chore: log the user triggering the retirement flow
chore: change user retirement permissions to allow support staff
This commit is contained in:
Ali Nawaz
@@ -57,6 +57,8 @@ class BulkUsersRetirementView(APIView):
|
||||
user_to_retire = User.objects.get(username=username)
|
||||
with transaction.atomic():
|
||||
create_retirement_request_and_deactivate_account(user_to_retire)
|
||||
log.info(f'The user "{username}" has been added to the retirement pipeline \
|
||||
by "{request.user}"')
|
||||
|
||||
except User.DoesNotExist:
|
||||
log.exception(f'The user "{username}" does not exist.')
|
||||
|
||||
@@ -78,6 +78,23 @@ class CanRetireUserTest(TestCase):
|
||||
result = CanRetireUser().has_permission(self.request, None)
|
||||
assert not result
|
||||
|
||||
def test_api_permission_staff_without_permission(self):
|
||||
self.request.user = AdminFactory()
|
||||
result = CanRetireUser().has_permission(self.request, None)
|
||||
assert not result
|
||||
|
||||
def test_api_permission_staff_granted_permission(self):
|
||||
self.request.user = AdminFactory()
|
||||
permission = PermissionFactory(
|
||||
codename='add_userretirementrequest',
|
||||
content_type=ContentTypeFactory(
|
||||
app_label='user_api'
|
||||
)
|
||||
)
|
||||
self.request.user.user_permissions.add(permission)
|
||||
result = CanRetireUser().has_permission(self.request, None)
|
||||
assert result
|
||||
|
||||
|
||||
class CanCancelUserRetirementTest(TestCase):
|
||||
""" Tests for cancel user retirement API permissions """
|
||||
|
||||
@@ -14,7 +14,8 @@ def can_retire_user(user):
|
||||
"""
|
||||
return (
|
||||
user.username == settings.RETIREMENT_SERVICE_WORKER_USERNAME or
|
||||
user.is_superuser
|
||||
user.is_superuser or
|
||||
(user.is_staff and user.has_perm('user_api.add_userretirementrequest'))
|
||||
)
|
||||
|
||||
rules.add_perm('accounts.can_retire_user', can_retire_user)
|
||||
|
||||
Reference in New Issue
Block a user