feat: mark revoke access for group

Author: niveshm

Access/group_helper.py

@@ -1,4 +1,4 @@
-from Access.models import User, GroupV2, MembershipV2, AccessV2
+from Access.models import GroupAccessMapping, User, GroupV2, MembershipV2, AccessV2
 from Access import helpers, views_helper, notifications, accessrequest_helper
 from django.db import transaction
 import datetime
@@ -201,6 +201,7 @@ def get_group_access_list(request, group_name):
     context["genericAccesses"] = [
         get_generic_access(group_mapping) for group_mapping in group_mappings
     ]
+    print(group_mappings)
     if context["genericAccesses"] == [{}]:
         context["genericAccesses"] = []
 
@@ -769,7 +770,7 @@ def remove_member(request):
     ]
 
     other_memberships_groups = (
-        user.get_all_memberships()
+        user.get_all_approved_memberships()
         .exclude(group=membership.group)
         .values_list("group", flat=True)
     )
@@ -800,3 +801,57 @@ def remove_member(request):
     membership.revoke_membership()
 
     return {"message": "Successfully removed user from group"}
+
+
+def mark_revoked(request):
+    try:
+        request_id = request.POST.get("request_id")
+        if not request_id:
+            logger.debug("Cannot find request_id in the http request.")
+            raise Exception("Request id not found in the request.")
+        
+        mapping = GroupAccessMapping.get_by_id(request_id)
+        if not mapping:
+            logger.debug("Group Access Mapping not found in the database")
+            raise Exception("Group Access Mapping not found in the database")
+    except Exception as e:
+        logger.exception(str(e))
+        return {"error": ERROR_MESSAGE}
+
+    group = mapping.group
+    auth_user = request.user
+    if auth_user.user.has_permission("ALLOW_USER_OFFBOARD") and group.member_is_owner(auth_user.user):
+        raise Exception("User Unauthorized to perfrom the action")
+    
+    should_continue = False
+    for membership in group.get_all_approved_members():
+        other_memberships_groups = (
+            membership.user.get_all_approved_memberships()
+            .exclude(group=membership.group)
+            .values_list("group", flat=True)
+        )
+
+        for group in other_memberships_groups:
+            if group.access_exist(mapping.access):
+                should_continue = True
+                break
+        
+        if(should_continue):
+            should_continue = False
+            continue
+
+        user_access_identity = membership.user.get_active_identity(mapping.access.access_tag)
+        user_access_mapping = user_access_identity.get_granted_access_mapping(mapping.access)
+
+        
+        background_task(
+            "run_access_revoke",
+            json.dumps(
+                {
+                    "request_id": user_access_mapping.request_id,
+                    "revoker_email": auth_user.user.email
+                }
+            ),
+        )
+
+    return {"message": "Successfully initiated the revoke"}

Access/models.py

@@ -179,8 +179,8 @@ def getOwnedGroups(self):
     def isAdminOrOps(self):
         return self.is_ops or self.user.is_superuser
 
-    def get_all_memberships(self):
-        return self.membership_user.all()
+    def get_all_approved_memberships(self):
+        return self.membership_user.filter(status="Approved")
 
     def is_allowed_admin_actions_on_group(self, group):
         return (
@@ -490,7 +490,7 @@ def member_is_owner(self, user):
         return self.membership_group.get(user=user).is_owner
 
     def get_active_accesses(self):
-        return self.groupaccessmapping_set.filter(
+        return self.group_access_mapping.filter(
             status__in=["Approved", "Pending", "Declined", "SecondaryPending"]
         )
 
@@ -539,7 +539,7 @@ def get_all_approved_members(self):
         self.membership_group.filter(status="Approved")
 
     def get_approved_accesses(self):
-        return self.groupaccessmapping_set.filter(status="Approved")
+        return self.group_access_mapping.filter(status="Approved")
 
     def __str__(self):
         return self.name
@@ -813,6 +813,12 @@ def getAccessRequestDetails(self, access_module):
 
         return access_request_data
 
+    def get_by_id(request_id):
+        try:
+            return GroupAccessMapping.objects.get(request_id=request_id)
+        except GroupAccessMapping.DoesNotExist:
+            return None
+    
 
 
 

Access/views.py

@@ -395,3 +395,16 @@ def mark_revoked(request):
         json_response["error"] = str(e)
         status = 403
     return JsonResponse(json_response, status=status)
+
+
+def revoke_group_access(request):
+    try:
+        response = group_helper.revoke_access(request)
+        if("error" in response):
+            return JsonResponse(response, status=400)
+
+        return JsonResponse(response)
+    except Exception as e:
+        logger.exception(str(e))
+        logger.debug("Something went wrong while revoking group access")
+        return JsonResponse({"message": "Failed to revoke group Access"}, status=400)

BrowserStackAutomation/urls.py

@@ -38,7 +38,7 @@
     update_group_owners,
     remove_group_member,
 )
-from Access.helpers import getAvailableAccessModules
+# from Access.helpers import getAvailableAccessModules
 
 urlpatterns = [
     re_path(r"^admin/", admin.site.urls),
@@ -83,5 +83,5 @@
     ),
 ]
 
-for each_module in getAvailableAccessModules():
-    urlpatterns.extend(each_module.urlpatterns)
+# for each_module in getAvailableAccessModules():
+#     urlpatterns.extend(each_module.urlpatterns)