From bf60c66b17d62ce6848a86c4fa3ef5992a5af6d9 Mon Sep 17 00:00:00 2001
From: Tore Brede <Tore.Brede@uib.no>
Date: Thu, 28 Oct 2021 16:58:01 +0200
Subject: [PATCH] GREG-91: Setting hierarchical access by default to false

---
 greg/api/views/sponsor.py      |  4 +--
 greg/tests/api/test_sponsor.py | 51 +++++++++++++++++++++++++++++++---
 2 files changed, 49 insertions(+), 6 deletions(-)

diff --git a/greg/api/views/sponsor.py b/greg/api/views/sponsor.py
index ca10ef99..818fc302 100644
--- a/greg/api/views/sponsor.py
+++ b/greg/api/views/sponsor.py
@@ -79,7 +79,8 @@ class SponsorOrgunitLinkView(
 
     def create(self, request, *args, **kwargs):
         (sponsor_id, orgunit_id) = self._extract_sponsor_and_orgunit(kwargs)
-        hierarchical_access = request.data.get("hierarchical_access")
+        # Default to false if hierarchical_access is not specified
+        hierarchical_access = request.data.get("hierarchical_access", "False")
         sponsor = Sponsor.objects.get(id=sponsor_id)
         sponsor.units.add(
             orgunit_id, through_defaults={"hierarchical_access": hierarchical_access}
@@ -92,7 +93,6 @@ class SponsorOrgunitLinkView(
         but the link between the sponsor and the unit"""
         (sponsor_id, orgunit_id) = self._extract_sponsor_and_orgunit(kwargs)
         sponsor = Sponsor.objects.filter(id=sponsor_id).get()
-
         sponsor.units.remove(orgunit_id)
 
         return Response(status=status.HTTP_204_NO_CONTENT)
diff --git a/greg/tests/api/test_sponsor.py b/greg/tests/api/test_sponsor.py
index ccb723b4..1b6aac1a 100644
--- a/greg/tests/api/test_sponsor.py
+++ b/greg/tests/api/test_sponsor.py
@@ -3,7 +3,13 @@ from rest_framework import status
 
 from rest_framework.reverse import reverse
 
-from greg.models import OrganizationalUnit, Sponsor, Person, Identity
+from greg.models import (
+    OrganizationalUnit,
+    Sponsor,
+    Person,
+    Identity,
+    SponsorOrganizationalUnit,
+)
 
 
 @pytest.mark.django_db
@@ -66,14 +72,14 @@ def test_add_sponsor_with_unit(client, unit_foo: OrganizationalUnit):
     assert len(sponsor_lookup_response_body["results"]) == 1
     assert len(sponsor_lookup_response_body["results"][0]["units"]) == 0
 
-    data = {"hierarchical_access": "true"}
+    data = {"hierarchical_access": "True"}
 
     create_sponsor_link_url = reverse(
         "v1:sponsor_orgunit-detail",
         kwargs={"sponsor_id": sponsor_id, "orgunit_id": unit_foo.id},
     )
     response = client.post(create_sponsor_link_url, data=data)
-    assert response.status_code == status.HTTP_200_OK
+    assert response.status_code == status.HTTP_204_NO_CONTENT
 
     sponsor_lookup_response = client.get(sponsor_url, kwargs={"id": sponsor_id})
     sponsor_lookup_response_body = sponsor_lookup_response.json()
@@ -91,7 +97,7 @@ def test_remove_sponsor_orgunit_link(
     response_get = client.get(sponsor_detail_url).json()
     assert len(response_get["units"]) == 0
 
-    data = {"hierarchical_access": True}
+    data = {"hierarchical_access": "True"}
 
     sponsor_orgunit_url = reverse(
         "v1:sponsor_orgunit-detail",
@@ -144,3 +150,40 @@ def test_delete_sponsor_connected_to_identity_not_allowed(
     # Check that the sponsor has been deleted
     response_get = client.get(sponsor_detail_url)
     assert response_get.status_code == status.HTTP_404_NOT_FOUND
+
+
+@pytest.mark.django_db
+def test_add_sponsor_unit_link_with_no_access_parameter(
+    client, unit_foo: OrganizationalUnit
+):
+    sponsor_url = reverse("v1:sponsor-list")
+    data = {
+        "feide_id": "sponsor@example.org",
+        "first_name": "Test",
+        "last_name": "Sponsor",
+    }
+
+    response = client.post(sponsor_url, data=data)
+    sponsor_id = response.json()["id"]
+
+    # Do a post with no data
+    create_sponsor_link_url = reverse(
+        "v1:sponsor_orgunit-detail",
+        kwargs={"sponsor_id": sponsor_id, "orgunit_id": unit_foo.id},
+    )
+    response = client.post(create_sponsor_link_url)
+    assert response.status_code == status.HTTP_204_NO_CONTENT
+
+    # Check that the unit is attached to the sponsor
+    sponsor_lookup_response = client.get(sponsor_url, kwargs={"id": sponsor_id})
+    sponsor_lookup_response_body = sponsor_lookup_response.json()
+    assert len(sponsor_lookup_response_body["results"][0]["units"]) == 1
+
+    attached_unit = sponsor_lookup_response_body["results"][0]["units"][0]
+    assert attached_unit["id"] == unit_foo.id
+
+    # Check that hierarchical_access is set to False for the link between the sponsor and unit
+    sponsor_organization_unit = SponsorOrganizationalUnit.objects.filter(
+        sponsor_id=sponsor_id, organizational_unit_id=unit_foo.id
+    ).get()
+    assert not sponsor_organization_unit.hierarchical_access
-- 
GitLab