Merge branch 'main' into feat-identity

Author: niveshm

Access/access_modules/base_email_access/access.py

@@ -3,7 +3,7 @@
 import traceback
 
 from Access.models import UserAccessMapping, GroupAccessMapping
-from BrowserStackAutomation.settings import ACCESS_APPROVE_EMAIL, PERMISSION_CONSTANTS
+from EnigmaAutomation.settings import ACCESS_APPROVE_EMAIL, PERMISSION_CONSTANTS
 from bootprocess.general import emailSES
 
 logger = logging.getLogger(__name__)
@@ -174,6 +174,9 @@ def revoke(self, user, label):
     def get_extra_fields(self):
         return []
 
+    def can_auto_approve(self):
+        return False
+
     # return valid access label array which will be added in db or raise exception
     def validate_request(self, access_labels_data, request_user, is_group=False):
         valid_access_label_array = []

Access/accessrequest_helper.py

@@ -2,7 +2,7 @@
 import time
 from Access.views_helper import execute_group_access, accept_request
 
-from BrowserStackAutomation.settings import DECLINE_REASONS, MAIL_APPROVER_GROUPS
+from EnigmaAutomation.settings import DECLINE_REASONS, MAIL_APPROVER_GROUPS
 import datetime
 import json
 from django.db import transaction
@@ -16,6 +16,7 @@
     User,
     GroupV2,
     AccessV2,
+    MembershipV2,
     ApprovalType,
 )
 from Access.background_task_manager import background_task, accept_request
@@ -77,6 +78,8 @@
 - {request_id} - Approver: {approver}"
 ERROR_DECLINING_REQUEST_LOG_MSG = "Error in Decline of request {request_id}. \
  Error:{error} .Please contact admin."
+ERROR_MARKING_RESOLVE_FAIL_LOG_MSG = "Error in resolving request {request_id}. \
+ Error:{error} ."
 
 
 def get_request_access(request):
@@ -224,7 +227,7 @@ def get_decline_access_request(request, access_type, request_id):
                     UserAccessMapping.get_pending_access_mapping(request_id=value)
                 )
                 request_ids.extend(current_ids)
-            access_type = access_type.rsplit("-", 1)[0]
+            access_type = "moduleAccess"
         elif access_type == "clubGroupAccess":
             for value in [request_id]:  # ready for bulk decline
                 return_ids.append(value)
@@ -238,6 +241,7 @@ def get_decline_access_request(request, access_type, request_id):
             access_type = "groupAccess"
         else:
             request_ids = [request_id]
+
         for current_request_id in request_ids:
             if access_type == "groupAccess":
                 response = decline_group_access(request, current_request_id, reason)
@@ -283,9 +287,11 @@ def get_pending_accesses_from_modules(access_user):
         process_group_requests(pending_accesses["group_requests"], group_requests)
 
         logger.info(
-            "Time to fetch pending requests of access module: %s - %s "
-            % access_module_tag,
-            str(time.time() - access_module_start_time),
+            "Time to fetch pending requests of access module: %s - %s " %
+            (
+                access_module_tag,
+                str(time.time() - access_module_start_time)
+            ),
         )
 
     return individual_requests, list(group_requests.values())
@@ -297,7 +303,7 @@ def process_individual_requests(
     if len(individual_pending_requests):
         clubbed_requests = {}
         for accessrequest in individual_pending_requests:
-            club_id = accessrequest["requestId"].rsplit("_", 1)[0]
+            club_id = accessrequest["requestId"].rsplit("_")[0]
             if club_id not in clubbed_requests:
                 clubbed_requests[club_id] = {
                     "club_id": club_id,
@@ -326,7 +332,7 @@ def process_group_requests(group_pending_requests, group_requests):
             club_id = (
                 accessrequest["groupName"]
                 + "-"
-                + accessrequest["requestId"].rsplit("-", 1)[-1].rsplit("_", 1)[0]
+                + accessrequest["requestId"].rsplit("-", 1)[-1].rsplit("_")[0]
             )
             needs_access_approve = GroupV2.objects.get(
                 name=accessrequest["groupName"], status="Approved"
@@ -399,17 +405,16 @@ def create_request(auth_user, access_request_form):
         }
 
         access_module = helper.get_available_access_modules()[access_tag]
-        module_access_labels = access_module.validate_request(
-            access_labels, auth_user, is_group=False
-        )
-
         extra_field_labels = get_extra_field_labels(access_module)
-
         if extra_fields and extra_field_labels:
             for field in extra_field_labels:
-                module_access_labels[0][field] = extra_fields[0]
+                access_labels[0][field] = extra_fields[0]
                 extra_fields = extra_fields[1:]
 
+        module_access_labels = access_module.validate_request(
+            access_labels, auth_user, is_group=False
+        )
+
         for index2, access_label in enumerate(module_access_labels):
             request_id = request_id + "_" + str(index2)
             access_create_error = _create_access(
@@ -511,7 +516,10 @@ def get_extra_field_labels(access_module):
 def get_extra_fields(access_request):
     if "extraFields" in access_request:
         return access_request["extraFields"]
-    return []
+    elif "extraFields[]" in access_request:
+        return [access_request["extraFields[]"]]
+    else:
+        return []
 
 
 def _validate_access_request(access_request_form, user):
@@ -551,7 +559,6 @@ def validate_access_labels(access_labels_json, access_tag):
 
 def _get_approver_permissions(access_tag, access_label=None):
     json_response = {}
-
     access_module = helper.get_available_access_module_from_tag(access_tag)
     approver_permissions = []
     approver_permissions = access_module.fetch_approver_permissions(access_label)
@@ -583,9 +590,9 @@ def accept_user_access_requests(auth_user, request_id):
         )
         return json_response
 
-    requester = access_mapping.user_identity.user.email
-    if auth_user.username == requester:
-        json_response["error"] = USER_REQUEST_PERMISSION_DENIED_ERR_MSG
+    requester = access_mapping.user_identity.user
+    if auth_user.user == requester:
+        json_response["error"] = SELF_APPROVAL_ERROR_MSG
         return json_response
 
     access_label = access_mapping.access.access_label
@@ -674,37 +681,50 @@ def run_accept_request_task(
 
 def decline_individual_access(request, access_type, request_id, reason):
     json_response = {}
-    access_mapping = UserAccessMapping.get_access_request(request_id)
+    access_mapping = {}
+    decline_new_group = False
+    if access_type == "declineNewGroup":
+        access_mapping = GroupV2.get_pending_group(request_id)
+        decline_new_group = True
+    else:
+        access_mapping = UserAccessMapping.get_access_request(request_id)
+        access_type = access_mapping.access.access_tag
+
     if not is_request_valid(request_id, access_mapping):
         json_response["error"] = USER_REQUEST_IN_PROCESS_ERR_MSG.format(
             request_id=request_id,
         )
         return json_response
 
-    json_response = validate_approver_permissions(access_mapping, access_type, request)
-    if "error" in json_response:
-        return json_response
+    if not decline_new_group:
+        json_response = validate_approver_permissions(access_mapping, access_type, request)
+        if "error" in json_response:
+            return json_response
 
     with transaction.atomic():
         access_mapping.decline_access(reason)
         if hasattr(access_mapping, "approver_1"):
-            access_mapping.decline_reason = reason
             if access_mapping.approver_1 is not None:
                 access_mapping.approver_2 = request.user.user
             else:
                 access_mapping.approver_1 = request.user.user
         else:
-            access_mapping.reason = reason
-            access_mapping.approver = request.user.username
+            access_mapping.approver = request.user.user
 
         access_mapping.save()
 
-    access_module = helper.get_available_access_module_from_tag(access_type)
-    access_labels = [access_mapping.access.access_label]
-    description = access_module.combine_labels_desc(access_labels)
-    notifications.send_mail_for_request_decline(
-        request, description, request_id, reason, access_type
-    )
+    if not decline_new_group:
+        access_module = helper.get_available_access_module_from_tag(access_type)
+        access_labels = [access_mapping.access.access_label]
+        description = access_module.combine_labels_desc(access_labels)
+        notifications.send_mail_for_request_decline(
+            request, description, request_id, reason, access_type
+        )
+    else:
+        MembershipV2.update_membership(access_mapping, reason)
+        notifications.send_mail_for_request_decline(
+            request, "Group Creation", request_id, reason, access_type
+        )
 
     logger.debug(
         USER_REQUEST_DECLINE_MSG.format(
@@ -821,7 +841,7 @@ def decline_group_access(request, request_id, reason):
     access_type = group_mapping.access.access_tag
 
     json_response = validate_approver_permissions(
-        group_mapping, access_type, request, request_id
+        group_mapping, access_type, request
     )
     if "error" in json_response:
         return json_response
@@ -878,6 +898,22 @@ def decline_group_access(request, request_id, reason):
         )
 
 
+def run_ignore_failure_task(auth_user, access_mapping, request_id, selector):
+    try:
+        if selector == "decline":
+            access_mapping.decline_access()
+        elif selector == "approve":
+            access_mapping.approve_access()
+        notifications.send_mail_for_request_resolve(auth_user, selector, request_id)
+    except Exception as e:
+        logger.exception(e)
+        return create_error_response(
+            error_msg=ERROR_MARKING_RESOLVE_FAIL_LOG_MSG.format(
+                request_id=request_id, error=str(str(e))
+            )
+        )
+
+
 def create_error_response(error_msg):
     json_response = {}
     json_response["error"] = error_msg

Access/admin.py

@@ -9,7 +9,7 @@
     GroupV2,
     MembershipV2,
     GroupAccessMapping,
-    UserIdentity
+    UserIdentity,
 )
 
 

Access/background_task_manager.py

@@ -8,7 +8,7 @@
 
 from Access import helpers
 from bootprocess import general
-from BrowserStackAutomation.settings import AUTOMATED_EXEC_IDENTIFIER
+from EnigmaAutomation.settings import AUTOMATED_EXEC_IDENTIFIER
 from Access.models import UserAccessMapping, ApprovalType
 from Access import notifications
 
@@ -60,15 +60,15 @@ def run_access_grant(request_id):
     user_access_mapping = UserAccessMapping.get_access_request(request_id=request_id)
     access_tag = user_access_mapping.access.access_tag
     user = user_access_mapping.user_identity.user
-    approver = user_access_mapping.approver_1.user.username
+    approver = user_access_mapping.approver_1.user
     message = ""
     if not user_access_mapping.user_identity.user.is_active():
         user_access_mapping.decline_access(decline_reason="User is not active")
         logger.debug(
             {
                 "requestId": request_id,
                 "status": "Declined",
-                "by": approver,
+                "by": approver.username,
                 "response": message,
             }
         )
@@ -298,6 +298,7 @@ def run_accept_request(data):
 
     return {"status": False}
 
+
 def accept_request(user_access_mapping):
     try:
         result = run_access_grant.delay(user_access_mapping.request_id)