[ENG-6666] NodeRequest improvements for Institutional Access Project #10826
Conversation
Johnetordoff
force-pushed
the
institutional-access-node-request-improvements
branch
2 times, most recently
from
54c765b to
aac6fb0
Compare
| @@ -0,0 +1,273 @@ | |||
| from unittest import mock | |||
There was a problem hiding this comment.
This test file was getting long and convoluted, so I split out the preprint tests.
| @@ -0,0 +1,72 @@ | |||
| from unittest import mock | |||
There was a problem hiding this comment.
I just created this in order to prevent the test files from becoming too long.
| @@ -1,189 +0,0 @@ | |||
| from unittest import mock | |||
There was a problem hiding this comment.
I split this up simply because it was getting too long and convoluted. It was difficult to isolate the correct test groups.
| ) | ||
| node_request.save() | ||
| except IntegrityError: | ||
| raise Conflict(f'Users may not have more than one {request_type} request per node.') | ||
| node_request.run_submit(auth.user) | ||
|
|
||
| node_request.run_submit(creator) |
There was a problem hiding this comment.
Consider that this line already sends an email. This PR doesn't cover that that problem, but it will be changed later. This follow will use the state machine to add a curator bool the Contributor class. The follow-up will address "double emailing" for messages and deal with giving the curator role if the request is accepted.
PR for that: #10825 still wip
Johnetordoff
force-pushed
the
institutional-access-node-request-improvements
branch
3 times, most recently
from
af18d95 to
011b708
Compare
Johnetordoff
changed the base branch from
develop
to
feature/institutional_access
Johnetordoff
force-pushed
the
institutional-access-node-request-improvements
branch
2 times, most recently
from
30f4336 to
9a58016
Compare
| @@ -22,6 +22,18 @@ class NodeRequest(AbstractRequest, NodeRequestableMixin): | |||
| """ Request for Node Access | |||
| """ | |||
| target = models.ForeignKey('AbstractNode', related_name='requests', on_delete=models.CASCADE) | |||
| request_type = models.CharField( | |||
| max_length=31, | |||
| choices=NodeRequestTypes.choices(), | |||
There was a problem hiding this comment.
RequestTypes -> NodeRequestTypes
Johnetordoff
force-pushed
the
institutional-access-node-request-improvements
branch
4 times, most recently
from
bc9e548 to
d32cc2d
Compare
Johnetordoff
force-pushed
the
institutional-access-node-request-improvements
branch
from
d32cc2d to
b7405af
Compare
…terForOpenScience/osf.io into institutional-access-node-request-improvements * 'feature/institutional_access' of https://github.com/CenterForOpenScience/osf.io: change to bcc the sender instead of CC-ing them revert typo add code to allow cc-ing fellow institutional admins and put their own address as a reply_to # Conflicts: # osf/migrations/0025_noderequest_requested_permissions_and_more.py
| @@ -515,3 +515,9 @@ def db_name(self): | |||
| class RequestTypes(ChoiceEnum): | |||
| ACCESS = 'access' | |||
| WITHDRAWAL = 'withdrawal' | |||
|
|
|||
| @unique | |||
| class NodeRequestTypes(ChoiceEnum): | |||
There was a problem hiding this comment.
Had to split this up or I would need to suppport this for preprints.
| @@ -56,6 +70,8 @@ def create(self, validated_data): | |||
| raise NotImplementedError() | |||
|
|
|||
| class NodeRequestSerializer(RequestSerializer): | |||
| request_type = ser.ChoiceField(read_only=True, required=False, choices=NodeRequestTypes.choices()) | |||
There was a problem hiding this comment.
RequestTypes -> NodeRequestTypes
Johnetordoff
force-pushed
the
institutional-access-node-request-improvements
branch
from
a209a8c to
7359973
Compare
Johnetordoff
changed the title
api/requests/permissions.py
Outdated
| try: | ||
| institution = Institution.objects.get(_id=institution_id) | ||
| except Institution.DoesNotExist: | ||
| return False |
There was a problem hiding this comment.
Is a 403 a proper response if the institution doesn't exist?
There was a problem hiding this comment.
Presumably they are attempting to access a resource (the institution) that they don't have credentials for, but I see your point. I say debatable to this one, but would move it into the 400 code.
api/requests/permissions.py
Outdated
| return False | ||
|
|
||
| institution_id = request.data.get('institution') | ||
| if not institution_id: | ||
| return False |
There was a problem hiding this comment.
Is a 403 a proper response if the institution is not in the request?
There was a problem hiding this comment.
Yes this should probably be a 400, I'll make sure that's the actual response.
Johnetordoff
force-pushed
the
institutional-access-node-request-improvements
branch
from
5cc90b9 to
d8abf97
Compare
Johnetordoff
force-pushed
the
institutional-access-node-request-improvements
branch
from
d8abf97 to
e34b928
Compare
| This request is being sent to you because your project has the “Request Access” feature enabled. | ||
| This allows potential collaborators to request to be added to your project or to disable this feature, click | ||
| <a href="${node.absolute_url}/settings/">here</a> |
There was a problem hiding this comment.
Is this true with institutional access requests? I don't think you can disable institutional admins requesting access, can you?
There was a problem hiding this comment.
Yeah I talked to Blaine about this and she indicated the users should ALWAYS be able to turn off request access, I'll double check though.
There was a problem hiding this comment.
Does this mean the front end will need to know when a node has that disabled and not show the option to request for access, or will there be an email sent to the institutional admin to let them know that there request couldn't be processed because the option was turned off? Either one has consequences for the timeline, I'd be willing to bet, especially the first one.
There was a problem hiding this comment.
Regardless of how the FE handles it, I've changed the check to give better info in the error, so FE can decide and added tests to demonstrate. I think that's good enough for this PR, Product designs are favoring this approach. Removing the button preemptively likely means changes to SHARE.
…e request access is turned off and added test case
| @@ -4,14 +4,8 @@ | |||
| from api.base.settings.defaults import API_BASE | |||
There was a problem hiding this comment.
Just trying to keep these <500 lines.
Johnetordoff
merged commit 66df96c
into
CenterForOpenScience:feature/institutional_access
Purpose
This feature should allow institutional admins to request a specific project and message a specific user via email with a custom message, the permission should appear as the default selected on the contributor page. This is to be done by expanding the capabilities of the NodeRequest object to allow for this behavior via the current project "Request Access" system
Changes
INSTITUTIONAL_REQUESTSto_internal_valueto serializer to allow ids be retrieved from RelationshipFieldsInstitutionalAdminRequestTypePermissionto handle new request_type.requested_permissionsto NodeRequestSerializerQA Notes
Please make verification statements inspired by your code and what your code touches.
What are the areas of risk?
Any concerns/considerations/questions that development raised?
Documentation
No docs for NodeRequest features.
Side Effects
Ticket
https://openscience.atlassian.net/browse/ENG-6666