bug/WP-459: Fix dispatch for reaching submitter admin's list registrations page (#264)

edmondsgarrett · Garrett Edmonds · web-flow · commit ab2dd0ccd886 · 2024-01-26T09:13:39.000-06:00
* Prevent use of RegistrationTable's dispatch() method

* Added general use function for checking user groups

* Replace use of get_user_role with has_groups

* Remove some logging used for testing

---------

Co-authored-by: Garrett Edmonds &lt;gedmonds@gedmonds-mbp24.local&gt;
diff --git a/apcd-cms/src/apps/registrations/views.py b/apcd-cms/src/apps/registrations/views.py
@@ -2,6 +2,7 @@
 from apps.utils.apcd_groups import has_apcd_group
 from apps.utils.registrations_data_formatting import _set_registration
 from apps.submitter_renewals_listing.views import get_submitter_code
+from apps.utils.apcd_groups import has_groups
 from django.conf import settings
 from django.http import HttpResponse, HttpResponseRedirect
 from django.template import loader
@@ -25,7 +26,7 @@ def get(self, request):
         formatted_reg_data = []
         renew = False
         reg_id = request.GET.get('reg_id', None)
-        if reg_id and (apcd_database.get_user_role(request.user.username) in ['APCD_ADMIN', 'SUBMITTER_ADMIN']):
+        if reg_id and (has_groups(request.user, ['APCD_ADMIN', 'SUBMITTER_ADMIN'])):
             try:
                 response = get_submitter_code(request.user)
                 submitter_code = json.loads(response.content)['submitter_code']
diff --git a/apcd-cms/src/apps/submitter_renewals_listing/views.py b/apcd-cms/src/apps/submitter_renewals_listing/views.py
@@ -1,6 +1,7 @@
 from django.http import HttpResponse, HttpResponseRedirect, JsonResponse
 from django.template import loader
-from apps.utils.apcd_database import get_registrations, get_registration_contacts, get_user_role, get_submitter_info, get_registration_entities
+from apps.utils.apcd_database import get_registrations, get_registration_contacts, get_submitter_info, get_registration_entities
+from apps.utils.apcd_groups import has_groups
 from apps.admin_regis_table.views import RegistrationsTable
 import logging
 import json
@@ -31,9 +32,9 @@ def get(self, request, *args, **kwargs):
             return HttpResponse(template.render(context, request))
 
     def dispatch(self, request, *args, **kwargs):
-        if not request.user.is_authenticated or not (get_user_role(request.user.username) in ['APCD_ADMIN', 'SUBMITTER_ADMIN']):
+        if not request.user.is_authenticated or not (has_groups(request.user, ['APCD_ADMIN', 'SUBMITTER_ADMIN'])):
             return HttpResponseRedirect('/')
-        return super(SubmittersTable, self).dispatch(request, *args, **kwargs)
+        return super(RegistrationsTable, self).dispatch(request, *args, **kwargs)
 
     def get_context_data(self, registrations_content, registrations_entities, registrations_contacts, *args, **kwargs):
         registrations_entities = []
diff --git a/apcd-cms/src/apps/utils/apcd_groups.py b/apcd-cms/src/apps/utils/apcd_groups.py
@@ -6,3 +6,7 @@ def has_apcd_group(user):
 
 def is_apcd_admin(user):
     return user.groups.filter(name='APCD_ADMIN').exists()
+
+def has_groups(user, groups):
+    return len([user_group for user_group in user.groups.all() if user_group.name in groups]) > 0  # if user has permission group(s) in requested list, this 
+                                                                                              # intersection's length should be non-zero
