refactor: revoke group Access

Author: niveshm

Access/group_helper.py

@@ -201,7 +201,6 @@ def get_group_access_list(request, group_name):
     context["genericAccesses"] = [
         get_generic_access(group_mapping) for group_mapping in group_mappings
     ]
-    print(group_mappings)
     if context["genericAccesses"] == [{}]:
         context["genericAccesses"] = []
 
@@ -803,7 +802,7 @@ def remove_member(request):
     return {"message": "Successfully removed user from group"}
 
 
-def mark_revoked(request):
+def revoke_access(request):
     try:
         request_id = request.POST.get("request_id")
         if not request_id:
@@ -820,7 +819,7 @@ def mark_revoked(request):
 
     group = mapping.group
     auth_user = request.user
-    if auth_user.user.has_permission("ALLOW_USER_OFFBOARD") and group.member_is_owner(auth_user.user):
+    if not (auth_user.user.has_permission("ALLOW_USER_OFFBOARD") and group.member_is_owner(auth_user.user)):
         raise Exception("User Unauthorized to perfrom the action")
 
     should_continue = False

Access/models.py

@@ -536,7 +536,7 @@ def check_access_exist(self, access):
             return False
 
     def get_all_approved_members(self):
-        self.membership_group.filter(status="Approved")
+        return self.membership_group.filter(status="Approved")
 
     def get_approved_accesses(self):
         return self.group_access_mapping.filter(status="Approved")

Access/userlist_helper.py

@@ -41,24 +41,24 @@ def get_identity_templates(auth_user):
     context["configured_identity_template"] = []
     context["unconfigured_identity_template"] = []
     all_modules = helper.get_available_access_modules()
-    for user_identity in user_identities:
-        is_identity_configured = _is_valid_identity_json(identity=user_identity.identity)
-        if is_identity_configured:
-            module = all_modules[user_identity.access_tag]
-            context["configured_identity_template"].append(
-                {
-                    "accessUserTemplatePath": module.get_identity_template(), 
-                    "identity" : user_identity.identity
-                }            
-            )
-            all_modules.pop(user_identity.access_tag)
+    # for user_identity in user_identities:
+    #     is_identity_configured = _is_valid_identity_json(identity=user_identity.identity)
+    #     if is_identity_configured:
+    #         module = all_modules[user_identity.access_tag]
+    #         context["configured_identity_template"].append(
+    #             {
+    #                 "accessUserTemplatePath": module.get_identity_template(), 
+    #                 "identity" : user_identity.identity
+    #             }            
+    #         )
+    #         all_modules.pop(user_identity.access_tag)
 
-    for mod in all_modules.values():
-        context["unconfigured_identity_template"].append(
-            {
-                "accessUserTemplatePath": mod.get_identity_template(), 
-            }
-        )
+    # for mod in all_modules.values():
+    #     context["unconfigured_identity_template"].append(
+    #         {
+    #             "accessUserTemplatePath": mod.get_identity_template(), 
+    #         }
+    #     )
     # context["aws_username"] = "some name"
     return context
 

BrowserStackAutomation/urls.py

@@ -18,6 +18,7 @@
 from django.contrib.auth import views as auth_views
 from django.urls import re_path, include
 from Access.views import (
+    revoke_group_access,
     showAccessHistory,
     pendingRequests,
     pendingFailure,
@@ -81,6 +82,7 @@
     re_path(
         r"^group/removeGroupMember$", remove_group_member, name="remove_group_member"
     ),
+    re_path(r"^group/revokeAccess", revoke_group_access, name="revoke_group_access")
 ]
 
 # for each_module in getAvailableAccessModules():

templates/BSOps/group_access_list_tabs/generic_accesses_tab.html

@@ -28,8 +28,14 @@
 
 $(document).on('click', '.group-revoke-button', function(){
     id = $(this).attr("id");
-    urlBuilder = "/group/markGroupAccessRevoked?requestId="+id
+
+    urlBuilder = "/group/revokeAccess"
     $.ajax({url: urlBuilder,
+        method: "POST",
+        data: {
+          request_id: id,
+          csrfmiddlewaretoken: '{{ csrf_token }}'
+        },
         success: function(result){
           document.getElementById("inactive-"+id+"-revoke-button").innerHTML = "Access Marked Revoked";
         },