Remove experiment user group from OpenIDC middleware fixes #544

Author: jaredlockhart

app/experimenter/openidc/middleware.py

@@ -1,7 +1,6 @@
 from django.core.urlresolvers import resolve, Resolver404
 from django.conf import settings
-from django.contrib.contenttypes.models import ContentType
-from django.contrib.auth.models import User, Group, Permission
+from django.contrib.auth.models import User
 from django.http import HttpResponse
 from rest_framework.authentication import SessionAuthentication
 
@@ -16,21 +15,6 @@ class OpenIDCAuthMiddleware(object):
     experimenters group.
     """
 
-    def get_experimenter_group(self):
-        experimenter_group, created = Group.objects.get_or_create(
-            name="Experimenters"
-        )
-
-        if created:
-            apps = ("projects", "experiments")
-            content_types = ContentType.objects.filter(app_label__in=apps)
-            permissions = Permission.objects.filter(
-                content_type__in=content_types
-            )
-            experimenter_group.permissions.add(*permissions)
-
-        return experimenter_group
-
     def process_request(self, request):
         try:
             resolved = resolve(request.path)
@@ -54,11 +38,8 @@ def process_request(self, request):
             user = User.objects.get(username=openidc_email)
         except User.DoesNotExist:
             user = User(username=openidc_email, email=openidc_email)
-            user.is_staff = True
             user.save()
 
-            user.groups.add(self.get_experimenter_group())
-
         request.user = user
 
 

app/experimenter/openidc/tests/test_middleware.py

@@ -1,5 +1,5 @@
 from django.conf import settings
-from django.contrib.auth.models import User, Group
+from django.contrib.auth.models import User
 from django.core.urlresolvers import Resolver404
 from django.test import TestCase
 
@@ -19,28 +19,6 @@ def setUp(self):
         self.mock_resolve = mock_resolve_patcher.start()
         self.addCleanup(mock_resolve_patcher.stop)
 
-    def test_get_group_creates_group_with_project_experiment_permissions(self):
-        self.assertFalse(Group.objects.all().exists())
-        group = self.middleware.get_experimenter_group()
-        self.assertTrue(Group.objects.all().exists())
-        self.assertEqual(group.permissions.all().count(), 15)
-        self.assertEqual(
-            set(
-                [
-                    permission.content_type.app_label
-                    for permission in group.permissions.all()
-                ]
-            ),
-            set(["projects", "experiments"]),
-        )
-
-    def test_get_group_only_creates_one_group(self):
-        self.assertEqual(Group.objects.all().count(), 0)
-        self.middleware.get_experimenter_group()
-        self.assertEqual(Group.objects.all().count(), 1)
-        self.middleware.get_experimenter_group()
-        self.assertEqual(Group.objects.all().count(), 1)
-
     def test_whitelisted_url_is_not_authed(self):
         request = mock.Mock()
         request.path = "/whitelisted-view/"
@@ -87,8 +65,4 @@ def test_user_created_with_correct_email_from_header(self):
         self.assertEqual(User.objects.all().count(), 1)
 
         self.assertEqual(request.user.email, user_email)
-        self.assertTrue(request.user.is_staff)
-        self.assertTrue(
-            self.middleware.get_experimenter_group()
-            in request.user.groups.all()
-        )
+        self.assertFalse(request.user.is_staff)