From e075f926cc031802291183ce9a94754f5c196391 Mon Sep 17 00:00:00 2001 From: Michael Collins <15347726+michaeljcollinsuk@users.noreply.github.com> Date: Wed, 18 Oct 2023 17:06:33 +0100 Subject: [PATCH] Remove revoked_by arg --- controlpanel/api/models/apps3bucket.py | 5 ++--- controlpanel/api/models/policys3bucket.py | 4 ++-- controlpanel/api/models/users3bucket.py | 5 ++--- controlpanel/api/tasks/handlers/s3.py | 3 ++- tests/api/tasks/test_s3.py | 12 +++--------- 5 files changed, 11 insertions(+), 18 deletions(-) diff --git a/controlpanel/api/models/apps3bucket.py b/controlpanel/api/models/apps3bucket.py index 33078e797..9cd5d44d4 100644 --- a/controlpanel/api/models/apps3bucket.py +++ b/controlpanel/api/models/apps3bucket.py @@ -43,6 +43,5 @@ def __repr__(self): def grant_bucket_access(self): tasks.S3BucketGrantToApp(self, self.current_user).create_task() - def revoke_bucket_access(self, revoked_by=None): - revoked_by = revoked_by or None - tasks.S3BucketRevokeAppAccess(self, revoked_by).create_task() + def revoke_bucket_access(self): + tasks.S3BucketRevokeAppAccess(self, self.current_user).create_task() diff --git a/controlpanel/api/models/policys3bucket.py b/controlpanel/api/models/policys3bucket.py index a0c6b29ec..feb7e4299 100644 --- a/controlpanel/api/models/policys3bucket.py +++ b/controlpanel/api/models/policys3bucket.py @@ -38,8 +38,8 @@ def grant_bucket_access(self): self.resources, ) - def revoke_bucket_access(self, revoked_by=None): - # TODO update to use a Task to revoke access, to match user/app access{{ + def revoke_bucket_access(self): + # TODO update to use a Task to revoke access, to match user/app access if self.s3bucket.is_folder: return cluster.RoleGroup(self.policy).revoke_folder_access( root_folder_path=self.s3bucket.name diff --git a/controlpanel/api/models/users3bucket.py b/controlpanel/api/models/users3bucket.py index 2f9d00d4e..7e5cfbec3 100644 --- a/controlpanel/api/models/users3bucket.py +++ b/controlpanel/api/models/users3bucket.py @@ -47,9 +47,8 @@ def __repr__(self): def grant_bucket_access(self): tasks.S3BucketGrantToUser(self, self.current_user).create_task() - def revoke_bucket_access(self, revoked_by=None): + def revoke_bucket_access(self): # TODO when soft delete is added, this should be updated to use the user that # has deleted the parent S3bucket to ensure we store the user that has sent the # task in the case of cascading deletes - revoked_by = revoked_by or self.current_user - tasks.S3BucketRevokeUserAccess(self, revoked_by).create_task() + tasks.S3BucketRevokeUserAccess(self, self.current_user).create_task() diff --git a/controlpanel/api/tasks/handlers/s3.py b/controlpanel/api/tasks/handlers/s3.py index b748031a1..69b7ab0d7 100644 --- a/controlpanel/api/tasks/handlers/s3.py +++ b/controlpanel/api/tasks/handlers/s3.py @@ -93,4 +93,5 @@ def handle(self, *args, **kwargs): if not issubclass(model, AccessToS3Bucket): continue - instance.revoke_bucket_access(revoked_by=task_user) + instance.current_user = task_user + instance.revoke_bucket_access() diff --git a/tests/api/tasks/test_s3.py b/tests/api/tasks/test_s3.py index 20331f4f6..368283731 100644 --- a/tests/api/tasks/test_s3.py +++ b/tests/api/tasks/test_s3.py @@ -130,12 +130,6 @@ def test_revoke_all_access(users): revoke_all_access_s3bucket(bucket.pk, task.user_id) - user_access.revoke_bucket_access.assert_called_once_with( - revoked_by=users["superuser"], - ) - app_access.revoke_bucket_access.assert_called_once_with( - revoked_by=users["superuser"], - ) - policy_access.revoke_bucket_access.assert_called_once_with( - revoked_by=users["superuser"], - ) + user_access.revoke_bucket_access.assert_called_once() + app_access.revoke_bucket_access.assert_called_once() + policy_access.revoke_bucket_access.assert_called_once()