fix(organizations): prevent creation of organizations for deleted or inactive users DEV-1241 (#6456)

### 📣 Summary
Stop automatically creating an organization when a user has just been
deleted.

### 📖 Description
This change ensures that no organization is created or restored for
users who are deleted or inactive. Previously an organization could be
recreated right after a user was removed, or one could be created for a
user that was no longer active. The fix adds validation to skip
organization creation in these cases, preventing unnecessary records.

Author: noliveleger

hub/tests/test_user_details.py

@@ -1,7 +1,9 @@
 # coding: utf-8
 from django.test import TestCase
+from django.utils import timezone
 
 from kobo.apps.kobo_auth.shortcuts import User
+from kobo.apps.organizations.models import Organization
 
 
 class UserDetailTestCase(TestCase):
@@ -47,3 +49,59 @@ def test_user_details_can_be_updated(self):
         self.user.extra_details.data.update(some_details)
         self.user.extra_details.save()
         self.assertEqual(self.user.extra_details.data, some_details)
+
+
+class UserOrganizationCreationTestCase(TestCase):
+    fixtures = ['test_data']
+
+    def setUp(self):
+        self.user = User.objects.get(username='someuser')
+
+        # Delete the existing organization
+        Organization.objects.filter(
+            organization_users__user=self.user
+        ).delete()
+
+    def test_no_org_created_when_user_removed(self):
+        """
+        When a user is marked as removed (extra_details.date_removed is set),
+        accessing user.organization should NOT create an Organization
+        """
+        before_count = Organization.objects.filter(
+            organization_users__user=self.user
+        ).count()
+        self.assertEqual(before_count, 0)
+
+        # Simulate the user being removed (trash emptied)
+        self.user.extra_details.date_removed = timezone.now()
+        self.user.extra_details.save(update_fields=['date_removed'])
+
+        # Access property, should return None and NOT create an Organization
+        self.assertIsNone(self.user.organization)
+
+        after_count = Organization.objects.filter(
+            organization_users__user=self.user
+        ).count()
+        self.assertEqual(after_count, 0)
+
+    def test_no_org_created_when_user_inactive(self):
+        """
+        If a user is inactive (is_active == False), accessing user.organization
+        should NOT create an Organization.
+        """
+        before_count = Organization.objects.filter(
+            organization_users__user=self.user
+        ).count()
+        self.assertEqual(before_count, 0)
+
+        # Make user inactive and save
+        self.user.is_active = False
+        self.user.save(update_fields=['is_active'])
+
+        # Access property,should return None and NOT create an Organization
+        self.assertIsNone(self.user.organization)
+
+        after_count = Organization.objects.filter(
+            organization_users__user=self.user
+        ).count()
+        self.assertEqual(after_count, 0)

kobo/apps/kobo_auth/models.py

@@ -49,9 +49,9 @@ def is_org_owner(self):
 
     @property
     @cache_for_request
-    def organization(self):
+    def organization(self) -> Organization | None:
         if is_user_anonymous(self):
-            return
+            return None
 
         # Database allows multiple organizations per user, but we restrict it to one.
         if (
@@ -61,6 +61,14 @@ def organization(self):
         ):
             return organization
 
+        try:
+            date_removed = self.extra_details.date_removed
+        except self.__class__.extra_details.RelatedObjectDoesNotExist:
+            date_removed = None
+
+        if not self.is_active or date_removed:
+            return None
+
         return create_organization(
             self, f"{self.username}'s organization"
         )