Saving progress

Changes to be committed:
	modified:   bco_api/api/groups.py
	modified:   bco_api/api/scripts/method_specific/POST_api_objects_drafts_modify.py
	modified:   bco_api/api/scripts/utilities/UserUtils.py
	modified:   bco_api/api/tests.py
	modified:   bco_api/api/urls.py
	modified:   bco_api/api/views.py

Author: HadleyKing

bco_api/api/groups.py

@@ -12,10 +12,15 @@
 from django.utils import timezone
 from guardian.shortcuts import assign_perm
 from rest_framework import status
+from rest_framework.authtoken.models import Token
 from rest_framework.response import Response
 
-from api.scripts.utilities import DbUtils
-from api.scripts.utilities import UserUtils
+from api.scripts.utilities.DbUtils import DbUtils
+from api.scripts.utilities.UserUtils import UserUtils
+
+
+usr_utils = UserUtils()
+db_utils = DbUtils()
 
 class GroupInfo(models.Model):
     """Some additional information for Group.
@@ -33,84 +38,40 @@ class GroupInfo(models.Model):
     max_n_members = models.IntegerField(blank=True, null=True)
     owner_user = models.ForeignKey(User, on_delete=models.CASCADE, to_field='username')
 
-# --- Group --- #
-@receiver(pre_delete, sender=Group)
-def delete_group_perms(sender, instance=None, **kwargs):
-    """
-    Link group deletion to permissions deletion.
-    pre_delete and NOT post_delete because we need
-    to get the Group's information before deleting it.
-    """
-    for perm in ['add_members_' + instance.name, 'delete_members_' + instance.name]:
-        Permission.objects.filter(codename=perm).delete()
-
-
-@receiver(post_save, sender=GroupInfo)
-def create_group_perms(sender, instance=None, created=False, **kwargs):
-    """Group info
-    Link group creation to permission creation.
-    Check to see whether or not the permissions
-    have already been created for this prefix.
-    Create the permissions, then use GroupInfo to give the group admin
-    the admin permissions.
-    Create the administrative permissions for the group.
-    Give the administrative permissions to the user
-    creating this group.
+def post_api_groups_info(token):
+    """Retrieve Group information by user
+    
     """
-    if created:
-        try:
-            for perm in ['add_members_' + instance.group_id,
-                         'delete_members_' + instance.group_id]:
-                Permission.objects.create(
-                    name='Can ' + perm,
-                    content_type=ContentType.objects.get(app_label='auth', model='group'),
-                    codename=perm)
+    import pdb; pdb.set_trace()
+    group_list = list(Group.objects.all())#.values_list('name', flat=True))
+    user = Token.objects.get(key = token).user
+    username = user.username
+    user_groups = {}
+    # for group in 
+    print(usr_utils.get_user_groups_by_username(un=username))
+    
+    return Response(status=status.HTTP_200_OK)
 
-                User.objects.get(id=instance.id).user_permissions.add(Permission.objects.get(codename=perm))
+    # user.get_all_permissions()
+    # user.get_group_permissions()
 
-        except PermErrors.IntegrityError:
-            # The permissions already exist.
-            pass
 
 def post_api_groups_create(request):
     """
     Instantiate any necessary imports.
     """
-    db = DbUtils.DbUtils()
-    uu = UserUtils.UserUtils()
 
-    # Define the bulk request.
     bulk_request = request.data['POST_api_groups_create']
-
-    # Establish who is the group administrator.
-    group_admin = uu.user_from_request(request=request)
-
-    # Get all group names.
-
-    # This is a better solution than querying for
-    # each individual group name.
-    groups = list(
-        Group.objects.all().values_list(
-            'name',
-            flat=True
-        )
-    )
-
-    # Construct an array to return information about processing
-    # the request.
+    group_admin = usr_utils.user_from_request(request=request)
+    groups = list(Group.objects.all().values_list('name', flat=True))
     returning = []
-
-    # Since bulk_request is an array, go over each
-    # item in the array.
     for creation_object in bulk_request:
-        # Standardize the group name.
         standardized = creation_object['name'].lower()
         if standardized not in groups:
             # Not guaranteed which of username and group
             # will be provided.
             if 'usernames' not in creation_object:
                 creation_object['usernames'] = []
-
             # Create the optional keys if they haven't
             # been provided.
             if 'delete_members_on_group_deletion' not in creation_object:
@@ -141,6 +102,7 @@ def post_api_groups_create(request):
 
 
             if 'expiration' not in creation_object:
+                import pdb; pdb.set_trace()
                 GroupInfo.objects.create(
                     delete_members_on_group_deletion=bool(creation_object['delete_members_on_group_deletion']),
                     description=creation_object['description'],
@@ -164,24 +126,23 @@ def post_api_groups_create(request):
             # those that don't.
             for usrnm in creation_object['usernames']:
 
-                if uu.check_user_exists(un=usrnm):
+                if usr_utils.check_user_exists(un=usrnm):
 
                     # Add the user to the group.
-                    User.objects.get(
-                        username=usrnm
+                    User.objects.get(username=usrnm
                     ).groups.add(
                         Group.objects.get(
                             name=creation_object['name']
                         )
                     )
-                    returning.append(db.messages(parameters={'group': standardized})['201_group_create'])
+                    returning.append(db_utils.messages(parameters={'group': standardized})['201_group_create'])
                 else:
                     # Bad request.  Username doesn't exist
                     # TODO: Update this to be more informative
-                    returning.append(db.messages(parameters={})['400_bad_request'])
+                    returning.append(db_utils.messages(parameters={})['400_bad_request'])
         else:
             # Update the request status.
-            returning.append(db.messages(parameters={'group': standardized})['409_group_conflict'])
+            returning.append(db_utils.messages(parameters={'group': standardized})['409_group_conflict'])
 
     # As this view is for a bulk operation, status 200
     # means that the request was successfully processed,
@@ -191,37 +152,29 @@ def post_api_groups_create(request):
 def post_api_groups_delete(request):
     "Instantiate any necessary imports."
 
-    db = DbUtils.DbUtils()
-    uu = UserUtils.UserUtils()
-
     # Define the bulk request.
     bulk_request = request.data['POST_api_groups_delete']['names']
 
     # Establish who has made the request.
-    requestor_info = uu.user_from_request(request=request)
+    requestor_info = usr_utils.user_from_request(request=request)
 
     # Get all group names.
 
     # This is a better solution than querying for
     # each individual group name.
-    groups = list(
-        Group.objects.all().values_list(
-            'name',
-            flat=True
-        )
-    )
+    groups = list(Group.objects.all().values_list('name', flat=True))
 
     # Construct an array to return information about processing
     # the request.
     returning = []
     any_failed = False
-
+    
     # Since bulk_request is an array, go over each
     # item in the array.
     for deletion_object in bulk_request:
         # Standardize the group name.
         standardized = deletion_object.lower()
-
+        deleted_count = 0
         if standardized in groups:
             # Get the group and its information.
             grouped = Group.objects.get(name=standardized)
@@ -236,28 +189,29 @@ def post_api_groups_delete(request):
                     User.objects.filter(groups__name=grouped.name).delete()
                 # Delete the group itself.
                 deleted_count, deleted_info = grouped.delete()
-                if deleted_count < 1:
+                if deleted_count < 3:
                     # Too few deleted, error with this delete
-                    returning.append(db.messages(parameters={
+                    returning.append(db_utils.messages(parameters={
                             'group': grouped.name })['404_missing_bulk_parameters'])
                     any_failed = True
                     continue
-                elif deleted_count > 1:
+
+                elif deleted_count > 3:
                     print(deleted_count, 'deleted_count')
                     # We don't expect there to be duplicates, so while this was successful it should throw a warning
-                    returning.append(db.messages(parameters={
+                    returning.append(db_utils.messages(parameters={
                             'group': grouped.name })['418_too_many_deleted'])
                     any_failed = True
                     continue
                 # Everything looks OK
-                returning.append(db.messages(parameters={'group': grouped.name})['200_OK_group_delete'])
+                returning.append(db_utils.messages(parameters={'group': grouped.name})['200_OK_group_delete'])
             else:
                 # Requestor is not the admin.
-                returning.append(db.messages(parameters={})['403_insufficient_permissions'])
+                returning.append(db_utils.messages(parameters={})['403_insufficient_permissions'])
                 any_failed = True
         else:
             # Update the request status.
-            returning.append(db.messages(parameters={})['400_bad_request'])
+            returning.append(db_utils.messages(parameters={})['400_bad_request'])
             any_failed = True
 
     # As this view is for a bulk operation, status 200
@@ -270,14 +224,12 @@ def post_api_groups_delete(request):
 
 def post_api_groups_modify(request):
     """Instantiate any necessary imports."""
-    db = DbUtils.DbUtils()
-    uu = UserUtils.UserUtils()
 
     # Define the bulk request.
     bulk_request = request.data['POST_api_groups_modify']
 
     # Establish who has made the request.
-    requestor_info = uu.user_from_request(request=request)
+    requestor_info = usr_utils.user_from_request(request=request)
 
     # Get all group names.
 
@@ -339,7 +291,7 @@ def post_api_groups_modify(request):
                     # WARNING: This could cause an error if this is sent in!
                     if 'owner_group' in action_set:
                         # Make sure the provided owner group exists.
-                        if uu.check_group_exists(n=action_set['owner_group']):
+                        if usr_utils.check_group_exists(n=action_set['owner_group']):
                             group_information.owner_group = Group.objects.get(
                                 name=action_set['owner_group']
                             )
@@ -350,7 +302,7 @@ def post_api_groups_modify(request):
 
                     if 'owner_user' in action_set:
                         # Make sure the provided owner user exists.
-                        if uu.check_user_exists(un=action_set['owner_user']):
+                        if usr_utils.check_user_exists(un=action_set['owner_user']):
                             group_information.owner_user = User.objects.get(
                                 username=action_set['owner_user']
                             )
@@ -407,13 +359,13 @@ def post_api_groups_modify(request):
                         all_users.update(a_group_users)
                     else:
                         pass
-                returning.append(db.messages(parameters={'group': grouped.name})['200_OK_group_modify'])
+                returning.append(db_utils.messages(parameters={'group': grouped.name})['200_OK_group_modify'])
             else:
                 # Requestor is not the admin.
-                returning.append(db.messages(parameters={})['403_insufficient_permissions'])
+                returning.append(db_utils.messages(parameters={})['403_insufficient_permissions'])
         else:
             # Update the request status.
-            returning.append(db.messages(parameters={})['400_bad_request'])
+            returning.append(db_utils.messages(parameters={})['400_bad_request'])
 
     # As this view is for a bulk operation, status 200
     # means that the request was successfully processed,

bco_api/api/scripts/method_specific/POST_api_objects_drafts_modify.py

@@ -78,11 +78,9 @@ def POST_api_objects_drafts_modify(request):
                 # We don't care where the view permission comes from,
                 # be it a User permission or a Group permission.
                 all_permissions = get_perms(user, objected)
-
                 # TODO: add permission setting view...
-                # if user.pk == object.owner_user or 'change_' + prefix in all_permissions:
                 if user.username == objected.owner_user.username or \
-                    'add_' + prefix in all_permissions:
+                    'add_' + prefix in px_perms:
 
                     # # User does *NOT* have to be in the owner group!
                     # # to assign the object's group owner.
@@ -121,7 +119,6 @@ def POST_api_objects_drafts_modify(request):
                 db_utils.messages(parameters = {'prefix': prefix}
                 )['401_prefix_unauthorized'])
             any_failed = True
-    import pdb; pdb.set_trace()
     if any_failed and len(returning) == 1:
         if returning[0]['status_code'] == '403':
             return Response(status=status.HTTP_403_FORBIDDEN, data=returning)