Merge pull request #4065 from unicef/develop

Develop

Author: emaciupe

screenshots/PCA_process.jpg

@@ -1,4 +1,5 @@
 import logging
+import threading
 
 from django.conf import settings
 from django.contrib.contenttypes.models import ContentType
@@ -28,6 +29,8 @@
 
 INACTIVE_WORKSPACE_URL = reverse('workspace-inactive')
 
+_thread_locals = threading.local()
+
 
 class QueryCountDebugMiddleware(MiddlewareMixin):
     """ Debug db connections"""
@@ -153,13 +156,28 @@ def __init__(self, get_response):
 
     def __call__(self, request):
         # Check if the request method is not GET
+        if request.user.is_authenticated:
+            _thread_locals.user = request.user
         if request.user.is_authenticated and request.user.is_unicef_user():
-            return self.get_response(request)
+            try:
+                response = self.get_response(request)
+                return response
+            finally:
+                _thread_locals.user = None
 
         if request.user.is_authenticated:
             # check where they're trying to access:
             if any(request.path.startswith(path) for path in settings.PARTNER_PROTECTED_URLS):
                 user_group_names = [g.name for g in request.user.groups]
                 if not any([g in PARTNER_PD_ACTIVE_GROUPS for g in user_group_names]):
                     return HttpResponseForbidden("You don't have permission to perform this action.")
-        return self.get_response(request)
+        try:
+            response = self.get_response(request)
+            return response
+        finally:
+            _thread_locals.user = None
+
+
+def get_current_user():
+    user = getattr(_thread_locals, 'user', None)
+    return user if user else None

screenshots/equitrack_map.png

@@ -128,6 +128,20 @@ def test_get_path(self):
         self.assertEqual(response.data[0]['id'], str(self.country.id))
         self.assertEqual(response.data[1]['id'], str(self.child_location.id))
 
+    def test_get_path_inactive_location(self):
+        """Path endpoint should be accessible for inactive locations and return only active ancestors."""
+        inactive_child = LocationFactory(parent=self.country, is_active=False)
+
+        response = self.forced_auth_req(
+            'get', reverse('field_monitoring_settings:locations-path', args=[inactive_child.id]),
+            user=self.unicef_user,
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        # Inactive location itself is excluded; only active ancestors should be returned
+        self.assertEqual(len(response.data), 1)
+        self.assertEqual(response.data[0]['id'], str(self.country.id))
+
 
 class LocationSitesViewTestCase(TestExportMixin, FMBaseTestCaseMixin, BaseTenantTestCase):
     def setUp(self):

screenshots/equitrack_pcas.png

@@ -156,7 +156,8 @@ class FMLocationsViewSet(FMBaseViewSet, mixins.ListModelMixin, viewsets.GenericV
 
     @action(methods=['get'], detail=True)
     def path(self, request, *args, **kwargs):
-        ancestors = self.get_object().get_ancestors(include_self=True).filter(is_active=True)
+        location = get_object_or_404(Location, pk=kwargs.get('pk'))
+        ancestors = location.get_ancestors(include_self=True).filter(is_active=True)
         return Response(data=self.get_serializer(instance=ancestors, many=True).data)
 
 

src/etools/applications/core/data/users.json

@@ -41,15 +41,19 @@ def is_ma_user():
             return is_visit_lead() or is_team_member()
 
         monitor_types = self.instance.MONITOR_TYPE_CHOICES
+        is_staff_visit = self.instance.monitor_type in [monitor_types.staff, monitor_types.both]
+        is_tpm_visit = self.instance.monitor_type in [monitor_types.tpm, monitor_types.both]
+        visit_lead = is_visit_lead()
+        ma_user = is_ma_user()
 
         self.condition_map = {
-            'is_ma_related_user': is_ma_user(),
-            'is_visit_lead': is_visit_lead(),
-            'tpm_visit': self.instance.monitor_type == monitor_types.tpm,
-            'staff_visit': self.instance.monitor_type == monitor_types.staff,
-            'staff_visit+is_visit_lead': self.instance.monitor_type == monitor_types.staff and is_visit_lead(),
-            'tpm_visit+tpm_ma_related': self.instance.monitor_type == monitor_types.tpm and is_ma_user(),
-            'tpm_visit+tpm_ma_related+is_visit_lead': (self.instance.monitor_type == monitor_types.tpm and is_ma_user()) or is_visit_lead(),
+            'is_ma_related_user': ma_user,
+            'is_visit_lead': visit_lead,
+            'tpm_visit': is_tpm_visit,
+            'staff_visit': is_staff_visit,
+            'staff_visit+is_visit_lead': is_staff_visit and visit_lead,
+            'tpm_visit+tpm_ma_related': is_tpm_visit and ma_user,
+            'tpm_visit+tpm_ma_related+is_visit_lead': (is_tpm_visit and ma_user) or visit_lead,
         }
 
         if getattr(self.instance, 'old', None) is not None:

src/etools/applications/core/middleware.py

@@ -1,10 +1,12 @@
+from django.db import connection
 from django.utils.translation import gettext as _
 
 from etools_validator.exceptions import BasicValidationError
 
 from etools.applications.field_monitoring.planning.models import MonitoringActivity
 from etools.applications.partners.models import PartnerOrganization
 from etools.applications.reports.models import CountryProgramme, Result
+from etools.applications.users.models import Realm
 
 
 def staff_activity_has_no_tpm_partner(i):
@@ -14,10 +16,12 @@ def staff_activity_has_no_tpm_partner(i):
 
 
 def tpm_staff_members_belongs_to_the_partner(i):
-    if not i.tpm_partner:
+    # For BOTH we do not restrict TPM team members to the selected TPM partner
+    if not i.tpm_partner or i.monitor_type == MonitoringActivity.MONITOR_TYPE_CHOICES.both:
         return True
 
-    team_members = set([tm.id for tm in i.team_members.all()])
+    team_members_qs = list(i.team_members.all())
+    team_members = set([tm.id for tm in team_members_qs])
     if i.old_instance:
         old_team_members = set([tm.id for tm in i.old_instance.team_members.all()])
         members_to_validate = team_members - old_team_members
@@ -63,3 +67,22 @@ def interventions_connected_with_cp_outputs(i):
         raise BasicValidationError(error_text % ', '.join(wrong_cp_outputs))
 
     return True
+
+
+def assignees_have_active_access(i):
+    if i.monitor_type != MonitoringActivity.MONITOR_TYPE_CHOICES.both:
+        return True
+
+    def has_active_realm(user):
+        return Realm.objects.filter(country=connection.tenant, user=user, is_active=True).exists()
+
+    # visit lead
+    if i.visit_lead and not has_active_realm(i.visit_lead):
+        raise BasicValidationError(_('Visit lead is inactive or has no access'))
+
+    # team members
+    inactive_members = [tm.get_full_name() for tm in i.team_members.all() if not has_active_realm(tm)]
+    if inactive_members:
+        raise BasicValidationError(_('Team members inactive or with no access: %s') % ', '.join(inactive_members))
+
+    return True

src/etools/applications/field_monitoring/fm_settings/tests/test_views.py

@@ -7,7 +7,8 @@
 
 
 def tpm_partner_is_assigned_for_tpm_activity(i):
-    if i.monitor_type == MonitoringActivity.MONITOR_TYPE_CHOICES.tpm and not i.tpm_partner:
+    if i.monitor_type in [MonitoringActivity.MONITOR_TYPE_CHOICES.tpm, MonitoringActivity.MONITOR_TYPE_CHOICES.both] \
+            and not i.tpm_partner:
         raise StateValidationError([_('Partner is not defined for TPM activity')])
     return True