Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def test_member_cant_edit(self):
organization = self.create_organization(name='foo', owner=self.user)
member = self.create_user('foo@example.com', is_superuser=False)
owner_om = OrganizationMember.objects.get(
organization=organization,
user=self.user,
)
OrganizationMember.objects.create(
organization=organization,
user=member,
role='member',
)
path = reverse('sentry-organization-member-settings',
args=[organization.slug, owner_om.id])
self.login_as(member)
resp = self.client.get(path)
def test_org_member_does_not_exist(self, try_enroll, log):
om = self.get_om_and_init_invite()
# Mutate the OrganizationMember, putting it out of sync with the
# pending member cookie.
om.update(id=om.id + 1)
self.setup_u2f()
om = OrganizationMember.objects.get(id=om.id)
assert om.user is None
assert om.email == "newuser@example.com"
assert log.error.call_count == 1
assert log.error.call_args[0][0] == "Invalid pending invite cookie"
def create_om_and_link_sso(self, organization):
om = OrganizationMember.objects.get(user=self.user, organization=organization)
setattr(om.flags, "sso:linked", True)
om.save()
return om
def test_renders_with_context(self):
organization = self.create_organization(name='foo', owner=self.user)
self.create_team(name='foo', organization=organization)
team_2 = self.create_team(name='bar', organization=organization)
owner = self.user
member = self.create_user('bar@example.com')
TotpInterface().enroll(member)
owner_om = OrganizationMember.objects.get(
organization=organization,
user=owner,
)
member_om = self.create_member(
organization=organization,
user=member,
role='member',
teams=[team_2],
)
path = reverse('sentry-organization-members', args=[organization.slug])
self.login_as(self.user)
resp = self.client.get(path)
def is_pending_organization_member(self, user_id, member_id, was_booted=True):
member = OrganizationMember.objects.get(id=member_id)
assert User.objects.filter(id=user_id).exists()
assert member.is_pending
assert member.email
if was_booted:
assert member.token
assert member.token_expires_at
else:
assert member.token is None
assert member.token_expires_at is None
def test_simple(self, mock_send_invite_email):
resp = self.get_response(
self.org.slug, email="jane@gmail.com", role="member", teams=[self.team.slug]
)
assert resp.status_code == 201
om = OrganizationMember.objects.get(id=resp.data["id"])
assert om.user_id is None
assert om.email == "jane@gmail.com"
assert om.role == "member"
assert list(om.teams.all()) == [self.team]
assert om.inviter == self.owner_user
mock_send_invite_email.assert_called_once_with()
self.create_member(user=user2, organization=org, role="admin", teams=[team])
self.create_member(user=user2, organization=org2, role="member", teams=[])
team.transfer_to(org2)
assert team.organization == org2
team = Team.objects.get(id=team.id)
assert team.organization == org2
project = Project.objects.get(id=project.id)
assert project.organization == org2
# owner does not exist on new org, so should not be transferred
assert not OrganizationMember.objects.filter(user=user, organization=org2).exists()
# existing member should now have access
member = OrganizationMember.objects.get(user=user2, organization=org2)
assert list(member.teams.all()) == [team]
# role should not automatically upgrade
assert member.role == "member"
# old member row should still exist
assert OrganizationMember.objects.filter(user=user2, organization=org).exists()
# no references to old org for this team should exist
assert not OrganizationMemberTeam.objects.filter(
organizationmember__organization=org, team=team
).exists()
Project.objects.filter(id__in=project_ids).update(organization=organization)
ProjectTeam.objects.filter(project_id__in=project_ids).update(team=new_team)
# remove any pending access requests from the old organization
if self != new_team:
OrganizationAccessRequest.objects.filter(team=self).delete()
# identify shared members and ensure they retain team access
# under the new organization
old_memberships = OrganizationMember.objects.filter(teams=self).exclude(
organization=organization
)
for member in old_memberships:
try:
new_member = OrganizationMember.objects.get(
user=member.user, organization=organization
)
except OrganizationMember.DoesNotExist:
continue
try:
with transaction.atomic():
OrganizationMemberTeam.objects.create(
team=new_team, organizationmember=new_member
)
except IntegrityError:
pass
OrganizationMemberTeam.objects.filter(team=self).exclude(
organizationmember__organization=organization
).delete()
* If they are an active superuser
* If they are modifying their own membership
* If the user's role is higher than the targeted user's role (e.g. "admin" can't modify "owner")
* If the user is an "admin" and they are modifying a team they are a member of
"""
if is_active_superuser(request):
return True
if not request.user.is_authenticated():
return False
if request.user.id == member.user_id:
return True
acting_member = OrganizationMember.objects.get(
organization=organization, user__id=request.user.id, user__is_active=True
)
if roles.get(acting_member.role).is_global and roles.can_manage(
acting_member.role, member.role
):
return True
return False
auth_identity.update(
user=user,
ident=identity['id'],
data=self.provider.update_identity(
new_data=identity.get('data', {}),
current_data=auth_identity.data,
),
last_verified=now,
last_synced=now,
)
auth_is_new = False
if member is None:
try:
member = OrganizationMember.objects.get(
user=user,
organization=organization,
)
except OrganizationMember.DoesNotExist:
member = OrganizationMember.objects.create(
organization=organization,
role=organization.default_role,
user=user,
flags=getattr(OrganizationMember.flags, 'sso:linked'),
)
default_teams = auth_provider.default_teams.all()
for team in default_teams:
OrganizationMemberTeam.objects.create(
team=team,
organizationmember=member,