Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(organizations): add new asset endpoint for owners and admins TASK-960 #5218

Merged
merged 29 commits into from
Nov 11, 2024
Merged

feat(organizations): add new asset endpoint for owners and admins TASK-960 #5218

merged 29 commits into from
Nov 11, 2024

Conversation

noliveleger
Copy link
Contributor

@noliveleger noliveleger commented Oct 31, 2024
edited
Loading

Summary:

Added a new endpoint to retrieve organization assets, accessible to both owners and admins.

Description:

This update introduces a dedicated endpoint that allows organization owners and admins to access a complete list of assets associated with their organization. Owners and admins have unrestricted access to these assets by virtue of their roles, without needing explicit permissions.

Notes:

As part of this update, a refactor was implemented in the unit test suite to minimize code duplication when testing organization admin access across various endpoints. This refactor allows us to test admin access without explicitly assigning permissions, ensuring that the tests more accurately reflect role-based access.

Testing

  • Register three different users
  • From the shell, add user2 and user3 to user1 org
organization = user1.organization
organization.mmo_override = True
organization.save()
organization.add_user(user2, is_admin=True)
organization.add_user(user3, is_admin=False)
  • The UI is not aware yet about org's admin role, so you will receive Access Denied until you patch the JS code (see below) when you try to access project details but the API call should work.

user2 is now an admin and should be able to see and to do whatever they want on user1's organization projects, they should be able to access the org assets list: /api/v2/organizations/<organization_uid>/assets/
user3 is a regular member, they cannot access /api/v2/organizations/<organization_uid>/assets/

organization_uid can be retrieve from /me in organization property.

  • Create a project with user3

    1. user3 should see it in the regular asset list (i.e. : /api/v2/assets/) and should have been assigned manage_asset permission
    2. user2 should see it in the org asset list but not in the regular asset list. No permissions assigned.
    3. user1 should see it in the org asset list and in the regular asset list (until the latter is filtered in a future PR see TASK-1187). They are the owner.

  • Create a project with user2

    1. user3 should not see it in the regular asset list (and should be able to access its details either)
    2. user2 should see it in the org asset list and in the regular asset list and should have been assigned manage_asset permission
    3. user1 should see it in the org asset list and in the regular asset list. They are the owner.

  • Create a project with user1

    1. user3 should not see it in the regular asset list (and should be able to access its details either)
    2. user2 should see it in the org asset list but not in the regular asset list. No permissions assigned.
    3. user1 should see it in the org asset list and in the regular asset list. They are the owner.

By-pass front-end checks to allow org admins access project details

  • Apply this diff BUT DO NOT commit it.
  • Use npm run watch to compile front-end build on the fly (with kobo-install, ./run.py -cf run -p 3000:3000 --rm kpi npm run watch)
  • Try to access the project created for user3 with user2 session

When this work, you can test the admin role by navigating in the project detail. The API responses should always be 2xx.

@noliveleger
Draft of organization assets endpoint
cccb2c9
@noliveleger
Merge branch 'task-958-set-owner-accordingly' into task-960-organizat…
dffa612 
…ion-assets-endpoint
@noliveleger
Add new endpoint for org assets
9c7f4b2
@noliveleger
Restrict org admin to view org assets only
857867e
@noliveleger
Handle permission exception for org admins
bce9c54
@noliveleger
Add delete asset permission to org admins
7b312d4
@noliveleger
Merge branch 'main' into task-960-organization-assets-endpoint
a649509
@noliveleger
Merge branch 'task-958-set-owner-accordingly' into task-960-organizat…
914f102 
…ion-assets-endpoint
@noliveleger
Make org admins access project details
05efe40
@noliveleger
Merge branch 'task-958-set-owner-accordingly' into task-960-organizat…
8c6fff3 
…ion-assets-endpoint
@noliveleger
Merge branch 'task-958-set-owner-accordingly' into task-960-organizat…
f06fd5b 
…ion-assets-endpoint
@noliveleger
Merge branch 'main' into task-960-organization-assets-endpoint
e529991
@noliveleger
Fix bad merge
88a289b
@noliveleger
Bypass Guardian in OpenRosa when user is an org admin
d9c8430
@noliveleger
Rename variables
5800ed4
@noliveleger
Delete own organization when user is added to another org
e8227b7
@noliveleger
Block add_user if org is not MMO
1eaa215
@noliveleger
Refactor permissions system for org admins on related asset objects
6b3ac7d
@noliveleger
Refactor old unit tests for organization admins tests
38482b1
@noliveleger
Refactor AssetFile and AssetSnapshot permission and filter mechanism …
edc46a1 
…to support org admins
@noliveleger
Fix add_user() with multi-member orgs
32cc65a
@noliveleger
Fix organization name being empty on sync
2a80fe3
@noliveleger
Merge branch 'main' into task-960-organization-assets-endpoint
6ef682d
@noliveleger
Linting
4339820
@noliveleger noliveleger added API Changes related to API endpoints Back end labels Oct 31, 2024
@noliveleger noliveleger self-assigned this Oct 31, 2024
@noliveleger noliveleger force-pushed the task-960-organization-assets-endpoint branch from 855905d to 12a1425 Compare October 31, 2024 22:06
@noliveleger noliveleger force-pushed the task-960-organization-assets-endpoint branch from 12a1425 to 58163fd Compare October 31, 2024 22:13
@notion-workspace Notion Workspace
Copy link

Create new endpoint to list org assets

@Akuukis
Copy link
Contributor

Akuukis commented Nov 4, 2024
edited
Loading

Few comments according to the new PR workflow:

  • use camelCase for the scope ("feat(Oorganizations): ...")
  • consider splitting such PRs next time, depends on reviewers but they have all the rights to require splitting if this is too hard to review. To me from a quick glance this looks like a bundle of 3 things - feature itself, test refactor, and a linter on unrelated lines.

@noliveleger noliveleger changed the title feat(Organizations): add new asset endpoint for owners and admins TASK-960 feat(organizations): add new asset endpoint for owners and admins TASK-960 Nov 4, 2024
@magicznyleszek
Copy link
Member

magicznyleszek commented Nov 6, 2024
edited
Loading

@noliveleger should the /api/v2/<organization_uid>/assets/ in the PR description be /api/v2/organizations/<organization_uid>/assets/ (missing /organizations part)?

@noliveleger
Copy link
Contributor Author

@noliveleger should the /api/v2/<organization_uid>/assets/ in the PR description be /api/v2/organizations/<organization_uid>/assets/ (missing /organizations part)?

@magicznyleszek , you are totally right, I fixed it.

@magicznyleszek
Copy link
Member

magicznyleszek commented Nov 7, 2024
edited
Loading

@noliveleger could you fix the BE conflict please? Actually I fixed it myself :)

@magicznyleszek
Merge branch 'main' into task-960-organization-assets-endpoint
ee4f9ae 
# Conflicts:
#	kpi/views/v2/asset_file.py
@magicznyleszek magicznyleszek mentioned this pull request Nov 7, 2024
Merged
9 tasks
@noliveleger noliveleger mentioned this pull request Nov 8, 2024
Merged
9 tasks
rajpatel24
rajpatel24 approved these changes Nov 8, 2024
View reviewed changes
Copy link
Contributor

@rajpatel24 rajpatel24 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@magicznyleszek magicznyleszek removed their request for review November 11, 2024 17:02
@noliveleger noliveleger merged commit 370933a into main Nov 11, 2024
4 of 7 checks passed
@noliveleger noliveleger deleted the task-960-organization-assets-endpoint branch November 11, 2024 18:41
@notion-workspace Notion Workspace
Copy link

Delete user’s own organization after joining a MMO

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rajpatel24 rajpatel24 rajpatel24 approved these changes

@Guitlle Guitlle Awaiting requested review from Guitlle

@jnm jnm Awaiting requested review from jnm jnm is a code owner

Assignees

@noliveleger noliveleger

Labels
API Changes related to API endpoints Back end
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@noliveleger @Akuukis @magicznyleszek @rajpatel24