='Initial requester', verbose_name="Requester", on_delete=PROTECT) - scopes = ManyToManyField( - Scope, - blank=True, - related_name='scope_instances', - related_query_name='scope_instance' - ) quota_scope = ForeignKey( Scope, @@ -86,10 +80,7 @@ def get_q_filter(cls, user, perm): ) def get_scopes(self): - qs = self.quota_scope.get_scopes() - for scope in self.scopes.all(): - qs = qs | scope.get_scopes() - return qs.distinct() + return self.quota_scope.get_scopes() def __str__(self): return f"{self.name} (#{self.id})" diff --git a/tests/test_profiles/test_model/test_get_queryset_instance.py b/tests/test_profiles/test_model/test_get_queryset_instance.py index ae560aef7..b31889dae 100644 --- a/tests/test_profiles/test_model/test_get_queryset_instance.py +++ b/tests/test_profiles/test_model/test_get_queryset_instance.py @@ -95,192 +95,6 @@ def test_get_queryset_globalpermission_perm_specific_user(self): self._assert_can_see_nothing(self.user1) self._assert_can_see_nothing(self.user2) - def test_get_queryset_instance_with_organization_role(self): - """ - Test the organization's role - """ - # No instances - self._assert_can_see_nothing(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - - # create a new instance - instance1 = Instance.objects.create(name="Instance #1", quota_scope=self.default_quota_scope) - self.assertTrue(instance1 in Instance.objects.all()) - self.assertEqual(Instance.objects.count(), 1) - - # Add org1 into instance1 scopes - org1 = Organization.objects.create(name="Organization #1") - instance1.scopes.add(org1) - - # assign a view instance to user1 - org1.add_user_in_role(self.user1, self.role_view_instance) - - # everyone can see except user2 - self._assert_can_see_everything(self.superuser) - self._assert_can_see_everything(self.user1) - self._assert_can_see_nothing(self.user2) - - # unassign view instance role to user1 - org1.remove_user_in_role(self.user1, self.role_view_instance) - - # only super can see - self._assert_can_see_everything(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - - def test_get_queryset_instance_with_organization_default_role(self): - """ - Test the organization default role - """ - # No instances - self._assert_can_see_nothing(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - self._assert_can_see_nothing(self.user3) - - # create a new instance - instance1 = Instance.objects.create(name="Instance #1", quota_scope=self.default_quota_scope) - self.assertTrue(instance1 in Instance.objects.all()) - self.assertEqual(Instance.objects.count(), 1) - - # Add org1 into instance1 scopes - org1 = Organization.objects.create(name="Organization #1") - instance1.scopes.add(org1) - - # Add view instance to all organization's user - org1.roles.add(self.role_view_instance) - - # No user in org1 so only superuser can see - self._assert_can_see_everything(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - self._assert_can_see_nothing(self.user3) - - # assign an empty role to user1 and user2 - org1.add_user_in_role(self.user1, self.empty_role) - org1.add_user_in_role(self.user2, self.empty_role) - - # everyone can see except user3 - self._assert_can_see_everything(self.superuser) - self._assert_can_see_everything(self.user1) - self._assert_can_see_everything(self.user2) - self._assert_can_see_nothing(self.user3) - - # remove user2 from org - org1.remove_user_in_role(self.user2, self.empty_role) - - # user1 is still in organization - self._assert_can_see_everything(self.superuser) - self._assert_can_see_everything(self.user1) - self._assert_can_see_nothing(self.user2) - self._assert_can_see_nothing(self.user3) - - # Remove view instance to all organization's user - org1.roles.remove(self.role_view_instance) - - # only super can see - self._assert_can_see_everything(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - self._assert_can_see_nothing(self.user3) - - def test_get_queryset_instance_on_team_instance_with_organization_role(self): - """ - Test organization's role for Team instances - """ - # No instances - self._assert_can_see_nothing(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - - # create a new instance - instance1 = Instance.objects.create(name="Instance #1", quota_scope=self.default_quota_scope) - self.assertTrue(instance1 in Instance.objects.all()) - self.assertEqual(Instance.objects.count(), 1) - - # Add org1 into instance1 scopes - org1 = Organization.objects.create(name="Organization #1") - team1 = Team.objects.create(name="Team #1", org=org1) - instance1.scopes.add(team1) - - # No user in org1 so only superuser can see - self._assert_can_see_everything(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - - # assign role_view_instance to user1 - org1.add_user_in_role(self.user1, self.role_view_instance) - - # user1 can see - self._assert_can_see_everything(self.superuser) - self._assert_can_see_everything(self.user1) - self._assert_can_see_nothing(self.user2) - - # Remove view instance to user1 - org1.remove_user_in_role(self.user1, self.role_view_instance) - - # only super can see - self._assert_can_see_everything(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - - def test_get_queryset_instance_on_team_instance_with_organization_default_role(self): - """ - Test organization's default role for Team instances - """ - # No instances - self._assert_can_see_nothing(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - self._assert_can_see_nothing(self.user3) - - # create a new instance - instance1 = Instance.objects.create(name="Instance #1", quota_scope=self.default_quota_scope) - self.assertTrue(instance1 in Instance.objects.all()) - self.assertEqual(Instance.objects.count(), 1) - - # Add org1 into instance1 scopes - org1 = Organization.objects.create(name="Organization #1") - team1 = Team.objects.create(name="Team #1", org=org1) - instance1.scopes.add(team1) - - # Add view instance to all organization's user - org1.roles.add(self.role_view_instance) - - # No user in org1 so only superuser can see - self._assert_can_see_everything(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - self._assert_can_see_nothing(self.user3) - - # assign an empty role to user1 and user2 - org1.add_user_in_role(self.user1, self.empty_role) - org1.add_user_in_role(self.user2, self.empty_role) - - # everyone can see except user3 - self._assert_can_see_everything(self.superuser) - self._assert_can_see_everything(self.user1) - self._assert_can_see_everything(self.user2) - self._assert_can_see_nothing(self.user3) - - # remove user2 from org - org1.remove_user_in_role(self.user2, self.empty_role) - - # user1 is still in organization - self._assert_can_see_everything(self.superuser) - self._assert_can_see_everything(self.user1) - self._assert_can_see_nothing(self.user2) - self._assert_can_see_nothing(self.user3) - - # Remove view instance to all organization's user - org1.roles.remove(self.role_view_instance) - - # only super can see - self._assert_can_see_everything(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - self._assert_can_see_nothing(self.user3) #################### def test_get_queryset_instance_with_organization_role_with_quota_scope(self): diff --git a/tests/test_profiles/test_model/test_get_queryset_request.py b/tests/test_profiles/test_model/test_get_queryset_request.py index aabc8c4d6..01f334dbe 100644 --- a/tests/test_profiles/test_model/test_get_queryset_request.py +++ b/tests/test_profiles/test_model/test_get_queryset_request.py @@ -112,197 +112,6 @@ def test_get_queryset_globalpermission_perm_specific_user(self): self._assert_can_see_nothing(self.user1) self._assert_can_see_nothing(self.user2) - def test_get_queryset_instance_with_organization_role(self): - """ - Test the organization's role - """ - # No instances - self._assert_can_see_nothing(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - - # create a new request - instance1 = Instance.objects.create(name="Instance #1", quota_scope=self.default_quota_scope) - request1 = Request.objects.create(instance=instance1, operation=self.operation) - self.assertTrue(request1 in Request.objects.all()) - self.assertEqual(Request.objects.count(), 1) - - # Add org1 into instance1 scopes - org1 = Organization.objects.create(name="Organization #1") - instance1.scopes.add(org1) - - # assign a view instance to user1 - org1.add_user_in_role(self.user1, self.role_view_instance) - - # everyone can see except user2 - self._assert_can_see_everything(self.superuser) - self._assert_can_see_everything(self.user1) - self._assert_can_see_nothing(self.user2) - - # unassign view instance role to user1 - org1.remove_user_in_role(self.user1, self.role_view_instance) - - # only super can see - self._assert_can_see_everything(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - - def test_get_queryset_instance_with_organization_default_role(self): - """ - Test the organization default role - """ - # No instances - self._assert_can_see_nothing(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - self._assert_can_see_nothing(self.user3) - - # create a new request - instance1 = Instance.objects.create(name="Instance #1", quota_scope=self.default_quota_scope) - request1 = Request.objects.create(instance=instance1, operation=self.operation) - self.assertTrue(request1 in Request.objects.all()) - self.assertEqual(Request.objects.count(), 1) - - # Add org1 into instance1 scopes - org1 = Organization.objects.create(name="Organization #1") - instance1.scopes.add(org1) - - # Add view instance to all organization's user - org1.roles.add(self.role_view_instance) - - # No user in org1 so only superuser can see - self._assert_can_see_everything(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - self._assert_can_see_nothing(self.user3) - - # assign an empty role to user1 and user2 - org1.add_user_in_role(self.user1, self.empty_role) - org1.add_user_in_role(self.user2, self.empty_role) - - # everyone can see except user3 - self._assert_can_see_everything(self.superuser) - self._assert_can_see_everything(self.user1) - self._assert_can_see_everything(self.user2) - self._assert_can_see_nothing(self.user3) - - # remove user2 from org - org1.remove_user_in_role(self.user2, self.empty_role) - - # user1 is still in organization - self._assert_can_see_everything(self.superuser) - self._assert_can_see_everything(self.user1) - self._assert_can_see_nothing(self.user2) - self._assert_can_see_nothing(self.user3) - - # Remove view instance to all organization's user - org1.roles.remove(self.role_view_instance) - - # only super can see - self._assert_can_see_everything(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - self._assert_can_see_nothing(self.user3) - - def test_get_queryset_instance_on_team_instance_with_organization_role(self): - """ - Test organization's role for Team instances - """ - # No instances - self._assert_can_see_nothing(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - - # create a new request - instance1 = Instance.objects.create(name="Instance #1", quota_scope=self.default_quota_scope) - request1 = Request.objects.create(instance=instance1, operation=self.operation) - self.assertTrue(request1 in Request.objects.all()) - self.assertEqual(Request.objects.count(), 1) - - # Add org1 into instance1 scopes - org1 = Organization.objects.create(name="Organization #1") - team1 = Team.objects.create(name="Team #1", org=org1) - instance1.scopes.add(team1) - - # No user in org1 so only superuser can see - self._assert_can_see_everything(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - - # assign role_view_instance to user1 - org1.add_user_in_role(self.user1, self.role_view_instance) - - # user1 can see - self._assert_can_see_everything(self.superuser) - self._assert_can_see_everything(self.user1) - self._assert_can_see_nothing(self.user2) - - # Remove view instance to user1 - org1.remove_user_in_role(self.user1, self.role_view_instance) - - # only super can see - self._assert_can_see_everything(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - - def test_get_queryset_instance_on_team_instance_with_organization_default_role(self): - """ - Test organization's default role for Team instances - """ - # No instances - self._assert_can_see_nothing(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - self._assert_can_see_nothing(self.user3) - - # create a new request - instance1 = Instance.objects.create(name="Instance #1", quota_scope=self.default_quota_scope) - request1 = Request.objects.create(instance=instance1, operation=self.operation) - self.assertTrue(request1 in Request.objects.all()) - self.assertEqual(Request.objects.count(), 1) - - # Add org1 into instance1 scopes - org1 = Organization.objects.create(name="Organization #1") - team1 = Team.objects.create(name="Team #1", org=org1) - instance1.scopes.add(team1) - - # Add view instance to all organization's user - org1.roles.add(self.role_view_instance) - - # No user in org1 so only superuser can see - self._assert_can_see_everything(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - self._assert_can_see_nothing(self.user3) - - # assign an empty role to user1 and user2 - org1.add_user_in_role(self.user1, self.empty_role) - org1.add_user_in_role(self.user2, self.empty_role) - - # everyone can see except user3 - self._assert_can_see_everything(self.superuser) - self._assert_can_see_everything(self.user1) - self._assert_can_see_everything(self.user2) - self._assert_can_see_nothing(self.user3) - - # remove user2 from org - org1.remove_user_in_role(self.user2, self.empty_role) - - # user1 is still in organization - self._assert_can_see_everything(self.superuser) - self._assert_can_see_everything(self.user1) - self._assert_can_see_nothing(self.user2) - self._assert_can_see_nothing(self.user3) - - # Remove view instance to all organization's user - org1.roles.remove(self.role_view_instance) - - # only super can see - self._assert_can_see_everything(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - self._assert_can_see_nothing(self.user3) - #################### def test_get_queryset_instance_with_organization_role_with_quota_scope(self): """ diff --git a/tests/test_profiles/test_model/test_get_queryset_support.py b/tests/test_profiles/test_model/test_get_queryset_support.py index b115238e4..e928e50f3 100644 --- a/tests/test_profiles/test_model/test_get_queryset_support.py +++ b/tests/test_profiles/test_model/test_get_queryset_support.py @@ -9,7 +9,6 @@ class TestModelScopeGetQuerysetSupport(TransactionTestUtils): - def setUp(self): super(TestModelScopeGetQuerysetSupport, self).setUp() @@ -98,197 +97,6 @@ def test_get_queryset_globalpermission_perm_specific_user(self): self._assert_can_see_nothing(self.user1) self._assert_can_see_nothing(self.user2) - def test_get_queryset_instance_with_organization_role(self): - """ - Test the organization's role - """ - # No instances - self._assert_can_see_nothing(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - - # create a new request - instance1 = Instance.objects.create(name="Instance #1", quota_scope=self.default_quota_scope) - request1 = Support.objects.create(instance=instance1) - self.assertTrue(request1 in Support.objects.all()) - self.assertEqual(Support.objects.count(), 1) - - # Add org1 into instance1 scopes - org1 = Organization.objects.create(name="Organization #1") - instance1.scopes.add(org1) - - # assign a view instance to user1 - org1.add_user_in_role(self.user1, self.role_view_instance) - - # everyone can see except user2 - self._assert_can_see_everything(self.superuser) - self._assert_can_see_everything(self.user1) - self._assert_can_see_nothing(self.user2) - - # unassign view instance role to user1 - org1.remove_user_in_role(self.user1, self.role_view_instance) - - # only super can see - self._assert_can_see_everything(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - - def test_get_queryset_instance_with_organization_default_role(self): - """ - Test the organization default role - """ - # No instances - self._assert_can_see_nothing(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - self._assert_can_see_nothing(self.user3) - - # create a new request - instance1 = Instance.objects.create(name="Instance #1", quota_scope=self.default_quota_scope) - request1 = Support.objects.create(instance=instance1) - self.assertTrue(request1 in Support.objects.all()) - self.assertEqual(Support.objects.count(), 1) - - # Add org1 into instance1 scopes - org1 = Organization.objects.create(name="Organization #1") - instance1.scopes.add(org1) - - # Add view instance to all organization's user - org1.roles.add(self.role_view_instance) - - # No user in org1 so only superuser can see - self._assert_can_see_everything(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - self._assert_can_see_nothing(self.user3) - - # assign an empty role to user1 and user2 - org1.add_user_in_role(self.user1, self.empty_role) - org1.add_user_in_role(self.user2, self.empty_role) - - # everyone can see except user3 - self._assert_can_see_everything(self.superuser) - self._assert_can_see_everything(self.user1) - self._assert_can_see_everything(self.user2) - self._assert_can_see_nothing(self.user3) - - # remove user2 from org - org1.remove_user_in_role(self.user2, self.empty_role) - - # user1 is still in organization - self._assert_can_see_everything(self.superuser) - self._assert_can_see_everything(self.user1) - self._assert_can_see_nothing(self.user2) - self._assert_can_see_nothing(self.user3) - - # Remove view instance to all organization's user - org1.roles.remove(self.role_view_instance) - - # only super can see - self._assert_can_see_everything(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - self._assert_can_see_nothing(self.user3) - - def test_get_queryset_instance_on_team_instance_with_organization_role(self): - """ - Test organization's role for Team instances - """ - # No instances - self._assert_can_see_nothing(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - - # create a new request - instance1 = Instance.objects.create(name="Instance #1", quota_scope=self.default_quota_scope) - request1 = Support.objects.create(instance=instance1) - self.assertTrue(request1 in Support.objects.all()) - self.assertEqual(Support.objects.count(), 1) - - # Add org1 into instance1 scopes - org1 = Organization.objects.create(name="Organization #1") - team1 = Team.objects.create(name="Team #1", org=org1) - instance1.scopes.add(team1) - - # No user in org1 so only superuser can see - self._assert_can_see_everything(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - - # assign role_view_instance to user1 - org1.add_user_in_role(self.user1, self.role_view_instance) - - # user1 can see - self._assert_can_see_everything(self.superuser) - self._assert_can_see_everything(self.user1) - self._assert_can_see_nothing(self.user2) - - # Remove view instance to user1 - org1.remove_user_in_role(self.user1, self.role_view_instance) - - # only super can see - self._assert_can_see_everything(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - - def test_get_queryset_instance_on_team_instance_with_organization_default_role(self): - """ - Test organization's default role for Team instances - """ - # No instances - self._assert_can_see_nothing(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - self._assert_can_see_nothing(self.user3) - - # create a new request - instance1 = Instance.objects.create(name="Instance #1", quota_scope=self.default_quota_scope) - request1 = Support.objects.create(instance=instance1) - self.assertTrue(request1 in Support.objects.all()) - self.assertEqual(Support.objects.count(), 1) - - # Add org1 into instance1 scopes - org1 = Organization.objects.create(name="Organization #1") - team1 = Team.objects.create(name="Team #1", org=org1) - instance1.scopes.add(team1) - - # Add view instance to all organization's user - org1.roles.add(self.role_view_instance) - - # No user in org1 so only superuser can see - self._assert_can_see_everything(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - self._assert_can_see_nothing(self.user3) - - # assign an empty role to user1 and user2 - org1.add_user_in_role(self.user1, self.empty_role) - org1.add_user_in_role(self.user2, self.empty_role) - - # everyone can see except user3 - self._assert_can_see_everything(self.superuser) - self._assert_can_see_everything(self.user1) - self._assert_can_see_everything(self.user2) - self._assert_can_see_nothing(self.user3) - - # remove user2 from org - org1.remove_user_in_role(self.user2, self.empty_role) - - # user1 is still in organization - self._assert_can_see_everything(self.superuser) - self._assert_can_see_everything(self.user1) - self._assert_can_see_nothing(self.user2) - self._assert_can_see_nothing(self.user3) - - # Remove view instance to all organization's user - org1.roles.remove(self.role_view_instance) - - # only super can see - self._assert_can_see_everything(self.superuser) - self._assert_can_see_nothing(self.user1) - self._assert_can_see_nothing(self.user2) - self._assert_can_see_nothing(self.user3) - #################### def test_get_queryset_instance_with_organization_role_with_quota_scope(self): """ @@ -389,8 +197,6 @@ def test_get_queryset_instance_on_team_instance_with_organization_role_with_quot self._assert_can_see_nothing(self.user1) self._assert_can_see_nothing(self.user2) - - # Create org1 and team1 org1 = Organization.objects.create(name="Organization #1") team1 = Team.objects.create(name="Team #1", org=org1) @@ -401,7 +207,6 @@ def test_get_queryset_instance_on_team_instance_with_organization_role_with_quot self.assertTrue(request1 in Support.objects.all()) self.assertEqual(Support.objects.count(), 1) - # No user in org1 so only superuser can see self._assert_can_see_everything(self.superuser) self._assert_can_see_nothing(self.user1)