Merge pull request #1500 from ScilifelabDataCentre/dev

New release 2023-12-20

CHANGELOG.rst

@@ -1,6 +1,17 @@
 Changelog
 ==========
 
+.. _2.6.1:
+
+2.6.1 - 2023-12-20
+~~~~~~~~~~~~~~~~~~~~~~~
+
+- Bugs fixed:
+    - Listing users invites will now show if the invote is for Project Owner.
+    - Permissions issue for `send-usage` command in testing and production environment.
+- Dependencies: 
+    - `Cryptography` from `41.0.3` to `41.0.6`
+
 .. _2.6.0:
 
 2.6.0 - 2023-11-22

SPRINTLOG.md

@@ -330,3 +330,10 @@ _Nothing merged in CLI during this sprint_
 - Updated PostCss Node package to address vulnerabities ([#1489](https://github.com/ScilifelabDataCentre/dds_web/pull/1489))
 - Updated Several node libraries to address vulnerabities ([#1492](https://github.com/ScilifelabDataCentre/dds_web/pull/1492))
 - New version: 2.6.0 ([#1494](https://github.com/ScilifelabDataCentre/dds_web/pull/1494))
+
+# 2023-12-4 - 2023-12-15
+
+- Patch update crypthography package to address cve ([#1496](https://github.com/ScilifelabDataCentre/dds_web/pull/1496))
+- Fix listing users was not showing PO ([#1497](https://github.com/ScilifelabDataCentre/dds_web/pull/1497))
+- Bug: `flask send-usage` permission issue on testing and production environment ([1499](https://github.com/ScilifelabDataCentre/dds_web/pull/1499))
+- New version: 2.6.1 ([#1501](https://github.com/ScilifelabDataCentre/dds_web/pull/1501))

dds_web/api/user.py

@@ -1334,6 +1334,16 @@ def row_to_dict(entry) -> dict:
                 hit["Unit"] = hit["Unit"].name
             return hit
 
+        def mark_if_owner(entry, invite_id):
+            """Given an invite for printing, If the researcher is Project Owner, list the role as Owner."""
+            if (
+                models.ProjectInviteKeys.query.filter_by(invite_id=invite_id)
+                .filter_by(owner=1)
+                .all()
+            ):
+                entry["Role"] = "Project Owner"
+            return entry
+
         if current_user.role == "Super Admin":
             # superadmin can see all invites
             raw_invites = models.Invite.query.all()
@@ -1342,6 +1352,7 @@ def row_to_dict(entry) -> dict:
                 entry = row_to_dict(inv)
                 if inv.role == "Super Admin":
                     entry["Projects"] = "----"
+                mark_if_owner(entry, inv.id)
                 hits.append(entry)
 
         elif current_user.role in ("Unit Admin", "Unit Personnel"):
@@ -1361,6 +1372,7 @@ def row_to_dict(entry) -> dict:
                     entry["Projects"] = [
                         project for project in entry["Projects"] if project in unit_projects_pubid
                     ]
+                    mark_if_owner(entry, inv.id)
                     hits.append(entry)
                 elif inv.role in ("Unit Admin", "Unit Personnel") and inv.unit == unit:
                     hits.append(row_to_dict(inv))
@@ -1391,6 +1403,7 @@ def row_to_dict(entry) -> dict:
                     entry["Projects"] = [
                         project for project in entry["Projects"] if project in user_projects_pubid
                     ]
+                    mark_if_owner(entry, inv.id)
                     hits.append(entry)
         else:
             # in case further roles are defined in the future

dds_web/commands.py

@@ -945,14 +945,15 @@ def send_usage(months):
 
     # CSV files to send
     csv_file_names = []
+    csv_file_location = "/tmp/"
 
     have_failed = False  # Flag to check if any csv files failed to be generated
 
     # Iterate through units
     for unit in models.Unit.query:
         # Generate CSV file name
         csv_file_name = pathlib.Path(
-            f"{unit.public_id}_Usage_Months-{start.month}-to-{end.month}.csv"
+            f"{csv_file_location}{unit.public_id}_Usage_Months-{start.month}-to-{end.month}.csv"
         )
         flask.current_app.logger.debug(f"CSV file name: {csv_file_name}")
 

dds_web/version.py

@@ -1,3 +1,3 @@
 # Do not do major version upgrade during 2024.
 # If mid or minor version reaches 9, continue with 10, 11 etc etc.
-__version__ = "2.6.0"
+__version__ = "2.6.1"

requirements.txt

@@ -12,7 +12,7 @@ certifi==2023.07.22
 cffi==1.15.0
 charset-normalizer==2.0.11
 click==8.0.3
-cryptography==41.0.3
+cryptography==41.0.6
 Deprecated==1.2.13
 dnspython==2.2.0
 dominate==2.6.0

tests/api/test_user.py

@@ -32,6 +32,11 @@
 new_unit_admin = {"email": "[email protected]", "role": "Unit Admin"}
 new_super_admin = {"email": "[email protected]", "role": "Super Admin"}
 new_unit_user = {"email": "[email protected]", "role": "Unit Personnel"}
+new_owner_existing_project = {
+    "email": "[email protected]",
+    "project": "public_project_id",
+    "role": "Project Owner",
+}
 existing_research_user = {"email": "[email protected]", "role": "Researcher"}
 existing_research_user_owner = {"email": "[email protected]", "role": "Project Owner"}
 existing_research_user_to_existing_project = {
@@ -1253,9 +1258,16 @@ def get_list(as_user) -> dict:
     researcher_to_project["project"] = "unit2testing"
     invite_user(researcher_to_project, "unitadmin")
 
+    researcher_to_project = dict(new_owner_existing_project)
+    invite_user(researcher_to_project, "unitadmin")
+    researcher_to_project["project"] = "second_public_project_id"
+    invite_user(researcher_to_project, "unitadmin")
+    researcher_to_project["project"] = "unit2testing"
+    invite_user(researcher_to_project, "unitadmin")
+
     response = get_list("superadmin")
     assert "invites" in response.json
-    assert len(response.json["invites"]) == 5
+    assert len(response.json["invites"]) == 6
     for entry in response.json["invites"]:
         for key in ["Email", "Role", "Projects", "Created", "Unit"]:
             assert key in entry
@@ -1268,7 +1280,7 @@ def get_list(as_user) -> dict:
 
     response = get_list("unitadmin")
     assert "invites" in response.json
-    assert len(response.json["invites"]) == 2
+    assert len(response.json["invites"]) == 3
     for entry in response.json["invites"]:
         for key in ["Email", "Role", "Projects", "Created"]:
             assert key in entry
@@ -1285,7 +1297,7 @@ def get_list(as_user) -> dict:
 
     response = get_list("projectowner")
     assert "invites" in response.json
-    assert len(response.json["invites"]) == 1
+    assert len(response.json["invites"]) == 2
     for entry in response.json["invites"]:
         for key in ["Email", "Role", "Projects", "Created"]:
             assert key in entry

tests/test_commands.py

@@ -1757,6 +1757,8 @@ def run_command_and_check_output(months_to_test, start_time):
         Return the csv files attached to the email.
         """
 
+        csv_file_location = "/tmp/"
+
         with mail.record_messages() as outbox:
             with patch("dds_web.utils.current_time") as current_time_func:  # Mock current time
                 current_time_func.return_value = start_time
@@ -1775,8 +1777,12 @@ def run_command_and_check_output(months_to_test, start_time):
             end_month = end_time.month
             unit_1_id = project_1_unit_1.responsible_unit.public_id
             unit_2_id = project_1_unit_2.responsible_unit.public_id
-            csv_1_name = f"{unit_1_id}_Usage_Months-{end_month}-to-{start_month}.csv"
-            csv_2_name = f"{unit_2_id}_Usage_Months-{end_month}-to-{start_month}.csv"
+            csv_1_name = (
+                f"{csv_file_location}{unit_1_id}_Usage_Months-{end_month}-to-{start_month}.csv"
+            )
+            csv_2_name = (
+                f"{csv_file_location}{unit_2_id}_Usage_Months-{end_month}-to-{start_month}.csv"
+            )
 
             # check that the files no longer exist in the filesystem
             assert not os.path.exists(csv_1_name)

tests/test_version.py

@@ -2,4 +2,4 @@
 
 
 def test_version():
-    assert version.__version__ == "2.6.0"
+    assert version.__version__ == "2.6.1"