-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Post PR updates #79
Post PR updates #79
Changes from 4 commits
942047c
6104485
de02838
082902b
6871553
ca7285d
5236671
13d513c
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -18,8 +18,6 @@ | |
from superset.utils.database import get_or_create_db | ||
|
||
from hq_superset.const import ( | ||
CAN_READ_PERMISSION, | ||
CAN_WRITE_PERMISSION, | ||
DOMAIN_PREFIX, | ||
GAMMA_ROLE_NAME, | ||
HQ_DATABASE_NAME, | ||
|
@@ -135,10 +133,7 @@ def sync_domain_role(self, domain): | |
The user gets assigned at least 3 roles in order to function on any domain: | ||
1. hq_user_role: gives access to superset platform | ||
2. domain_schema_role: restricts user access to specific domain schema | ||
3. domain_user_role: restricts access for particular user on domain in accordance with how the permissions | ||
are defined on CommCare HQ. | ||
|
||
Any additional roles defined on CommCare HQ will also be assigned to the user. | ||
3. Either the Gamma role for "edit" users or the READ_ONLY_ROLE_NAME for "view only" user | ||
""" | ||
hq_user_role = self._ensure_hq_user_role() | ||
domain_schema_role = self._create_domain_role(domain) | ||
|
@@ -202,19 +197,19 @@ def _ensure_domain_role_created(self, domain): | |
return self.sm.add_role(get_role_name_for_domain(domain)) | ||
|
||
def _get_additional_user_roles(self, domain): | ||
domain_permissions, roles_names = self._get_domain_access(domain) | ||
if self._user_has_no_access(domain_permissions): | ||
can_read, can_write, platform_roles_names = self._get_domain_access(domain) | ||
if not (can_read or can_write): | ||
return [] | ||
|
||
if domain_permissions[CAN_WRITE_PERMISSION]: | ||
if can_write: | ||
user_role = GAMMA_ROLE_NAME | ||
else: | ||
self._ensure_read_only_role_exists() | ||
user_role = READ_ONLY_ROLE_NAME | ||
|
||
roles_names.append(user_role) | ||
platform_roles_names.append(user_role) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'd suggest to avoid editing an mutable object. This can cause confusion since the original object is being edited here. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. ➕ 1️⃣ There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
||
|
||
return self._get_platform_roles(roles_names) | ||
return self._get_platform_roles(platform_roles_names) | ||
|
||
@staticmethod | ||
def _get_domain_access(domain): | ||
|
@@ -231,17 +226,7 @@ def _get_domain_access(domain): | |
hq_permissions = response_data['permissions'] | ||
roles = response_data['roles'] or [] | ||
|
||
# Map between HQ and CCA | ||
permissions = { | ||
CAN_WRITE_PERMISSION: hq_permissions["can_edit"], | ||
CAN_READ_PERMISSION: hq_permissions["can_view"], | ||
} | ||
return permissions, roles | ||
|
||
@staticmethod | ||
def _user_has_no_access(permissions: dict): | ||
user_has_access = any([permissions[p] for p in permissions]) | ||
return not user_has_access | ||
return hq_permissions["can_view"], hq_permissions["can_edit"], roles | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Previous There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. A test that returns a status code other than 200 would be cool, because it would have flagged the problem. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. oh, great catch @kaapstorm There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Will update! There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Nice! Thank you. |
||
|
||
def _get_platform_roles(self, roles_names): | ||
platform_roles = [] | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: what is an "edit" user? or "view only" user? in terms of CCA
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
13d513c