Create cron job to give superuser to env-defined users (temporary patch over broken platform-level team sync)

julianweng · julianweng · commit a51abb77cdb5 · 2024-10-21T20:53:34.000-04:00
diff --git a/backend/clubs/management/commands/osa_perms_updates.py b/backend/clubs/management/commands/osa_perms_updates.py
@@ -0,0 +1,36 @@
+from django.conf import settings
+from django.contrib.auth import get_user_model
+from django.contrib.auth.models import Group, Permission
+from django.contrib.contenttypes.models import ContentType
+from django.core.management.base import BaseCommand
+
+from clubs.models import Club
+
+
+class Command(BaseCommand):
+    help = "Give superuser to hard-coded user accounts affiliated with OSA."
+    web_execute = True
+
+    def handle(self, *args, **kwargs):
+        User = get_user_model()
+        content_type = ContentType.objects.get_for_model(Club)
+        approve_perm = Permission.objects.get(
+            codename="approve_club", content_type=content_type
+        )
+        pending_perm = Permission.objects.get(
+            codename="see_pending_clubs", content_type=content_type
+        )
+        if not settings.OSA_KEYS:
+            raise ValueError("OSA_KEYS not set in settings")
+        if not (approvers := Group.objects.filter(name="Approvers").first()):
+            raise ValueError("Approvers group not found")
+        for key in settings.OSA_KEYS:
+            if not key or not (user := User.objects.get(username=key)):
+                continue
+            user.is_superuser = True
+            user.is_staff = True
+            user.user_permissions.add(approve_perm)
+            user.user_permissions.add(pending_perm)
+            approvers.user_set.add(user)
+            user.save()
+        approvers.save()
diff --git a/backend/pennclubs/settings/development.py b/backend/pennclubs/settings/development.py
@@ -42,3 +42,5 @@
     "run_environment": "apitest.cybersource.com",
 }
 CYBERSOURCE_TARGET_ORIGIN = "https://localhost:3001"
+
+OSA_KEYS = ["gwashington"]
diff --git a/backend/pennclubs/settings/production.py b/backend/pennclubs/settings/production.py
@@ -89,3 +89,5 @@
     "run_environment": "api.cybersource.com",
 }
 CYBERSOURCE_TARGET_ORIGIN = "https://pennclubs.com"
+
+OSA_KEYS = os.getenv("OSA_KEYS", "").split(",")
diff --git a/backend/tests/clubs/test_commands.py b/backend/tests/clubs/test_commands.py
@@ -777,3 +777,31 @@ def test_graduate_users_output(self):
             "Updated the membership status of 1 student club relationships!",
             out.getvalue(),
         )
+
+
+class OsaPermsUpdatesTestCase(TestCase):
+    def setUp(self):
+        self.user1 = get_user_model().objects.create_user("gwashington")
+
+    def test_osa_perms_updates(self):
+        # Test error when OSA_KEYS is not set
+        with mock.patch("django.conf.settings.OSA_KEYS", None):
+            with self.assertRaises(ValueError):
+                call_command("osa_perms_updates")
+            self.assertFalse(self.user1.is_superuser)
+
+        with mock.patch("django.conf.settings.OSA_KEYS", ["gwashington"]):
+            # Test error when Approvers group is not found
+            with self.assertRaises(ValueError):
+                call_command("osa_perms_updates")
+            self.assertFalse(self.user1.is_superuser)
+
+            # Create Approvers group
+            Group.objects.create(name="Approvers")
+            call_command("osa_perms_updates")
+            self.user1.refresh_from_db()
+            self.assertTrue(self.user1.groups.filter(name="Approvers").exists())
+            self.assertTrue(self.user1.is_staff)
+            self.assertTrue(self.user1.is_superuser)
+            self.assertTrue(self.user1.has_perm("approve_club"))
+            self.assertTrue(self.user1.has_perm("see_pending_clubs"))
diff --git a/k8s/main.ts b/k8s/main.ts
@@ -75,6 +75,13 @@ export class MyChart extends PennLabsChart {
       cmd: ['python', 'manage.py', 'rank'],
     });
 
+    new CronJob(this, 'osa-perms-updates', {
+      schedule: cronTime.every(5).minutes(),
+      image: backendImage,
+      secret: clubsSecret,
+      cmd: ['python', 'manage.py', 'osa_perms_updates'],
+    });
+
     new CronJob(this, 'daily-notifications', {
       schedule: cronTime.onSpecificDaysAt(['monday', 'wednesday', 'friday'], 10, 0),
       image: backendImage,

Original file line number	Diff line number	Diff line change
`@@ -42,3 +42,5 @@`
`42`	`42`	`"run_environment": "apitest.cybersource.com",`
`43`	`43`	`}`
`44`	`44`	`CYBERSOURCE_TARGET_ORIGIN = "https://localhost:3001"`
	`45`	`+`
	`46`	`+OSA_KEYS = ["gwashington"]`
Original file line number	Diff line number	Diff line change
`@@ -89,3 +89,5 @@`
`89`	`89`	`"run_environment": "api.cybersource.com",`
`90`	`90`	`}`
`91`	`91`	`CYBERSOURCE_TARGET_ORIGIN = "https://pennclubs.com"`
	`92`	`+`
	`93`	`+OSA_KEYS = os.getenv("OSA_KEYS", "").split(",")`