diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 1c52999f3..277c1441b 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,6 +1,17 @@ Changelog ========== +.. _2.6.1: + +2.6.1 - 2023-12-20 +~~~~~~~~~~~~~~~~~~~~~~~ + +- Bugs fixed: + - Listing users invites will now show if the invote is for Project Owner. + - Permissions issue for `send-usage` command in testing and production environment. +- Dependencies: + - `Cryptography` from `41.0.3` to `41.0.6` + .. _2.6.0: 2.6.0 - 2023-11-22 diff --git a/SPRINTLOG.md b/SPRINTLOG.md index 761836922..ca031ea1f 100644 --- a/SPRINTLOG.md +++ b/SPRINTLOG.md @@ -330,3 +330,10 @@ _Nothing merged in CLI during this sprint_ - Updated PostCss Node package to address vulnerabities ([#1489](https://github.com/ScilifelabDataCentre/dds_web/pull/1489)) - Updated Several node libraries to address vulnerabities ([#1492](https://github.com/ScilifelabDataCentre/dds_web/pull/1492)) - New version: 2.6.0 ([#1494](https://github.com/ScilifelabDataCentre/dds_web/pull/1494)) + +# 2023-12-4 - 2023-12-15 + +- Patch update crypthography package to address cve ([#1496](https://github.com/ScilifelabDataCentre/dds_web/pull/1496)) +- Fix listing users was not showing PO ([#1497](https://github.com/ScilifelabDataCentre/dds_web/pull/1497)) +- Bug: `flask send-usage` permission issue on testing and production environment ([1499](https://github.com/ScilifelabDataCentre/dds_web/pull/1499)) +- New version: 2.6.1 ([#1501](https://github.com/ScilifelabDataCentre/dds_web/pull/1501)) diff --git a/dds_web/api/user.py b/dds_web/api/user.py index 35ec90405..2ad5e015e 100644 --- a/dds_web/api/user.py +++ b/dds_web/api/user.py @@ -1334,6 +1334,16 @@ def row_to_dict(entry) -> dict: hit["Unit"] = hit["Unit"].name return hit + def mark_if_owner(entry, invite_id): + """Given an invite for printing, If the researcher is Project Owner, list the role as Owner.""" + if ( + models.ProjectInviteKeys.query.filter_by(invite_id=invite_id) + .filter_by(owner=1) + .all() + ): + entry["Role"] = "Project Owner" + return entry + if current_user.role == "Super Admin": # superadmin can see all invites raw_invites = models.Invite.query.all() @@ -1342,6 +1352,7 @@ def row_to_dict(entry) -> dict: entry = row_to_dict(inv) if inv.role == "Super Admin": entry["Projects"] = "----" + mark_if_owner(entry, inv.id) hits.append(entry) elif current_user.role in ("Unit Admin", "Unit Personnel"): @@ -1361,6 +1372,7 @@ def row_to_dict(entry) -> dict: entry["Projects"] = [ project for project in entry["Projects"] if project in unit_projects_pubid ] + mark_if_owner(entry, inv.id) hits.append(entry) elif inv.role in ("Unit Admin", "Unit Personnel") and inv.unit == unit: hits.append(row_to_dict(inv)) @@ -1391,6 +1403,7 @@ def row_to_dict(entry) -> dict: entry["Projects"] = [ project for project in entry["Projects"] if project in user_projects_pubid ] + mark_if_owner(entry, inv.id) hits.append(entry) else: # in case further roles are defined in the future diff --git a/dds_web/commands.py b/dds_web/commands.py index 071042bdd..00bdbe9dd 100644 --- a/dds_web/commands.py +++ b/dds_web/commands.py @@ -945,6 +945,7 @@ def send_usage(months): # CSV files to send csv_file_names = [] + csv_file_location = "/tmp/" have_failed = False # Flag to check if any csv files failed to be generated @@ -952,7 +953,7 @@ def send_usage(months): for unit in models.Unit.query: # Generate CSV file name csv_file_name = pathlib.Path( - f"{unit.public_id}_Usage_Months-{start.month}-to-{end.month}.csv" + f"{csv_file_location}{unit.public_id}_Usage_Months-{start.month}-to-{end.month}.csv" ) flask.current_app.logger.debug(f"CSV file name: {csv_file_name}") diff --git a/dds_web/version.py b/dds_web/version.py index 1d61112a0..67e1d4985 100644 --- a/dds_web/version.py +++ b/dds_web/version.py @@ -1,3 +1,3 @@ # Do not do major version upgrade during 2024. # If mid or minor version reaches 9, continue with 10, 11 etc etc. -__version__ = "2.6.0" +__version__ = "2.6.1" diff --git a/requirements.txt b/requirements.txt index 69d9d4fa5..e6e384622 100644 --- a/requirements.txt +++ b/requirements.txt @@ -12,7 +12,7 @@ certifi==2023.07.22 cffi==1.15.0 charset-normalizer==2.0.11 click==8.0.3 -cryptography==41.0.3 +cryptography==41.0.6 Deprecated==1.2.13 dnspython==2.2.0 dominate==2.6.0 diff --git a/tests/api/test_user.py b/tests/api/test_user.py index e256e07c2..cffe81c06 100644 --- a/tests/api/test_user.py +++ b/tests/api/test_user.py @@ -32,6 +32,11 @@ new_unit_admin = {"email": "new_unit_admin@mailtrap.io", "role": "Unit Admin"} new_super_admin = {"email": "new_super_admin@mailtrap.io", "role": "Super Admin"} new_unit_user = {"email": "new_unit_user@mailtrap.io", "role": "Unit Personnel"} +new_owner_existing_project = { + "email": "new_owner@mailtrap.io", + "project": "public_project_id", + "role": "Project Owner", +} existing_research_user = {"email": "researchuser2@mailtrap.io", "role": "Researcher"} existing_research_user_owner = {"email": "researchuser2@mailtrap.io", "role": "Project Owner"} existing_research_user_to_existing_project = { @@ -1253,9 +1258,16 @@ def get_list(as_user) -> dict: researcher_to_project["project"] = "unit2testing" invite_user(researcher_to_project, "unitadmin") + researcher_to_project = dict(new_owner_existing_project) + invite_user(researcher_to_project, "unitadmin") + researcher_to_project["project"] = "second_public_project_id" + invite_user(researcher_to_project, "unitadmin") + researcher_to_project["project"] = "unit2testing" + invite_user(researcher_to_project, "unitadmin") + response = get_list("superadmin") assert "invites" in response.json - assert len(response.json["invites"]) == 5 + assert len(response.json["invites"]) == 6 for entry in response.json["invites"]: for key in ["Email", "Role", "Projects", "Created", "Unit"]: assert key in entry @@ -1268,7 +1280,7 @@ def get_list(as_user) -> dict: response = get_list("unitadmin") assert "invites" in response.json - assert len(response.json["invites"]) == 2 + assert len(response.json["invites"]) == 3 for entry in response.json["invites"]: for key in ["Email", "Role", "Projects", "Created"]: assert key in entry @@ -1285,7 +1297,7 @@ def get_list(as_user) -> dict: response = get_list("projectowner") assert "invites" in response.json - assert len(response.json["invites"]) == 1 + assert len(response.json["invites"]) == 2 for entry in response.json["invites"]: for key in ["Email", "Role", "Projects", "Created"]: assert key in entry diff --git a/tests/test_commands.py b/tests/test_commands.py index 2d5ea05ea..bf7731b64 100644 --- a/tests/test_commands.py +++ b/tests/test_commands.py @@ -1757,6 +1757,8 @@ def run_command_and_check_output(months_to_test, start_time): Return the csv files attached to the email. """ + csv_file_location = "/tmp/" + with mail.record_messages() as outbox: with patch("dds_web.utils.current_time") as current_time_func: # Mock current time current_time_func.return_value = start_time @@ -1775,8 +1777,12 @@ def run_command_and_check_output(months_to_test, start_time): end_month = end_time.month unit_1_id = project_1_unit_1.responsible_unit.public_id unit_2_id = project_1_unit_2.responsible_unit.public_id - csv_1_name = f"{unit_1_id}_Usage_Months-{end_month}-to-{start_month}.csv" - csv_2_name = f"{unit_2_id}_Usage_Months-{end_month}-to-{start_month}.csv" + csv_1_name = ( + f"{csv_file_location}{unit_1_id}_Usage_Months-{end_month}-to-{start_month}.csv" + ) + csv_2_name = ( + f"{csv_file_location}{unit_2_id}_Usage_Months-{end_month}-to-{start_month}.csv" + ) # check that the files no longer exist in the filesystem assert not os.path.exists(csv_1_name) diff --git a/tests/test_version.py b/tests/test_version.py index aaf84a488..345f38049 100644 --- a/tests/test_version.py +++ b/tests/test_version.py @@ -2,4 +2,4 @@ def test_version(): - assert version.__version__ == "2.6.0" + assert version.__version__ == "2.6.1"