Roles API and UI

Author: margaretmeehan

app/api/admin.py

@@ -1,6 +1,7 @@
 from django.contrib import admin
 
 from .models import Label, Document, Project
+from .models import Role, RoleMapping
 from .models import DocumentAnnotation, SequenceAnnotation, Seq2seqAnnotation
 from .models import TextClassificationProject, SequenceLabelingProject, Seq2seqProject
 
@@ -41,6 +42,18 @@ class Seq2seqAnnotationAdmin(admin.ModelAdmin):
     search_fields = ('document',)
 
 
+class RoleAdmin(admin.ModelAdmin):
+    list_display = ('name', 'description')
+    ordering = ('name',)
+    search_fields = ('name',)
+
+
+class RoleMappingAdmin(admin.ModelAdmin):
+    list_display = ('user', 'role', 'project', )
+    ordering = ('user',)
+    search_fields = ('user',)
+
+
 admin.site.register(DocumentAnnotation, DocumentAnnotationAdmin)
 admin.site.register(SequenceAnnotation, SequenceAnnotationAdmin)
 admin.site.register(Seq2seqAnnotation, Seq2seqAnnotationAdmin)
@@ -50,3 +63,5 @@ class Seq2seqAnnotationAdmin(admin.ModelAdmin):
 admin.site.register(TextClassificationProject, ProjectAdmin)
 admin.site.register(SequenceLabelingProject, ProjectAdmin)
 admin.site.register(Seq2seqProject, ProjectAdmin)
+admin.site.register(Role, RoleAdmin)
+admin.site.register(RoleMapping, RoleMappingAdmin)

app/api/serializers.py

@@ -4,7 +4,7 @@
 from rest_framework.exceptions import ValidationError
 
 
-from .models import Label, Project, Document
+from .models import Label, Project, Document, RoleMapping, Role
 from .models import TextClassificationProject, SequenceLabelingProject, Seq2seqProject
 from .models import DocumentAnnotation, SequenceAnnotation, Seq2seqAnnotation
 
@@ -161,3 +161,28 @@ class Meta:
         model = Seq2seqAnnotation
         fields = ('id', 'text', 'user', 'document', 'prob')
         read_only_fields = ('user',)
+
+
+class RoleSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Role
+        fields = ('id', 'name')
+
+
+class RoleMappingSerializer(serializers.ModelSerializer):
+    username = serializers.SerializerMethodField()
+    rolename = serializers.SerializerMethodField()
+
+    @classmethod
+    def get_username(cls, instance):
+        user = instance.user
+        return user.username if user else None
+
+    @classmethod
+    def get_rolename(cls, instance):
+        role = instance.role
+        return role.name if role else None
+
+    class Meta:
+        model = RoleMapping
+        fields = ('id', 'user', 'role', 'username', 'rolename')

app/api/tests/test_api.py

@@ -1293,3 +1293,192 @@ def test_returns_label_count(self):
         response = self.client.get(self.url, format='json')
         self.assertIn('user', response.data)
         self.assertIsInstance(response.data['user'], dict)
+
+
+class TestUserAPI(APITestCase):
+
+    @classmethod
+    def setUpTestData(cls):
+        cls.super_user_name = 'super_user_name'
+        cls.super_user_pass = 'super_user_pass'
+        User.objects.create_superuser(username=cls.super_user_name,
+                                      password=cls.super_user_pass,
+                                      email='[email protected]')
+        cls.url = reverse(viewname='user_list')
+
+    def test_returns_user_count(self):
+        self.client.login(username=self.super_user_name,
+                          password=self.super_user_pass)
+        response = self.client.get(self.url, format='json')
+        self.assertEqual(1, len(response.data))
+
+
+class TestRoleAPI(APITestCase):
+
+    @classmethod
+    def setUpTestData(cls):
+        cls.user_name = 'user_name'
+        cls.user_pass = 'user_pass'
+        cls.project_admin_name = 'project_admin_name'
+        cls.project_admin_pass = 'project_admin_pass'
+        cls.user = User.objects.create_user(username=cls.user_name,
+                                            password=cls.user_pass)
+        project_admin = User.objects.create_superuser(username=cls.project_admin_name,
+                                                      password=cls.project_admin_pass,
+                                                      email='[email protected]')
+        cls.url = reverse(viewname='roles')
+
+    def test_cannot_create_multiple_roles_with_same_name(self):
+        self.client.login(username=self.project_admin_name,
+                          password=self.project_admin_pass)
+        roles = [
+            {'name': 'examplerole', 'description': 'example'},
+            {'name': 'examplerole', 'description': 'example'}
+        ]
+        self.client.post(self.url, format='json', data=roles[0])
+        second_response = self.client.post(self.url, format='json', data=roles[1])
+        self.assertEqual(second_response.status_code, status.HTTP_400_BAD_REQUEST)
+
+    def test_nonadmin_cannot_create_role(self):
+        self.client.login(username=self.user_name,
+                          password=self.user_pass)
+        data = {'name': 'testrole', 'description': 'example'}
+        response = self.client.post(self.url, format='json', data=data)
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+    def test_admin_can_create_role(self):
+        self.client.login(username=self.project_admin_name,
+                          password=self.project_admin_pass)
+        data = {'name': 'testrole', 'description': 'example'}
+        response = self.client.post(self.url, format='json', data=data)
+        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
+
+    def test_admin_can_get_roles(self):
+        self.client.login(username=self.project_admin_name,
+                          password=self.project_admin_pass)
+        response = self.client.get(self.url, format='json')
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+
+
+class TestRoleMappingListAPI(APITestCase):
+
+    @classmethod
+    def setUpTestData(cls):
+        cls.project_member_name = 'project_member_name'
+        cls.project_member_pass = 'project_member_pass'
+        cls.second_project_member_name = 'second_project_member_name'
+        cls.second_project_member_pass = 'second_project_member_pass'
+        cls.project_admin_name = 'project_admin_name'
+        cls.project_admin_pass = 'project_admin_pass'
+        project_member = User.objects.create_user(username=cls.project_member_name,
+                                                      password=cls.project_member_pass)
+        cls.second_project_member = User.objects.create_user(username=cls.second_project_member_name,
+                                                      password=cls.second_project_member_pass)
+        project_admin = User.objects.create_superuser(username=cls.project_admin_name,
+                                                   password=cls.project_admin_pass,
+                                                   email='[email protected]')
+        cls.main_project = mommy.make('Project', users=[project_member, project_admin, cls.second_project_member])
+        cls.other_project = mommy.make('Project', users=[cls.second_project_member, project_admin])
+
+        cls.role = mommy.make('Role', name=settings.ROLE_PROJECT_ADMIN)
+        rolemapping = mommy.make('RoleMapping', role=cls.role, project=cls.main_project, user=project_admin)
+        cls.data = {'user': project_member.id, 'role': cls.role.id, 'project': cls.main_project.id}
+        cls.other_url = reverse(viewname='rolemapping_list', args=[cls.other_project.id])
+        cls.url = reverse(viewname='rolemapping_list', args=[cls.main_project.id])
+
+    def test_returns_mappings_to_project_admin(self):
+        self.client.login(username=self.project_admin_name,
+                          password=self.project_admin_pass)
+        response = self.client.get(self.url, format='json')
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+
+    def test_allows_superuser_to_create_mapping(self):
+        self.client.login(username=self.project_admin_name,
+                          password=self.project_admin_pass)
+        response = self.client.post(self.url, format='json', data=self.data)
+        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
+
+    def test_do_not_allow_nonadmin_to_create_mapping(self):
+        self.client.login(username=self.project_member_name,
+                          password=self.project_member_pass)
+        response = self.client.post(self.url, format='json', data=self.data)
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+    def test_do_not_return_mappings_to_nonadmin(self):
+        self.client.login(username=self.project_member_name,
+                          password=self.project_member_pass)
+        response = self.client.get(self.url, format='json')
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+    def test_can_create_same_mapping_in_multiple_projects(self):
+        self.client.login(username=self.project_admin_name,
+                          password=self.project_admin_pass)
+        mapping = [
+            {'user': self.second_project_member.id, 'role': self.role.id, 'project': self.main_project.id},
+            {'user': self.second_project_member.id, 'role': self.role.id, 'project': self.other_project.id}
+        ]
+        response = self.client.post(self.url, format='json', data=mapping[0])
+        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
+        response = self.client.post(self.other_url, format='json', data=mapping[1])
+        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
+
+
+class TestRoleMappingDetailAPI(APITestCase):
+
+    @classmethod
+    def setUpTestData(cls):
+        cls.project_admin_name = 'project_admin_name'
+        cls.project_admin_pass = 'project_admin_pass'
+        cls.project_member_name = 'project_member_name'
+        cls.project_member_pass = 'project_member_pass'
+        cls.non_project_member_name = 'non_project_member_name'
+        cls.non_project_member_pass = 'non_project_member_pass'
+        project_admin = User.objects.create_superuser(username=cls.project_admin_name,
+                                                   password=cls.project_admin_pass,
+                                                   email='[email protected]')
+        project_member = User.objects.create_user(username=cls.project_member_name,
+                                                      password=cls.project_member_pass)
+        non_project_member = User.objects.create_user(username=cls.non_project_member_name,
+            password=cls.non_project_member_pass)
+        project = mommy.make('Project', users=[project_admin, project_member])
+        role = mommy.make('Role', name=settings.ROLE_PROJECT_ADMIN)
+        change_role = mommy.make('Role', name=settings.ROLE_ANNOTATOR)
+        cls.rolemapping = mommy.make('RoleMapping', role=role, project=project, user=project_admin)
+        cls.url = reverse(viewname='rolemapping_detail', args=[project.id, cls.rolemapping.id])
+        cls.data = {'role': change_role.id }
+
+    def test_returns_rolemapping_to_project_member(self):
+        self.client.login(username=self.project_admin_name,
+                          password=self.project_admin_pass)
+        response = self.client.get(self.url, format='json')
+        self.assertEqual(response.data['id'], self.rolemapping.id)
+
+    def test_do_not_return_mapping_to_non_project_member(self):
+        self.client.login(username=self.non_project_member_name,
+                          password=self.non_project_member_pass)
+        response = self.client.get(self.url, format='json')
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+    def test_allows_admin_to_update_mapping(self):
+        self.client.login(username=self.project_admin_name,
+                          password=self.project_admin_pass)
+        response = self.client.patch(self.url, format='json', data=self.data)
+        self.assertEqual(response.data['role'], self.data['role'])
+
+    def test_disallows_project_member_to_update_mapping(self):
+        self.client.login(username=self.project_member_name,
+                          password=self.project_member_pass)
+        response = self.client.patch(self.url, format='json', data=self.data)
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+    def test_allows_admin_to_delete_mapping(self):
+        self.client.login(username=self.project_admin_name,
+                          password=self.project_admin_pass)
+        response = self.client.delete(self.url, format='json')
+        self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
+
+    def test_disallows_project_member_to_delete_mapping(self):
+        self.client.login(username=self.project_member_name,
+                          password=self.project_member_pass)
+        response = self.client.delete(self.url, format='json')
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)

app/api/urls.py

@@ -2,21 +2,23 @@
 from rest_framework.authtoken.views import obtain_auth_token
 from rest_framework.urlpatterns import format_suffix_patterns
 
-from .views import Me, Features
+from .views import Me, Features, Users
 from .views import ProjectList, ProjectDetail
 from .views import LabelList, LabelDetail, ApproveLabelsAPI
 from .views import DocumentList, DocumentDetail
 from .views import AnnotationList, AnnotationDetail
 from .views import TextUploadAPI, TextDownloadAPI, CloudUploadAPI
 from .views import StatisticsAPI
-
+from .views import RoleMappingList, RoleMappingDetail, Roles
 
 urlpatterns = [
     path('auth-token', obtain_auth_token),
     path('me', Me.as_view(), name='me'),
     path('features', Features.as_view(), name='features'),
     path('cloud-upload', CloudUploadAPI.as_view(), name='cloud_uploader'),
     path('projects', ProjectList.as_view(), name='project_list'),
+    path('users', Users.as_view(), name='user_list'),
+    path('roles', Roles.as_view(), name='roles'),
     path('projects/<int:project_id>', ProjectDetail.as_view(), name='project_detail'),
     path('projects/<int:project_id>/statistics',
          StatisticsAPI.as_view(), name='statistics'),
@@ -37,7 +39,11 @@
     path('projects/<int:project_id>/docs/upload',
          TextUploadAPI.as_view(), name='doc_uploader'),
     path('projects/<int:project_id>/docs/download',
-         TextDownloadAPI.as_view(), name='doc_downloader')
+         TextDownloadAPI.as_view(), name='doc_downloader'),
+    path('projects/<int:project_id>/roles',
+         RoleMappingList.as_view(), name='rolemapping_list'),
+    path('projects/<int:project_id>/roles/<int:rolemapping_id>',
+         RoleMappingDetail.as_view(), name='rolemapping_detail'),
 ]
 
 urlpatterns = format_suffix_patterns(urlpatterns, allowed=['json', 'xml'])

app/api/views.py

@@ -1,4 +1,5 @@
 from django.conf import settings
+from django.contrib.auth.models import User
 from django.shortcuts import get_object_or_404, redirect
 from django_filters.rest_framework import DjangoFilterBackend
 from django.db.models import Count, F
@@ -13,11 +14,12 @@
 from rest_framework_csv.renderers import CSVRenderer
 
 from .filters import DocumentFilter
-from .models import Project, Label, Document
+from .models import Project, Label, Document, RoleMapping, Role
 from .permissions import IsProjectAdmin, IsAnnotator, IsAnnotationApprover, IsAnnotatorAndCreator, IsOwnAnnotation
 from .serializers import ProjectSerializer, LabelSerializer, DocumentSerializer, UserSerializer
-from .serializers import ProjectPolymorphicSerializer
+from .serializers import ProjectPolymorphicSerializer, RoleMappingSerializer, RoleSerializer
 from .utils import CSVParser, ExcelParser, JSONParser, PlainTextParser, CoNLLParser, iterable_to_io
+from .serializers import ProjectPolymorphicSerializer, RoleMappingSerializer, RoleSerializer
 from .utils import JSONLRenderer
 from .utils import JSONPainter, CSVPainter
 
@@ -319,3 +321,40 @@ def select_painter(self, format):
             return JSONPainter()
         else:
             raise ValidationError('format {} is invalid.'.format(format))
+
+
+class Users(APIView):
+    permission_classes = (IsAuthenticated, IsProjectAdmin)
+
+    def get(self, request, *args, **kwargs):
+        queryset = User.objects.all()
+        serialized_data = UserSerializer(queryset, many=True).data
+        return Response(serialized_data)
+
+
+class Roles(generics.ListCreateAPIView):
+    serializer_class = RoleSerializer
+    pagination_class = None
+    permission_classes = (IsAuthenticated, IsProjectAdmin)
+    queryset = Role.objects.all()
+
+
+class RoleMappingList(generics.ListCreateAPIView):
+    serializer_class = RoleMappingSerializer
+    pagination_class = None
+    permission_classes = (IsAuthenticated, IsProjectAdmin)
+
+    def get_queryset(self):
+        project = get_object_or_404(Project, pk=self.kwargs['project_id'])
+        return project.role_mapping
+
+    def perform_create(self, serializer):
+        project = get_object_or_404(Project, pk=self.kwargs['project_id'])
+        serializer.save(project=project)
+
+
+class RoleMappingDetail(generics.RetrieveUpdateDestroyAPIView):
+    queryset = RoleMapping.objects.all()
+    serializer_class = RoleMappingSerializer
+    lookup_url_kwarg = 'rolemapping_id'
+    permission_classes = (IsAuthenticated, IsProjectAdmin)