From 9ff64df416f512bf93104e636a16594bff990165 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Thu, 27 Jan 2022 19:00:01 +0100
Subject: [PATCH 2/2] manage: remove "Add a role as member" menu entry
 (#61188)t

Also remove the associated view and its tests.
---
 src/authentic2/manager/role_views.py          | 57 -------------------
 .../static/authentic2/manager/css/style.css   |  1 -
 .../authentic2/manager/role_members.html      |  3 -
 src/authentic2/manager/urls.py                |  1 -
 tests/test_manager.py                         | 44 ++------------
 tests/test_role_manager.py                    |  3 -
 6 files changed, 4 insertions(+), 105 deletions(-)

diff --git a/src/authentic2/manager/role_views.py b/src/authentic2/manager/role_views.py
index 88219de8..2b2a056e 100644
--- a/src/authentic2/manager/role_views.py
+++ b/src/authentic2/manager/role_views.py
@@ -409,63 +409,6 @@ class RoleMembersExportView(views.ExportMixin, RoleMembersView):
 members_export = RoleMembersExportView.as_view()
 
 
-class RoleChildrenView(RoleViewMixin, views.HideOUColumnMixin, views.BaseSubTableView):
-    title = _('Add child role')
-    form_class = forms.ChooseRoleForm
-    table_class = tables.InheritanceRolesTable
-    search_form_class = forms.RoleSearchForm
-    template_name = 'authentic2/manager/roles_inheritance.html'
-    permissions = ['a2_rbac.manage_members_role']
-    success_url = '.'
-    slug_field = 'uuid'
-
-    def get_table_queryset(self):
-        qs = super().get_table_queryset()
-        qs = qs.exclude(pk=self.object.pk)
-        children = self.object.children(annotate=True, include_self=False)
-        children = children.annotate(is_direct=Cast('direct', output_field=BooleanField()))
-        qs = qs.annotate(
-            checked=ExpressionWrapper(Q(pk__in=children.filter(is_direct=True)), output_field=BooleanField())
-        )
-        qs = qs.annotate(
-            indeterminate=ExpressionWrapper(
-                Q(pk__in=children.filter(is_direct=False)), output_field=BooleanField()
-            )
-        )
-        rp_qs = RoleParenting.objects.filter(parent__in=children).annotate(name=F('parent__name'))
-        qs = qs.prefetch_related(Prefetch('parent_relation', queryset=rp_qs, to_attr='via'))
-        return qs
-
-    def form_valid(self, form):
-        role = form.cleaned_data['role']
-        action = form.cleaned_data['action']
-        if action == 'add':
-            self.object.add_child(role)
-            hooks.call_hooks(
-                'event', name='manager-add-child-role', user=self.request.user, parent=self.object, child=role
-            )
-            self.request.journal.record('manager.role.inheritance.addition', parent=self.object, child=role)
-        elif action == 'remove':
-            self.object.remove_child(role)
-            hooks.call_hooks(
-                'event',
-                name='manager-remove-child-role',
-                user=self.request.user,
-                parent=self.object,
-                child=role,
-            )
-            self.request.journal.record('manager.role.inheritance.removal', parent=self.object, child=role)
-        return super().form_valid(form)
-
-    def get_search_form_kwargs(self):
-        kwargs = super().get_search_form_kwargs()
-        kwargs['queryset'] = self.request.user.filter_by_perm('a2_rbac.view_role', Role.objects.all())
-        return kwargs
-
-
-children = RoleChildrenView.as_view()
-
-
 class RoleParentsView(RoleViewMixin, views.HideOUColumnMixin, views.BaseSubTableView):
     title = _('Add parent role')
     form_class = forms.RoleParentForm
diff --git a/src/authentic2/manager/static/authentic2/manager/css/style.css b/src/authentic2/manager/static/authentic2/manager/css/style.css
index 6793ab00..71d31b6f 100644
--- a/src/authentic2/manager/static/authentic2/manager/css/style.css
+++ b/src/authentic2/manager/static/authentic2/manager/css/style.css
@@ -243,7 +243,6 @@ form .widget input[type="radio"] {
 /* Select2 styling */
 
 span.select2-container {
-	width: auto !important;
 	flex-grow: 1;
 	margin-right: 1em;
 }
diff --git a/src/authentic2/manager/templates/authentic2/manager/role_members.html b/src/authentic2/manager/templates/authentic2/manager/role_members.html
index 7a350e35..c7a7b378 100644
--- a/src/authentic2/manager/templates/authentic2/manager/role_members.html
+++ b/src/authentic2/manager/templates/authentic2/manager/role_members.html
@@ -42,9 +42,6 @@
       <li><a href="{% url "a2-manager-role-permissions" pk=object.pk %}">{% trans "Permissions" %}</a></li>
       {% endif %}
       <li><a href="{% url "a2-manager-role-journal" pk=object.pk %}">{% trans "Journal" %}</a></li>
-      {% if view.can_manage_members %}
-      <li><a href="{% url "a2-manager-role-children" pk=object.pk %}">{% trans "Add a role as a member" %}</a></li>
-      {% endif %}
     </ul>
   </span>
 {% endblock %}
diff --git a/src/authentic2/manager/urls.py b/src/authentic2/manager/urls.py
index b8b2146b..e9a34e00 100644
--- a/src/authentic2/manager/urls.py
+++ b/src/authentic2/manager/urls.py
@@ -126,7 +126,6 @@ urlpatterns = required(
         url(r'^roles/export/(?P<format>csv|json)/$', role_views.export, name='a2-manager-roles-export'),
         url(r'^roles/journal/$', role_views.roles_journal, name='a2-manager-roles-journal'),
         url(r'^roles/(?P<pk>\d+)/$', role_views.members, name='a2-manager-role-members'),
-        url(r'^roles/(?P<pk>\d+)/children/$', role_views.children, name='a2-manager-role-children'),
         url(r'^roles/(?P<pk>\d+)/parents/$', role_views.parents, name='a2-manager-role-parents'),
         url(
             r'^roles/(?P<pk>\d+)/add-admin-user/$',
diff --git a/tests/test_manager.py b/tests/test_manager.py
index 38725aca..d9230e1d 100644
--- a/tests/test_manager.py
+++ b/tests/test_manager.py
@@ -958,16 +958,6 @@ def test_manager_role_admin_permissions(app, simple_user, admin, simple_role):
     simple_user.roles.add(simple_role)
     admin.roles.add(role)
 
-    response = app.get('/manage/roles/%s/children/' % simple_role.pk)
-    token = str(response.context['csrf_token'])
-    params = {'action': 'add', 'role': role.pk, 'csrfmiddlewaretoken': token}
-    response = app.post('/manage/roles/%s/children/' % simple_role.pk, params=params)
-    assert role in simple_role.children()
-
-    params = {'action': 'remove', 'role': role.pk, 'csrfmiddlewaretoken': token}
-    response = app.post('/manage/roles/%s/children/' % simple_role.pk, params=params)
-    assert role not in simple_role.children()
-
     response = app.get('/manage/roles/%s/parents/' % role.pk)
     token = str(response.context['csrf_token'])
     params = {'action': 'add', 'role': simple_role.pk, 'csrfmiddlewaretoken': token}
@@ -1096,21 +1086,16 @@ def test_manager_widget_fields_validation(app, simple_user, simple_role):
     assert form.is_valid()
 
 
-@pytest.mark.parametrize('relation', ['children', 'parents'])
-def test_manager_role_inheritance_list(app, admin, simple_role, ou1, relation):
+def test_manager_role_inheritance_list_parent(app, admin, simple_role, ou1):
     first_role = Role.objects.create(name='first_role', ou=simple_role.ou)
     second_role = Role.objects.create(name='second_role', ou=simple_role.ou)
     third_role = Role.objects.create(name='third_role', ou=ou1)
 
-    if relation == 'children':
-        simple_role.add_child(first_role)
-        first_role.add_child(second_role)
-    elif relation == 'parents':
-        simple_role.add_parent(first_role)
-        first_role.add_parent(second_role)
+    simple_role.add_parent(first_role)
+    first_role.add_parent(second_role)
 
     response = login(app, admin)
-    response = app.get('/manage/roles/%s/%s/' % (simple_role.pk, relation))
+    response = app.get('/manage/roles/%s/parents/' % simple_role.pk)
     q = response.pyquery.remove_namespaces()
     assert len(q('table tbody tr')) == 3
     assert {e.text_content() for e in q('table tbody td.name')} == {
@@ -1165,27 +1150,6 @@ def test_manager_role_inheritance_list_search_permission(app, admin, simple_user
 
     response = login(app, simple_user, '/manage/roles/')
 
-    # all visible roles are shown, except current role
-    response = app.get('/manage/roles/%s/children/' % simple_role.pk)
-    q = response.pyquery.remove_namespaces()
-    assert len(q('table tbody tr')) == 2
-    assert {e.text_content() for e in q('table tbody td.name')} == {visible_role.name, visible_role_2.name}
-
-    # filter by ou
-    response.form['search-ou'] = ou1.pk
-    response = response.form.submit()
-    q = response.pyquery.remove_namespaces()
-    assert len(q('table tbody tr')) == 1
-    assert {e.text_content() for e in q('table tbody td.name')} == {visible_role_2.name}
-
-    # filter by name
-    response.form['search-text'] = '2'
-    response.form['search-ou'] = 'all'
-    response = response.form.submit()
-    q = response.pyquery.remove_namespaces()
-    assert len(q('table tbody tr')) == 1
-    assert {e.text_content() for e in q('table tbody td.name')} == {visible_role_2.name}
-
     # all roles with manage_members permissions are shown
     response = app.get('/manage/roles/%s/parents/' % visible_role.pk)
     q = response.pyquery.remove_namespaces()
diff --git a/tests/test_role_manager.py b/tests/test_role_manager.py
index 915d166a..c34c5057 100644
--- a/tests/test_role_manager.py
+++ b/tests/test_role_manager.py
@@ -473,9 +473,6 @@ def test_role_members_user_role_mixed_table(app, superuser, settings, simple_rol
     rows = [text_content(el) for el in resp.pyquery('tr td.link')]
     assert rows == ['user1', 'Jôhn Dôe']
 
-    resp = resp.click('Add a role as a member')
-    assert 'Role a' in resp.text
-
     # add child role to child
     grandchild = Role.objects.create(name='grandchild')
     role.add_child(grandchild)
-- 
2.34.1