fix(api): transfer all downstream resources along with app (#1146)

Matthew Fisher · web-flow · commit 06211a27f78c · 2016-11-23T13:30:50.000-08:00
This gives the target user complete ownership over the releases, configuration and
other resources required when transferring an app's ownership.
diff --git a/rootfs/api/fixtures/tests.json b/rootfs/api/fixtures/tests.json
@@ -52,5 +52,23 @@
         "email": "autotest3@deis.io",
         "date_joined": "2013-05-10T16:08:09.357Z"
     }
+},
+{
+    "pk": 10,
+    "model": "auth.user",
+    "fields": {
+        "username": "autotest4",
+        "first_name": "Otto",
+        "last_name": "Test",
+        "is_active": true,
+        "is_superuser": false,
+        "is_staff": false,
+        "last_login": "2013-05-10T16:08:09.357Z",
+        "groups": [],
+        "user_permissions": [],
+        "password": "pbkdf2_sha256$10000$5Uoq7dl61vnN$gQhDpc2q2Rkn16VdPC+pNNEQcKpy+LGe29Zkad+2/m4=",
+        "email": "autotest4@deis.io",
+        "date_joined": "2013-05-10T16:08:09.357Z"
+    }
 }
 ]
diff --git a/rootfs/api/tests/test_app.py b/rootfs/api/tests/test_app.py
@@ -330,11 +330,19 @@ def test_app_transfer(self, mock_requests):
         owner_token = Token.objects.get(user=owner).key
         self.client.credentials(HTTP_AUTHORIZATION='Token ' + owner_token)
 
-        app_id = self.create_app()
+        collaborator = User.objects.get(username='autotest3')
+
+        app = App.objects.create(owner=owner)
+
+        # pretend the owner and a collaborator added some config to the app to ensure
+        # resources owned by the owner are transferred, but not resources owned by the
+        # collaborator.
+        config1 = Config.objects.create(owner=owner, app=app, values={'FOO': 'bar'})
+        config2 = Config.objects.create(owner=collaborator, app=app, values={'CAR': 'star'})
 
         # Transfer App
-        url = '/v2/apps/{}'.format(app_id)
-        new_owner = User.objects.get(username='autotest3')
+        url = '/v2/apps/{}'.format(app.id)
+        new_owner = User.objects.get(username='autotest4')
         new_owner_token = Token.objects.get(user=new_owner).key
         body = {'owner': new_owner.username}
         response = self.client.post(url, body)
@@ -350,6 +358,18 @@ def test_app_transfer(self, mock_requests):
         self.assertEqual(response.status_code, 200, response.data)
         self.assertEqual(response.data['owner'], new_owner.username)
 
+        # At this point config1.owner field is still the old owner, but the value in the database
+        # was updated to the new owner when we performed the transfer. The object's updated values
+        # needs to be reloaded from the database to get an accurate idea who owns the object.
+        # https://docs.djangoproject.com/en/dev/ref/models/instances/#django.db.models.Model.refresh_from_db
+        config1.refresh_from_db()
+        config2.refresh_from_db()
+
+        # New owner also is given ownership to all resources owned by the original user, but not
+        # resources created by other users
+        self.assertEqual(config1.owner, new_owner)
+        self.assertEqual(config2.owner, collaborator)
+
         # Collaborators can't transfer
         body = {'username': owner.username}
         perms_url = url+"/perms/"
diff --git a/rootfs/api/tests/test_users.py b/rootfs/api/tests/test_users.py
@@ -16,7 +16,7 @@ def test_super_user_can_list(self):
             response = self.client.get(url,
                                        HTTP_AUTHORIZATION='token {}'.format(token))
             self.assertEqual(response.status_code, 200, response.data)
-            self.assertEqual(len(response.data['results']), 3)
+            self.assertEqual(len(response.data['results']), 4)
 
     def test_non_super_user_cannot_list(self):
         user = User.objects.get(username='autotest2')
diff --git a/rootfs/api/views.py b/rootfs/api/views.py
@@ -243,12 +243,18 @@ def run(self, request, **kwargs):
 
     def update(self, request, **kwargs):
         app = self.get_object()
+        old_owner = app.owner
 
         if request.data.get('owner'):
             if self.request.user != app.owner and not self.request.user.is_superuser:
                 raise PermissionDenied()
             new_owner = get_object_or_404(User, username=request.data['owner'])
             app.owner = new_owner
+            # ensure all downstream objects that are owned by this user and are part of this app
+            # is also updated
+            for downstream_model in [models.AppSettings, models.Build, models.Config,
+                                     models.Domain, models.Release, models.TLS]:
+                downstream_model.objects.filter(owner=old_owner, app=app).update(owner=new_owner)
         app.save()
         return Response(status=status.HTTP_200_OK)
 
