Permission set for the global validator on validate api

local_units/management/commands/make_global_validator_permission.py

@@ -1,9 +1,8 @@
 import logging
 
-from django.core.management.base import BaseCommand
-from django.contrib.auth.models import Permission, Group
+from django.contrib.auth.models import Group, Permission
 from django.contrib.contenttypes.models import ContentType
-
+from django.core.management.base import BaseCommand
 
 from local_units.models import LocalUnit
 
@@ -16,14 +15,13 @@ class Command(BaseCommand):
     def handle(self, *args, **options):
         logger.info("Creating/Updating permissions/groups for local unit global validator")
         print("- Creating/Updating permissions/groups for local unit global validator")
-        codename = "local_unit_global_validator",
+        codename = ("local_unit_global_validator",)
         content_type = ContentType.objects.get_for_model(LocalUnit)
         permission, created = Permission.objects.get_or_create(
             codename=codename,
             name="Local Unit Global Validator",
             content_type=content_type,
         )
-        permission.save()
 
         # If it's a new permission, create a group for it
         group, created = Group.objects.get_or_create(name="Local Unit Global Validators")

local_units/permissions.py

@@ -1,13 +1,24 @@
-from django.contrib.auth.models import Permission
+from django.contrib.auth.models import Group, Permission
 from rest_framework import permissions
 
 
 class ValidateLocalUnitPermission(permissions.BasePermission):
-    message = "You need to be super user/ country admin/ region admin to validate local unit"
+    message = "You need to be super user/ global validator/ region admin/ country admin to validate local unit"
 
     def has_object_permission(self, request, view, object):
         user = request.user
-        if user.is_superuser:
+
+        # Check if user is superuser or in Local Unit Global Validators group
+        group_queryset = (
+            Group.objects.filter(
+                name="Local Unit Global Validators",
+                user=user,
+            )
+            .values_list("id", flat=True)
+            .first()
+        )
+
+        if user.is_superuser or group_queryset:
             return True
         country_admin_ids = [
             int(codename.replace("country_admin_", ""))

local_units/test_views.py

@@ -1,7 +1,7 @@
 import datetime
 
 import factory
-from django.contrib.auth.models import Group, Permission
+from django.contrib.auth.models import Group
 from django.contrib.gis.geos import Point
 from django.core import management
 from factory import fuzzy
@@ -318,20 +318,19 @@ def setUp(self):
         management.call_command("make_global_validator_permission")
 
         # Permissions and different validators
-        self.global_validator = UserFactory.create()
-        self.local_unit_admin = UserFactory.create()
-        self.regional_validator = UserFactory.create()
+        self.global_validator_user = UserFactory.create()
+        self.local_unit_admin_user = UserFactory.create()
+        self.regional_validator_user = UserFactory.create()
 
         country_group = Group.objects.filter(name="%s Admins" % self.country.name).first()
         region_group = Group.objects.filter(name="%s Regional Admins" % self.region.name).first()
         global_validator_group = Group.objects.filter(name="Local Unit Global Validators").first()
-        global_validator_group.refresh_from_db()
 
-        self.local_unit_admin.groups.add(country_group)
-        self.regional_validator.groups.add(region_group)
+        self.local_unit_admin_user.groups.add(country_group)
+        self.regional_validator_user.groups.add(region_group)
 
         # Adding global validator permission to global validator
-        self.global_validator.groups.add(global_validator_group)
+        self.global_validator_user.groups.add(global_validator_group)
 
     def test_create_local_unit_administrative(self):
         region = Region.objects.create(name=2)
@@ -669,7 +668,7 @@ def test_validate_local_unit(self):
 
         local_unit_id = response.data["id"]
         # Testing For the local unit Global validator
-        self.authenticate(self.global_validator)
+        self.authenticate(self.global_validator_user)
         # validating the local unit by the Global validator
         response = self.client.post(f"/api/v2/local-units/{local_unit_id}/validate/")
         self.assert_200(response)
@@ -679,17 +678,18 @@ def test_validate_local_unit(self):
         self.assertEqual(local_unit_request.current_validator, LocalUnitChangeRequest.Validator.GLOBAL)
 
         # Testing For the local unit admin/Local validator
-        self.authenticate(self.local_unit_admin)
+        self.authenticate(self.local_unit_admin_user)
+        response = self.client.put(f"/api/v2/local-units/{local_unit_id}/", data=data, format="json")
+        self.assert_200(response)
         # validating the local unit by the local unit admin
         response = self.client.post(f"/api/v2/local-units/{local_unit_id}/validate/")
-        self.assert_200(response)
         local_unit_request = LocalUnitChangeRequest.objects.filter(
             local_unit=local_unit_id, status=LocalUnitChangeRequest.Status.APPROVED
         ).last()
         self.assertEqual(local_unit_request.current_validator, LocalUnitChangeRequest.Validator.LOCAL)
 
         # Testing For the regional validator
-        self.authenticate(self.regional_validator)
+        self.authenticate(self.regional_validator_user)
         response = self.client.put(f"/api/v2/local-units/{local_unit_id}/", data=data, format="json")
         self.assert_200(response)
         # validating the local unit by the regional validator

local_units/views.py

@@ -1,4 +1,4 @@
-from django.contrib.auth.models import Permission
+from django.contrib.auth.models import Group, Permission
 from django.shortcuts import get_object_or_404
 from django.utils import timezone
 from drf_spectacular.utils import extend_schema
@@ -125,7 +125,15 @@ def get_validate(self, request, pk=None, version=None):
         # Checking the validator type
 
         validator = LocalUnitChangeRequest.Validator.LOCAL
-        if request.user.is_superuser:
+        group_queryset = (
+            Group.objects.filter(
+                name="Local Unit Global Validators",
+                user=request.user,
+            )
+            .values_list("id", flat=True)
+            .first()
+        )
+        if request.user.is_superuser or group_queryset:
             validator = LocalUnitChangeRequest.Validator.GLOBAL
         else:
             region_admin_ids = [