mirror of
https://github.com/PostHog/posthog.git
synced 2024-11-28 18:26:15 +01:00
862697ef83
* initial role and role memberships setup
* create role when org is created and role memberships when user joins
* wip for merge
* fix api tests for role
* nest roles under organization route and test fixes
* remove pdb set trace
* fix types
* remove creating default roles and role memberships for orgs and users
* add permission levels to orgs and roles
* bulk create role memberships
* leave role membership as individual api request, handle bulk creation on the frontend instead
* feature flag role access wip and migrations
* fix flag role access tests
* linter
* isort
* temp type ignore
* add access level to plugin tests
* test remove test migration safe
* test license import error fix
* delete old? org license test
* nvm we need these tests
* type ignore
* reset license plans after test
* add organization resource access model and remove access level field from regular organizations
* feat: permission return on feature flag (#12826)
* suggested permission return
* change naming
* add changes
* pass bool
* fix plugin tests
* organization resource access tests and fixes
* update can edit return with new org resource access model from feature flag
* fix tests
* add permissions to feature flag for editing
* more tests
* remove unnecessary spacing
* fix test
* add context for feature flag serializer tests
* add back workflow test step
* add organization to feature flag role access
* fix(spike): why are tests failing (#12858)
* was it because invalid id is provided?
* allow django to touch the db
* a less unexpected way of allowing access to the DB
* Revert "add organization to feature flag role access"
This reverts commit ef18b0ec8b.
* address feedback and include organization safety checks in tests
* test error fix
* test role dupe name per org
* remove third access level option
* fix migration for it
* more tests
* fix test
* feat: role based permissions UI (#12776)
* add api
* starter
* role and member creation + deletion
* working with all deletes
* add block
* working roles
* permissions tab on org settings
* org default setting
* types
* flag role assignment
* working per flag permission
* working with admin block
* types
* use restricted area component
* wrap flag resource access in different url
* restore migrations manifest
* update url endpoints
* pay gate mini org role settings
* remove view and custom edit and remove resource access creation on org creation
* add feature flag
* address feedback
* fix backend tests
* remove broken permissions setting on new feature flags
* export logic props interface
Co-authored-by: Li Yi Yu <li@posthog.com>
* type fixes
Co-authored-by: Eric Duong <eeoneric@gmail.com>
Co-authored-by: Paul D'Ambra <paul@posthog.com>
72 lines
3.4 KiB
Python
72 lines
3.4 KiB
Python
from rest_framework import status
|
|
|
|
from ee.api.test.base import APILicensedTest
|
|
from ee.models.role import Role, RoleMembership
|
|
from posthog.models.organization import Organization, OrganizationMembership
|
|
from posthog.models.user import User
|
|
|
|
|
|
class TestRoleMembershipAPI(APILicensedTest):
|
|
def setUp(self):
|
|
super().setUp()
|
|
self.eng_role = Role.objects.create(name="Engineering", organization=self.organization)
|
|
self.marketing_role = Role.objects.create(name="Marketing", organization=self.organization)
|
|
|
|
def test_only_organization_admins_and_higher_can_add_users(self):
|
|
user_a = User.objects.create_and_join(self.organization, "a@x.com", None)
|
|
user_b = User.objects.create_and_join(self.organization, "b@x.com", None)
|
|
self.assertEqual(self.organization_membership.level, OrganizationMembership.Level.MEMBER)
|
|
|
|
add_user_b_res = self.client.post(
|
|
f"/api/organizations/@current/roles/{self.eng_role.id}/role_memberships",
|
|
{"user_uuid": user_b.uuid},
|
|
)
|
|
self.assertEqual(add_user_b_res.status_code, status.HTTP_403_FORBIDDEN)
|
|
|
|
self.organization_membership.level = OrganizationMembership.Level.ADMIN
|
|
self.organization_membership.save()
|
|
add_user_a_res = self.client.post(
|
|
f"/api/organizations/@current/roles/{self.eng_role.id}/role_memberships",
|
|
{"user_uuid": user_a.uuid},
|
|
)
|
|
self.assertEqual(add_user_a_res.status_code, status.HTTP_201_CREATED)
|
|
self.assertEqual(RoleMembership.objects.count(), 1)
|
|
self.assertEqual(RoleMembership.objects.first().user, user_a) # type: ignore
|
|
|
|
def test_user_can_belong_to_multiple_roles(self):
|
|
user_a = User.objects.create_and_join(self.organization, "a@potato.com", None)
|
|
self.organization_membership.level = OrganizationMembership.Level.ADMIN
|
|
self.organization_membership.save()
|
|
self.assertEqual(RoleMembership.objects.count(), 0)
|
|
|
|
self.client.post(
|
|
f"/api/organizations/@current/roles/{self.eng_role.id}/role_memberships",
|
|
{"user_uuid": user_a.uuid},
|
|
)
|
|
self.client.post(
|
|
f"/api/organizations/@current/roles/{self.marketing_role.id}/role_memberships",
|
|
{"user_uuid": user_a.uuid},
|
|
)
|
|
self.assertEqual(RoleMembership.objects.count(), 2)
|
|
|
|
def test_returns_correct_results_by_organization(self):
|
|
self.organization_membership.level = OrganizationMembership.Level.ADMIN
|
|
self.organization_membership.save()
|
|
other_org = Organization.objects.create(name="other org")
|
|
user_a = User.objects.create_and_join(self.organization, "a@x.com", None)
|
|
user_b = User.objects.create_and_join(other_org, "b@other_org.com", None)
|
|
|
|
self.client.post(
|
|
f"/api/organizations/@current/roles/{self.eng_role.id}/role_memberships",
|
|
{"user_uuid": user_a.uuid},
|
|
)
|
|
other_org_same_name_role = Role.objects.create(organization=other_org, name="Engineering")
|
|
RoleMembership.objects.create(role=other_org_same_name_role, user=user_b)
|
|
self.assertEqual(RoleMembership.objects.count(), 2)
|
|
get_res = self.client.get(
|
|
f"/api/organizations/@current/roles/{self.eng_role.id}/role_memberships",
|
|
)
|
|
self.assertEqual(get_res.json()["count"], 1)
|
|
self.assertEqual(get_res.json()["results"][0]["user"]["distinct_id"], user_a.distinct_id)
|
|
self.assertNotContains(get_res, str(user_b.email))
|