Add demo group (DEV-1040)

apps/betterangels-backend/accounts/groups.py

@@ -3,3 +3,4 @@
 
 class GroupTemplateNames(StrEnum):
     CASEWORKER = "Caseworker"
+    DEMO = "Demo"

apps/betterangels-backend/accounts/migrations/0039_add_demo_group.py

@@ -0,0 +1,24 @@
+# Generated by Django 5.1.3 on 2024-11-20 18:36
+
+from django.db import migrations
+
+
+def create_demo_group(apps, schema_editor):
+    Group = apps.get_model("auth", "Group")
+    Group.objects.get_or_create(name="Demo")
+
+
+def create_demo_permission_template(apps, schema_editor):
+    PermissionGroupTemplate = apps.get_model("accounts", "PermissionGroupTemplate")
+    PermissionGroupTemplate.objects.create(name="Demo")
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("accounts", "0038_alter_userevent_id"),
+    ]
+
+    operations = [
+        migrations.RunPython(create_demo_group),
+        migrations.RunPython(create_demo_permission_template),
+    ]

apps/betterangels-backend/accounts/utils.py

@@ -12,11 +12,14 @@ def remove_organization_permission_group(organization: Organization) -> None:
 
 
 def add_default_org_permissions_to_user(user: User, organization: Organization) -> None:
-    default_permission_group, _ = PermissionGroupTemplate.objects.get_or_create(
-        # TODO: This is a hack for MVP. Not all orgs will default to caseworkers
-        # we will want to have a default template selected for orgs on the org model.
-        name=GroupTemplateNames.CASEWORKER
-    )
+    # TODO 2024.11.20: This is a hack for MVP. Once we have more permission group templates,
+    # we'll need to store each org's default template.
+    if user.email and "+demo@example.com" in user.email:
+        template_name = GroupTemplateNames.DEMO
+    else:
+        template_name = GroupTemplateNames.CASEWORKER
+
+    default_permission_group, _ = PermissionGroupTemplate.objects.get_or_create(name=template_name)
     org_permission_group, _ = PermissionGroup.objects.get_or_create(
         organization=organization, template=default_permission_group
     )
@@ -36,7 +39,7 @@ def get_user_permission_group(user: Union[AbstractBaseUser, AnonymousUser]) -> P
         PermissionGroup.objects.select_related("organization", "group")
         .filter(
             organization__users=user,
-            name=GroupTemplateNames.CASEWORKER,
+            name__in=[GroupTemplateNames.CASEWORKER, GroupTemplateNames.DEMO],
         )
         .first()
     )

apps/betterangels-backend/clients/migrations/0010_demo_clientprofile_permissions.py

@@ -0,0 +1,34 @@
+# Generated by Django 5.1.3 on 2024-11-21 00:08
+
+from django.db import migrations
+
+
+def update_demo_permission_template(apps, schema_editor):
+    PermissionGroupTemplate = apps.get_model("accounts", "PermissionGroupTemplate")
+    Permission = apps.get_model("auth", "Permission")
+    ContentType = apps.get_model("contenttypes", "ContentType")
+    ClientProfile = apps.get_model("clients", "ClientProfile")
+    ClientProfileContentType = ContentType.objects.get_for_model(ClientProfile)
+    demo_template = PermissionGroupTemplate.objects.get(name="Demo")
+
+    perm_map = [
+        perm.split(".")[1]
+        for perm in [
+            "clients.add_clientprofile",
+        ]
+    ]
+
+    permissions = Permission.objects.filter(codename__in=perm_map, content_type=ClientProfileContentType)
+    demo_template.permissions.add(*permissions)
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("accounts", "0039_add_demo_group"),
+        ("clients", "0009_clientprofile_caseworker_crud_permissions"),
+    ]
+
+    operations = [
+        migrations.RunPython(update_demo_permission_template),
+    ]

apps/betterangels-backend/clients/schema.py

@@ -2,6 +2,7 @@
 
 import strawberry
 import strawberry_django
+from accounts.groups import GroupTemplateNames
 from accounts.models import User
 from accounts.utils import get_user_permission_group
 from clients.models import ClientContact, ClientProfile
@@ -191,7 +192,7 @@ def create_client_document(self, info: Info, data: CreateClientDocumentInput) ->
     def create_client_profile(self, info: Info, data: CreateClientProfileInput) -> ClientProfileType:
         with transaction.atomic():
             user = get_current_user(info)
-            get_user_permission_group(user)
+            permission_group = get_user_permission_group(user)
             client_profile_data: dict = strawberry.asdict(data)
             user_data = client_profile_data.pop("user")
             client_user = User.objects.create_client(**user_data)
@@ -216,6 +217,16 @@ def create_client_profile(self, info: Info, data: CreateClientProfileInput) -> C
                     is_primary=phone_number["is_primary"],
                 )
 
+            # NOTE: Don't need to add permissions for caseworkers because the caseworker template already has them
+            if permission_group.name != GroupTemplateNames.CASEWORKER:
+                permissions = [
+                    ClientProfilePermissions.VIEW,
+                    ClientProfilePermissions.CHANGE,
+                    ClientProfilePermissions.DELETE,
+                ]
+                for perm in permissions:
+                    assign_perm(perm, permission_group.group, client_profile)
+
             return cast(ClientProfileType, client_profile)
 
     @strawberry_django.mutation(extensions=[HasRetvalPerm(perms=[ClientProfilePermissions.CHANGE])])

apps/betterangels-backend/clients/tests/test_permissions.py

@@ -53,6 +53,7 @@ def test_create_client_profile_permission(self, user_label: str, should_succeed:
             ("org_1_case_manager_1", True),  # Owner should succeed
             ("org_1_case_manager_2", True),  # Other CM in owner's org should succeed
             ("org_2_case_manager_1", True),  # CM in different org should succeed
+            ("demo_user", False),  # Demo user should not succeed
             ("client_user_1", False),  # Non CM should not succeed
             (None, False),  # Anonymous user should not succeed
         ],

apps/betterangels-backend/common/tests/utils.py

@@ -29,6 +29,7 @@ def _setup_users(self) -> None:
             "org_1_case_manager_1",
             "org_1_case_manager_2",
             "org_2_case_manager_1",
+            "demo_user",
             # Calling these client_users because they're note Client instances,
             # but ordinary users created to facilitate testing.
             "client_user_1",
@@ -40,6 +41,7 @@ def _setup_users(self) -> None:
         self.org_1_case_manager_1 = self.user_map["org_1_case_manager_1"]
         self.org_1_case_manager_2 = self.user_map["org_1_case_manager_2"]
         self.org_2_case_manager_1 = self.user_map["org_2_case_manager_1"]
+        self.demo_user = self.user_map["demo_user"]
         self.client_user_1 = self.user_map["client_user_1"]
         self.client_user_1.first_name = "Dale"
         self.client_user_1.last_name = "Cooper"
@@ -48,16 +50,25 @@ def _setup_users(self) -> None:
         self.client_user_2.first_name = "Harry"
         self.client_user_2.last_name = "Truman"
         self.client_user_2.save()
+        self.demo_user = self.user_map["demo_user"]
+        self.demo_user.email = "test+demo@example.com"
+        self.demo_user.save()
 
     def _setup_groups_and_permissions(self) -> None:
         caseworker_permission_group_template = PermissionGroupTemplate.objects.get(name="Caseworker")
-        perm_group = permission_group_recipe.make(template=caseworker_permission_group_template)
-        perm_group.organization.add_user(self.org_1_case_manager_1)
-        perm_group.organization.add_user(self.org_1_case_manager_2)
+        caseworker_perm_group = permission_group_recipe.make(template=caseworker_permission_group_template)
+        caseworker_perm_group.organization.add_user(self.org_1_case_manager_1)
+        caseworker_perm_group.organization.add_user(self.org_1_case_manager_2)
+
+        demo_permission_group_template = PermissionGroupTemplate.objects.get(name="Demo")
+        demo_perm_group = permission_group_recipe.make(template=demo_permission_group_template)
+        demo_perm_group.organization.name = "Demo Org"
+        demo_perm_group.organization.save()
+        demo_perm_group.organization.add_user(self.demo_user)
 
         # Create Another Org
-        perm_group_2 = permission_group_recipe.make()
-        perm_group_2.organization.add_user(self.org_2_case_manager_1)
+        caseworked_perm_group_2 = permission_group_recipe.make()
+        caseworked_perm_group_2.organization.add_user(self.org_2_case_manager_1)
 
     def _get_address_inputs(
         self,