Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Location Type 'has users' util function check #34820

Merged
merged 7 commits into from
Jul 2, 2024
Merged

Location Type 'has users' util function check #34820

merged 7 commits into from
Jul 2, 2024

Conversation

AddisonDunn
Copy link
Contributor

@AddisonDunn AddisonDunn commented Jun 25, 2024
edited
Loading

Product Description

Jira ticket that's part of an epic to create a "has users" configuration option for organization levels to mark that a level has no users and should not be included in the location dropdown when assigning locations to a user.

This PR has no user-facing impact.

Technical Summary

Adds a util method that checks whether a location type has any users in it (w test), and backend validation that a location type passed in does not have any users if the "has users" setting is being turned off.

Safety Assurance

Adds feature flag, LOCATION_HAS_USERS

Safety Assurance

Safety story

All logic is behind a FF check. Checked locally to verify the org levels page could save without error when the FF is off.

Automated test coverage

Added for the util function to make sure it works.

QA Plan

QA will be done at the end of this feature's build.

Rollback instructions

  • This PR can be reverted after deploy with no further considerations

Labels & Review

  • Risk label is set correctly
  • The set of people pinged as reviewers is appropriate for the level of risk of the change

@AddisonDunn AddisonDunn added the product/invisible Change has no end-user visible impact label Jun 25, 2024
@AddisonDunn AddisonDunn marked this pull request as ready for review June 25, 2024 20:30
@AddisonDunn AddisonDunn requested a review from esoergel as a code owner June 25, 2024 20:30
@AddisonDunn AddisonDunn closed this Jul 1, 2024
@AddisonDunn AddisonDunn reopened this Jul 1, 2024
esoergel
esoergel reviewed Jul 1, 2024
View reviewed changes
corehq/apps/locations/util.py Outdated
Comment on lines 438 to 439
users = user_ids_at_locations(location_ids)
return bool(users)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will fetch all IDs of matching docs, which is unnecessary - this should be a smidge more efficient:

Suggested change
users = user_ids_at_locations(location_ids)
return bool(users)
return bool(UserES().location(location_ids).count())

Looks like we could do even better, but I don't think we have the wrappers for that yet.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 thanks.

esoergel
esoergel reviewed Jul 1, 2024
View reviewed changes
corehq/apps/locations/views.py Outdated
if not loc_type.get('has_users'):
try:
existing_loc_type_sql_obj = LocationType.objects.get(pk=pk)
except ObjectDoesNotExist: # Location type not created yet
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like there's also a _is_fake_pk bit of logic that you can use to avoid looking up uncreated location types.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Word, I see now

esoergel
esoergel reviewed Jul 2, 2024
View reviewed changes
corehq/apps/locations/views.py Outdated
if not loc_type.get('has_users'):
if _is_fake_pk(pk):
return
if does_location_type_have_users(LocationType.objects.get(pk=pk)):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if does_location_type_have_users(LocationType.objects.get(pk=pk)):
if does_location_type_have_users(LocationType.objects.get(pk=pk, domain=domain)):
``

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just in case?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, just good practice, since the ID is untrusted input. A malicious actor could make a request with IDs from another domain (and since they're incrementing integer IDs, they're guessable). Wouldn't give them anything useful in this case, but still good to guard against. I've toyed with the idea making a domain filter required by default for all SQL models unless specifically exempted, but haven't really gone anywhere with that yet.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, I see, interesting.

@AddisonDunn AddisonDunn merged commit be76e56 into master Jul 2, 2024
13 checks passed
@AddisonDunn AddisonDunn deleted the ad/location-type-has-users-util-check branch July 2, 2024 19:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@esoergel esoergel esoergel approved these changes

@Robert-Costello Robert-Costello Awaiting requested review from Robert-Costello

@Jtang-1 Jtang-1 Awaiting requested review from Jtang-1

Assignees
No one assigned
Labels
product/invisible Change has no end-user visible impact
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AddisonDunn @esoergel