Change display project info depending on the user role

SPRINTLOG.md

@@ -266,3 +266,7 @@ _Nothing merged in CLI during this sprint_
 - Dependency: Bump `redis-py` to 4.5.5 due to security vulnerability alert(s) ([#1437](https://github.com/ScilifelabDataCentre/dds_web/pull/1437))
 - Change from personal name to unit name if / where it's displayed in emails ([#1439](https://github.com/ScilifelabDataCentre/dds_web/pull/1439))
 - Refactoring: `lost_files_s3_db` flask command changed to group with subcommands ([#1438](https://github.com/ScilifelabDataCentre/dds_web/pull/1438))
+
+# 2023-06-26 - 2023-07-14
+
+- Change display project info depending on the user role ([#1440](https://github.com/ScilifelabDataCentre/dds_web/pull/1440))

dds_web/api/project.py

@@ -488,15 +488,23 @@ def format_project_dict(self, current_user):
         # Apply the filters
         user_projects = models.Project.query.filter(sqlalchemy.and_(*all_filters)).all()
 
+        researcher = False
+        if auth.current_user().role not in ["Super Admin", "Unit Admin", "Unit Personnel"]:
+            researcher = True
+
         # Get info for all projects
         for p in user_projects:
+            project_creator = p.creator.name if p.creator else None
+            if researcher:
+                project_creator = p.responsible_unit.external_display_name
+
             project_info = {
                 "Project ID": p.public_id,
                 "Title": p.title,
                 "PI": p.pi,
                 "Status": p.current_status,
                 "Last updated": p.date_updated if p.date_updated else p.date_created,
-                "Created by": p.creator.name if p.creator else "Former User",
+                "Created by": project_creator or "Former User",
             }
 
             # Get proj size and update total size
@@ -967,10 +975,15 @@ def get(self):
         project = dds_web.utils.collect_project(project_id=project_id)
         dds_web.utils.verify_project_access(project=project)
 
+        # if current user Researcher, show unit name instead of creator name
+        project_creator = project.creator.name if project.creator else None
+        if auth.current_user().role not in ["Super Admin", "Unit Admin", "Unit Personnel"]:
+            project_creator = project.responsible_unit.external_display_name
+
         # Construct a dict with info items
         project_info = {
             "Project ID": project.public_id,
-            "Created by": project.creator.name if project.creator else "Former User",
+            "Created by": project_creator or "Former User",
             "Status": project.current_status,
             "Last updated": project.date_updated,
             "Size": project.size,

tests/test_project_info.py

@@ -47,7 +47,7 @@ def test_list_proj_info_without_project(client):
 
 
 def test_list_proj_info_access_granted(client):
-    """Researcher should be able to list project information"""
+    """Researcher should be able to list project information, "Created by" should be the Unit name"""
 
     token = tests.UserAuth(tests.USER_CREDENTIALS["researchuser"]).token(client)
     response = client.get(tests.DDSEndpoint.PROJECT_INFO, headers=token, query_string=proj_query)
@@ -56,35 +56,55 @@ def test_list_proj_info_access_granted(client):
     project_info = response_json.get("project_info")
 
     assert "public_project_id" == project_info.get("Project ID")
+    # check that Researcher gets Unit name as "Created by"
+    assert "Display Name" == project_info.get("Created by")
     # check that endpoint returns dictionary and not a list
     assert isinstance(project_info, dict)
 
 
 def test_list_proj_info_unit_user(client):
-    """Unit user should be able to list project information"""
+    """Test returned project information for unituser"""
 
-    token = tests.UserAuth(tests.USER_CREDENTIALS["unitadmin"]).token(client)
+    token = tests.UserAuth(tests.USER_CREDENTIALS["unituser"]).token(client)
     response = client.get(tests.DDSEndpoint.PROJECT_INFO, headers=token, query_string=proj_query)
     assert response.status_code == http.HTTPStatus.OK
     response_json = response.json
     project_info = response_json.get("project_info")
 
     assert "public_project_id" == project_info.get("Project ID")
+    # check that Unit admin gets personal name as "Created by"
+    assert "Unit User" == project_info.get("Created by")
     assert (
         "This is a test project. You will be able to upload to but NOT download"
         in project_info.get("Description")
     )
     assert "Size" in project_info.keys() and project_info["Size"] is not None
 
 
-def test_list_proj_info_returned_items(client):
-    """Returned project information should contain certain items"""
+def test_list_proj_info_returned_items_unitadmin(client):
+    """Test returned project information for unitadmin"""
 
     token = tests.UserAuth(tests.USER_CREDENTIALS["unitadmin"]).token(client)
     response = client.get(tests.DDSEndpoint.PROJECT_INFO, headers=token, query_string=proj_query)
     assert response.status_code == http.HTTPStatus.OK
     response_json = response.json
     project_info = response_json.get("project_info")
+    # check that Unit admin gets personal name as "Created by"
+    assert "Unit User" == project_info.get("Created by")
+
+    assert all(item in project_info for item in proj_info_items)
+
+
+def test_list_proj_info_returned_items_superadmin(client):
+    """Test returned project information for superadmin"""
+
+    token = tests.UserAuth(tests.USER_CREDENTIALS["superadmin"]).token(client)
+    response = client.get(tests.DDSEndpoint.PROJECT_INFO, headers=token, query_string=proj_query)
+    assert response.status_code == http.HTTPStatus.OK
+    response_json = response.json
+    project_info = response_json.get("project_info")
+    # check that Super admin gets personal name as "Created by"
+    assert "Unit User" == project_info.get("Created by")
 
     assert all(item in project_info for item in proj_info_items)
 

tests/test_project_listing.py

@@ -30,18 +30,20 @@ def test_list_proj_no_token(client):
 
 
 def test_list_proj_access_granted_ls(client):
-    """Researcher should be able to list"""
+    """Researcher should be able to list, "Created by" should be the Unit name"""
 
     token = tests.UserAuth(tests.USER_CREDENTIALS["researchuser"]).token(client)
     response = client.get(tests.DDSEndpoint.LIST_PROJ, headers=token)
     assert response.status_code == http.HTTPStatus.OK
     response_json = response.json
     list_of_projects = response_json.get("project_info")
     assert "public_project_id" == list_of_projects[0].get("Project ID")
+    # check that Researcher gets Unit name as "Created by"
+    assert "Display Name" == list_of_projects[0].get("Created by")
 
 
-def test_list_proj_unit_user(client):
-    """Unit user should be able to list projects"""
+def test_list_proj_unit_admin(client):
+    """Unit admin should be able to list projects, "Created by" should be the creators name"""
 
     token = tests.UserAuth(tests.USER_CREDENTIALS["unitadmin"]).token(client)
     response = client.get(
@@ -56,6 +58,48 @@ def test_list_proj_unit_user(client):
     assert "public_project_id" == public_project.get("Project ID")
     assert "Cost" in public_project.keys() and public_project["Cost"] is not None
     assert "Usage" in public_project.keys() and public_project["Usage"] is not None
+    # check that Unit admin gets personal name as "Created by"
+    assert "Unit User" == public_project.get("Created by")
+
+
+def test_list_proj_unit_user(client):
+    """Unit user should be able to list projects, "Created by" should be the creators name"""
+
+    token = tests.UserAuth(tests.USER_CREDENTIALS["unituser"]).token(client)
+    response = client.get(
+        tests.DDSEndpoint.LIST_PROJ,
+        headers=token,
+        json={"usage": True},
+        content_type="application/json",
+    )
+
+    assert response.status_code == http.HTTPStatus.OK
+    public_project = response.json.get("project_info")[0]
+    assert "public_project_id" == public_project.get("Project ID")
+    assert "Cost" in public_project.keys() and public_project["Cost"] is not None
+    assert "Usage" in public_project.keys() and public_project["Usage"] is not None
+    # check that Unit user gets personal name as "Created by"
+    assert "Unit User" == public_project.get("Created by")
+
+
+def test_list_proj_superadmin(client):
+    """Super admin should be able to list projects, "Created by" should be the creators name"""
+
+    token = tests.UserAuth(tests.USER_CREDENTIALS["superadmin"]).token(client)
+    response = client.get(
+        tests.DDSEndpoint.LIST_PROJ,
+        headers=token,
+        json={"usage": True},
+        content_type="application/json",
+    )
+
+    assert response.status_code == http.HTTPStatus.OK
+    public_project = response.json.get("project_info")[0]
+    assert "public_project_id" == public_project.get("Project ID")
+    assert "Cost" in public_project.keys() and public_project["Cost"] is not None
+    assert "Usage" in public_project.keys() and public_project["Usage"] is not None
+    # check that Super admin gets personal name as "Created by"
+    assert "Unit User" == public_project.get("Created by")
 
 
 def test_list_only_active_projects_unit_user(client):