astakos: Don't accept inactive users in projects

Forbid enrolling an inactive user in a project or accepting their join request. Also when setting a user inactive, suspend memberships for terminated projects, too.

astakos: Don't accept inactive users in projects
Forbid enrolling an inactive user in a project or accepting their join request. Also when setting a user inactive, suspend memberships for terminated projects, too.
093b44e2 · Giorgos Korfiatis · aa77737d · 093b44e2 · 093b44e2 · 093b44e2
Commit 093b44e2 authored Oct 07, 2016 by Giorgos Korfiatis
3 changed files
--- a/snf-astakos-app/astakos/im/forms.py
+++ b/snf-astakos-app/astakos/im/forms.py
-# Copyright (C) 2010-2014 GRNET S.A.
+# Copyright (C) 2010-2016 GRNET S.A.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1192,7 +1192,10 @@ class AddProjectMembersForm(forms.Form):
        q = self.cleaned_data.get('q') or ''
        users = re.split("\r\n|\n|,", q)
        users = list(u.strip() for u in users if u)
-        db_entries = AstakosUser.objects.accepted().filter(email__in=users)
+
+        # Notice that deactivated users are reported as 'unknown' here, too.
+        db_entries = AstakosUser.objects.accepted().filter(
+            email__in=users, is_active=True)
        unknown = list(set(users) - set(u.email for u in db_entries))
        if unknown:
            raise forms.ValidationError(

--- a/snf-astakos-app/astakos/im/functions.py
+++ b/snf-astakos-app/astakos/im/functions.py
@@ -218,16 +218,20 @@ def app_check_allowed(application, request_user,
    return _failure(silent)


-def checkAlive(project, silent=False):
+def checkAlive(project, silent=False, check_initialized=False):
    def fail(msg):
        if silent:
            return False, msg
        else:
            raise ProjectConflict(msg)
-
-    if not project.is_alive:
-        m = _(astakos_messages.NOT_ALIVE_PROJECT) % project.uuid
-        return fail(m)
+    if check_initialized:
+        if not project.is_initialized():
+            m = _(astakos_messages.NOT_INITIALIZED_PROJECT) % project.uuid
+            return fail(m)
+    else:
+        if not project.is_alive:
+            m = _(astakos_messages.NOT_ALIVE_PROJECT) % project.uuid
+            return fail(m)
    return True, None


@@ -249,7 +253,9 @@ def accept_membership_checks(membership, request_user):
    if not membership.check_action("accept"):
        m = _(astakos_messages.NOT_MEMBERSHIP_REQUEST)
        raise ProjectConflict(m)
-
+    if not membership.person.is_active:
+        m = _(astakos_messages.ACCOUNT_NOT_ACTIVE)
+        raise ProjectConflict(m)
    project = membership.project
    accept_membership_project_checks(project, request_user)

@@ -350,7 +356,7 @@ def suspend_membership_checks(membership, request_user=None):

    project = membership.project
    project_check_allowed(project, request_user, level=ADMIN_LEVEL)
-    checkAlive(project)
+    checkAlive(project, check_initialized=True)


 def suspend_membership(memb_id, request_user=None, reason=None):
@@ -376,7 +382,7 @@ def unsuspend_membership_checks(membership, request_user=None):

    project = membership.project
    project_check_allowed(project, request_user, level=ADMIN_LEVEL)
-    checkAlive(project)
+    checkAlive(project, check_initialized=True)


 def unsuspend_membership(memb_id, request_user=None, reason=None):
@@ -403,12 +409,19 @@ def enroll_member_by_email(project_id, email, request_user=None, reason=None):
        raise ProjectConflict(astakos_messages.UNKNOWN_USERS % email)


+def enroll_member_checks(project, user, request_user):
+    if not user.is_active:
+        m = _(astakos_messages.ACCOUNT_NOT_ACTIVE)
+        raise ProjectConflict(m)
+    accept_membership_project_checks(project, request_user)
+
+
 def enroll_member(project_id, user, request_user=None, reason=None):
    try:
        project = get_project_for_update(project_id)
    except ProjectNotFound as e:
        raise ProjectConflict(e.message)
-    accept_membership_project_checks(project, request_user)
+    enroll_member_checks(project, user, request_user)

    try:
        membership = get_membership(project.id, user.id)
@@ -1239,8 +1252,7 @@ def _get_base_projects(user_ids):

 def _get_memberships(user_ids):
    ms = ProjectMembership.objects.actually_accepted().\
-        filter(person__in=user_ids,
-               project__state__in=[Project.NORMAL, Project.SUSPENDED])
+        filter(person__in=user_ids)
    return _partition_by(lambda m: m.person_id, ms)



--- a/snf-astakos-app/astakos/im/messages.py
+++ b/snf-astakos-app/astakos/im/messages.py
-# Copyright (C) 2010-2014 GRNET S.A.
+# Copyright (C) 2010-2016 GRNET S.A.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -210,6 +210,7 @@ UNIQUE_PROJECT_NAME_CONSTRAIN_ERR = (
    'The project name (as specified in its application\'s definition) must '
    'be unique among all active projects.')
 NOT_ALIVE_PROJECT = 'Project %s is not alive.'
+NOT_INITIALIZED_PROJECT = 'Project %s is not initialized.'
 SUSPENDED_PROJECT = 'Project %s is suspended.'
 NOT_SUSPENDED_PROJECT = 'Project %s is not suspended.'
 NOT_TERMINATED_PROJECT = 'Project %s is not terminated.'