Feature/institutional access #10884
Merged
Feature/institutional access #10884
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…wn address as a reply_to
…-message [ENG-6682] Add UserMessage feature for Institutional Access
…terForOpenScience/osf.io into institutional-access-user-message-arb * 'feature/institutional_access' of https://github.com/CenterForOpenScience/osf.io: add user message read/write permissions to full add new user message oauth scope and throttling classes Fix backfill, report Update changelog and bump versions Follow-up fix for target/next (start/end) month Fix failures caused by base class MonthlyReporter update [ENG-6506] Fix: counted-usage clobbers (#10799) [ENG-6435] Fix: duplicate reports when run for past years (#10800) Add PrivateSpamMetricsReport (#10791) [ENG-4438] Add OOPSpam and Akismet metrics to spam report (#10783) [ENG-6364] Migrate Preprint Affilations (#10787)
…-message-arb [ENG-6682] Add reply-to and cc-ing features to Institutional Access
…terForOpenScience/osf.io into institutional-access-node-request-improvements * 'feature/institutional_access' of https://github.com/CenterForOpenScience/osf.io: change to bcc the sender instead of CC-ing them revert typo add code to allow cc-ing fellow institutional admins and put their own address as a reply_to # Conflicts: # osf/migrations/0025_noderequest_requested_permissions_and_more.py
…e request access is turned off and added test case
…-request-improvements [ENG-6666] NodeRequest improvements for Institutional Access Project
into feature/institutional_access * 'develop' of https://github.com/CenterForOpenScience/osf.io: Assume default for global_ notifications Update CHANGELOG, bump version [Feature] Dashboard B&I (#10843)
[Bug} Fix sendgrid email for Institutional Access
[BUG][WIP] Fix sendgrid email 400s and 202s reporting to sentry
add fix to email mocking, test for catagories
Keep institutional_access feature branch up to date with develop
…ntributor_page [ENG-6670] Make the requested permissions show up as defaults
Add to admin "can_request_access" option to the institution API Changes for "can_request_access" feature Done 2 tasks (ENG-6779) and (ENG-6780) within one PR, due to tickets being related to each other
…#10825) ## Purpose The new Institutional Access feature creates a new "Curator" role that has certain requirements. The first is that it have a special label in the contributor list, shown here: The second requirement is that the user is unable to set the curator to a bibliographic or "visible contributor. ## Changes - Add check constraint to avoid visible institutional admins. - Locates area in page where Curator status can be lableled - adds tests to test for specific behavior at model and API level - adds extra UI notice for contributor page.
* rename migrations for readbility * fix serialization of `institutional_request_access_enabled` to not be string --------- Co-authored-by: John Tordoff <>
Johnetordoff
commented
Jan 14, 2025
| @@ -1839,7 +1845,11 @@ def set_visible(self, user, visible, log=True, auth=None, save=False): | |||
| if visible and not self.contributor_class.objects.filter(**kwargs).exists(): | |||
| set_visible_kwargs = kwargs | |||
| set_visible_kwargs['visible'] = False | |||
| self.contributor_class.objects.filter(**set_visible_kwargs).update(visible=True) | |||
| contribs = self.contributor_class.objects.filter(**set_visible_kwargs) | |||
| if self.guardian_object_type == 'node' and contribs.filter(is_curator=True).exists(): | |||
There was a problem hiding this comment.
This is less then ideal. Potentially this method is a clean-up candidate.
Johnetordoff
commented
Jan 14, 2025
| name__endswith='_institutional_admins' | ||
| ).exists() | ||
|
|
||
| def is_institutional_curator(self, node): |
Johnetordoff
commented
Jan 14, 2025
| }[message_type] | ||
|
|
||
|
|
||
| class UserMessage(BaseModel, ObjectIDMixin): |
There was a problem hiding this comment.
Update the docstrings and maybe help_text
Johnetordoff
commented
Jan 14, 2025
| ) | ||
|
|
||
|
|
||
| @receiver(post_save, sender=UserMessage) |
There was a problem hiding this comment.
Just override .create method? post-commit?
Johnetordoff
commented
Jan 14, 2025
| @@ -76,17 +76,29 @@ def render_message(tpl_name, **context): | |||
|
|
|||
|
|
|||
| def send_mail( | |||
There was a problem hiding this comment.
Check docstings and debugging/logging
Johnetordoff
commented
Jan 15, 2025
| @@ -41,6 +42,12 @@ class Meta: | |||
| # NOTE: Adds an _order column | |||
| order_with_respect_to = 'node' | |||
|
|
|||
| def save(self, *args, **kwargs): | |||
| if self.is_curator and self.visible: | |||
There was a problem hiding this comment.
I feel like we might have reduced the complexity of this to the point where a DB constraint actually is faster the overriding save.
[ENG-6882]fixed double mail sending
Johnetordoff
commented
Jan 15, 2025
| osf_contact_email=OSF_CONTACT_EMAIL, | ||
| **context | ||
| ) | ||
| if not self.machineable.request_type == NodeRequestTypes.INSTITUTIONAL_REQUEST.value: |
There was a problem hiding this comment.
Potentially rework into NodeRequest object better
Johnetordoff
commented
Jan 16, 2025
| @@ -32,7 +36,7 @@ def has_object_permission(self, request, view, obj): | |||
| raise ValueError(f'Not a request-related model: {obj}') | |||
|
|
|||
| if not node.access_requests_enabled: | |||
| return False | |||
There was a problem hiding this comment.
clean-up later conditionals?
Johnetordoff
commented
Jan 16, 2025
| @@ -52,7 +56,35 @@ def has_object_permission(self, request, view, obj): | |||
| # Requesters may not be contributors | |||
| # Requesters may edit their comment or submit their request | |||
| return is_requester and auth.user not in node.contributors | |||
| return False | |||
There was a problem hiding this comment.
Might be fine...
felliott
reviewed
Jan 16, 2025
felliott
reviewed
Jan 16, 2025
Johnetordoff
commented
Jan 16, 2025
mfraezz
reviewed
Jan 17, 2025
| msg['Reply-To'] = reply_to | ||
|
|
||
| # Combine recipients for SMTP | ||
| recipients = [to_addr] + (bcc_addr or []) |
There was a problem hiding this comment.
Minor, as we're not using basic SMTP: while this is correct behavior, the docs allude to sendmail supporting a msg['Bcc'] field, similar to the above msg['To'], etc. It may be preferable to include that in a conditional.
There was a problem hiding this comment.
Minor, as we're not using basic SMTP:
I would really like to remove this code then, how do feel about just deleting the SMTP code? I thought it was a fail safe, but I think it would actually break in Production.
There was a problem hiding this comment.
There's a conditional at the top that circuit-breaks sending via SMTP without credentials. I'm not especially partial to either keeping or removing, but removing seems out of scope for this project.
## Purpose Make some recommended changes from our CR group. Thanks to @felliott and others for keen eyes. ## Changes - Squash migrations - fix typos
brianjgeiger
approved these changes
Jan 17, 2025
brianjgeiger
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Purpose
Just to ensure the branch is up to snuff.
Changes
QA Notes
Please make verification statements inspired by your code and what your code touches.
What are the areas of risk?
Any concerns/considerations/questions that development raised?
Documentation
Side Effects
Ticket