Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/adding location #129

Merged
merged 33 commits into from
Oct 16, 2024
Merged

Feature/adding location #129

merged 33 commits into from
Oct 16, 2024

Conversation

delcroip
Copy link
Member

No description provided.

weilu and others added 24 commits September 5, 2024 11:35
@weilu
Add village to individual and group model
80997e4 
to facilitate row security
@weilu
Unit test existing individual GQL permission control
e6db8b5
@weilu
Enable row level security on group and individual list queries
d4cd3ae
@weilu
Row-level security for individual history query
af44440
@weilu
Row-level security for group history query
3269d6b
@weilu
Row-level security for group membership query
48df524 
Aka GroupIndividual
@weilu
Row-level security for individual group membership history
93000ab
@weilu
Add row level security to individual creation query
e01ebe2
@weilu
Add row-level security to individual update query
8cd6b76
@weilu
Add row-level security to individual delete query
27a5d33
@weilu
Add row-level security to individual undo delete query
9b814cb
@weilu
Add basic create group gql mutation test
364ec1c 
Also refactor individual mutation & query test to extract setup code
@weilu
Add row level security to group create
c90e48b
@weilu
Row level security for group update
fc96164
@weilu
Add row level security to group delete
d9664a6
@weilu
Add row level security to adding individual to group
80b9ba0
@weilu
Verify that both individual_id and group_id are required by service
5cb938b
@weilu
Add row level security to editing individual in group
2cbda50
@weilu
Add row level security to removing individuals from group
c7556bb
@weilu
Make sure individual group move doesn’t create and delete unnecessarily
93b8d54
@dborowiecki @sniedzielski
Fix perforamnce for individual data update (#127)
b857296 
* Fix perforamnce for individual data update

* added saving in bulk way validation errors

* removed redundant print

---------

Co-authored-by: sniedzielski <sniedzielski@soldevelo.com>
@weilu
Remove unnecessary location-individual relationship reversal in query
629486f
@delcroip
Merge remote-tracking branch 'wei/row-security' into release/24.10
49c73f3
@delcroip
fixing tests
77efbf4
@delcroip delcroip changed the base branch from develop to release/24.10 October 11, 2024 18:05
weilu
weilu requested changes Oct 11, 2024
View reviewed changes
Copy link
Contributor

@weilu weilu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@delcroip The change to use LocationManager.is_allowed instead of Location.get_queryset introduces the following issues:

  1. it no longer considers and respects settings.ROW_SECURITY,
  2. users with user.is_imis_admin = True now is not permitted to mutate any individual or group with location. Case 2 is actually covered by a test case you removed (see my comment in code).

In other words, Location.get_queryset offers more functionalities needed than that LocationManager.is_allowed is currently offering. In the spirit of DRY, I'd suggest not replicating the checks inside is_allowed, but considering pushing the caching logic into LocationManager.allowed which is used by Location.get_queryset and keep using Location.get_queryset for location authorization checking.

individual/tests/graphql_mutation_group_test.py Outdated
Comment on lines 616 to 617
id = content['data']['editIndividualInGroup']['internalId']
self.assert_mutation_error(id, 'mutation.individual_group_village_mismatch')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@delcroip This test case shouldn't have been deleted as it catches the case that an imis admin user can manipulate any individual's group assignment but we should validate to ensure the individual and their assigned group's locations are consistent.

individual/tests/graphql_mutation_group_test.py Outdated
Comment on lines 183 to 185
content = json.loads(response.content)
internal_id = content['data']['updateGroup']['internalId']
self.assert_mutation_error(internal_id, 'mutation.authentication_required')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This shouldn't be necessary as the anonymous user case is already tested in the test above. I see why you added them – probably due to the extraneous line I have above where the response was not checked. I'll push a change to remove this and similar changes below.

Copy link
Member Author

@delcroip delcroip Oct 15, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added it to force the execution of the mutation, if not error could happen later in the process, if we remove the get_mutation_result we should also remove the query

Copy link
Contributor

@weilu weilu Oct 15, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I removed the query in 324c578

weilu and others added 4 commits October 11, 2024 15:22
@weilu
Remove repeated tests & add back test case on group-individual loc match
324c578 
- Also modify existing cases to ensure imis admin can modify individual
and group with location
- Show error message when assert_mutation_success fails
@delcroip
Merge remote-tracking branch 'origin/develop' into feature/adding-loc…
0925244 
…ation
@delcroip
Merge branch 'feature/adding-location' of https://github.com/openimis…
133b3ff 
…/openimis-be-individual_py into feature/adding-location
@delcroip
manage not existing individualGroup
af07aca
weilu
weilu requested changes Oct 15, 2024
View reviewed changes
individual/tests/graphql_mutation_group_test.py Outdated
@@ -474,7 +474,7 @@ def test_add_individual_to_group_row_security(self):
)
content = json.loads(response.content)
internal_id = content['data']['addIndividualToGroup']['internalId']
self.assert_mutation_error(internal_id, _('unauthorized.location'))
self.assert_mutation_success(internal_id)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@delcroip why has this been changed to success? Shouldn't we prevent such a scenario to keep location data consistent between individual and their group?

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Oct 15, 2024

Quality Gate Failed Quality Gate failed

Failed conditions
75.3% Coverage on New Code (required ≥ 80%)
5.3% Duplication on New Code (required ≤ 3%)

See analysis details on SonarCloud

@delcroip delcroip merged commit 74f2d1c into release/24.10 Oct 16, 2024
11 of 14 checks passed
@delcroip delcroip deleted the feature/adding-location branch October 16, 2024 08:15
@weilu weilu mentioned this pull request Oct 19, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@weilu weilu weilu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@delcroip @weilu @dborowiecki