Merge pull request #1185 from ansible/goneri/drop-the-AcceptedTermsPe…

…rmission-permission_29330

drop the AcceptedTermsPermission permission

ansible_ai_connect/ai/api/permissions.py

@@ -19,27 +19,6 @@
 from ansible_ai_connect.ai.api.aws.wca_secret_manager import Suffixes
 
 
-class AcceptedTermsPermission(permissions.BasePermission):
-    """
-    Allow access only to users who have accepted terms and conditions or paid users.
-    """
-
-    code = "permission_denied__terms_of_use_not_accepted"
-    message = "Terms of use have not been accepted."
-
-    def has_permission(self, request, view):
-        user = request.user
-        if user.is_authenticated:
-            if settings.ANSIBLE_AI_ENABLE_TECH_PREVIEW and user.community_terms_accepted:
-                return True
-            if user.rh_user_has_seat:
-                return True
-            if not settings.ANSIBLE_AI_ENABLE_TECH_PREVIEW:
-                # The permission is deprecated and should be removed
-                return True
-        return False
-
-
 class IsOrganisationAdministrator(permissions.BasePermission):
     """
     Allow access only to users who are an administrator.

ansible_ai_connect/ai/api/tests/test_permissions.py

@@ -19,7 +19,6 @@
 from django.urls import reverse
 
 from ansible_ai_connect.ai.api.permissions import (
-    AcceptedTermsPermission,
     BlockUserWithoutSeat,
     BlockUserWithoutSeatAndWCAReadyOrg,
     BlockUserWithSeatButWCANotReady,
@@ -31,57 +30,6 @@
 from ansible_ai_connect.users.tests.test_users import create_user
 
 
-@override_settings(ANSIBLE_AI_MODEL_MESH_API_TYPE="wca-dummy")
-@override_settings(ANSIBLE_AI_ENABLE_TECH_PREVIEW=True)
-class AcceptedTermsPermissionTest(WisdomAppsBackendMocking, WisdomServiceAPITestCaseBase):
-    payload = {
-        "prompt": "---\n- hosts: all\n  become: yes\n\n  tasks:\n    - name: Install Apache\n",
-    }
-
-    def accepted_terms(self):
-        return patch.object(
-            self.user,
-            "community_terms_accepted",
-            True,
-        )
-
-    def not_accepted_terms(self):
-        return patch.object(
-            self.user,
-            "community_terms_accepted",
-            None,
-        )
-
-    def test_community_user_has_not_accepted(self):
-        with self.not_accepted_terms():
-            self.client.force_authenticate(user=self.user)
-            r = self.client.post(reverse("completions"), self.payload)
-        self.assertEqual(r.status_code, HTTPStatus.FORBIDDEN)
-        self.assert_error_detail(r, AcceptedTermsPermission.code, AcceptedTermsPermission.message)
-
-    @override_settings(ANSIBLE_AI_ENABLE_TECH_PREVIEW=True)
-    def test_commercial_user_has_not_accepted(self):
-        self.user.rh_user_has_seat = True
-        with self.not_accepted_terms():
-            self.client.force_authenticate(user=self.user)
-            r = self.client.post(reverse("completions"), self.payload)
-        self.assertNotEqual(r.status_code, HTTPStatus.FORBIDDEN)
-
-    @override_settings(ANSIBLE_AI_ENABLE_TECH_PREVIEW=True)
-    def test_community_user_has_accepted(self):
-        with self.accepted_terms():
-            self.client.force_authenticate(user=self.user)
-            r = self.client.post(reverse("completions"), self.payload)
-        self.assertNotEqual(r.status_code, HTTPStatus.FORBIDDEN)
-
-    def test_commercial_user_has_accepted(self):
-        self.user.rh_user_has_seat = True
-        with self.accepted_terms():
-            self.client.force_authenticate(user=self.user)
-            r = self.client.post(reverse("completions"), self.payload)
-        self.assertNotEqual(r.status_code, HTTPStatus.FORBIDDEN)
-
-
 @patch.object(IsOrganisationAdministrator, "has_permission", return_value=False)
 @patch.object(IsOrganisationLightspeedSubscriber, "has_permission", return_value=True)
 class TestIfUserIsOrgAdministrator(WisdomServiceAPITestCaseBase):
@@ -106,42 +54,6 @@ def test_user_is_lightspeed_subscriber_admin(self, *args):
         )
 
 
-@override_settings(ANSIBLE_AI_ENABLE_TECH_PREVIEW=True)
-class TestAcceptedTermsPermission(WisdomAppsBackendMocking):
-    def setUp(self):
-        super().setUp()
-        self.user = create_user(provider="oidc")
-        self.request = Mock()
-        self.request.user = self.user
-        self.p = AcceptedTermsPermission()
-
-    def tearDown(self):
-        self.user.delete()
-        super().tearDown()
-
-    def test_ensure_community_user_with_no_tc_is_blocked(self):
-        self.user.community_terms_accepted = False
-        self.assertFalse(self.p.has_permission(self.request, None))
-
-    @override_settings(ANSIBLE_AI_ENABLE_TECH_PREVIEW=False)
-    def test_ensure_community_user_with_no_tc_is_allowed_post_tech_preview(self):
-        self.user.community_terms_accepted = False
-        self.user.rh_user_has_seat = False
-        self.assertTrue(self.p.has_permission(self.request, None))
-
-    @override_settings(ANSIBLE_AI_ENABLE_TECH_PREVIEW=False)
-    def test_ensure_seated_user_with_no_tc_is_accepted_with_tech_preview(self):
-        self.user.community_terms_accepted = False
-        self.user.rh_user_has_seat = True
-        self.assertTrue(self.p.has_permission(self.request, None))
-
-    @override_settings(ANSIBLE_AI_ENABLE_TECH_PREVIEW=False)
-    def test_ensure_seated_user_with_no_tc_is_accepted_post_tech_preview(self):
-        self.user.community_terms_accepted = False
-        self.user.rh_user_has_seat = True
-        self.assertTrue(self.p.has_permission(self.request, None))
-
-
 @override_settings(WCA_SECRET_BACKEND_TYPE="dummy")
 @override_settings(WCA_SECRET_DUMMY_SECRETS="1234567:valid")
 class TestBlockUserWithoutSeatAndWCAReadyOrg(WisdomAppsBackendMocking):

ansible_ai_connect/ai/api/views.py

@@ -66,7 +66,6 @@
 from .data.data_model import ContentMatchPayloadData, ContentMatchResponseDto
 from .model_client.exceptions import ModelTimeoutError
 from .permissions import (
-    AcceptedTermsPermission,
     BlockUserWithoutSeat,
     BlockUserWithoutSeatAndWCAReadyOrg,
     BlockUserWithSeatButWCANotReady,
@@ -126,7 +125,6 @@
     "saas": [
         permissions.IsAuthenticated,
         IsAuthenticatedOrTokenHasScope,
-        AcceptedTermsPermission,
         BlockUserWithoutSeat,
         BlockUserWithoutSeatAndWCAReadyOrg,
         BlockUserWithSeatButWCANotReady,
@@ -170,7 +168,6 @@ class Feedback(APIView):
     permission_classes = [
         permissions.IsAuthenticated,
         IsAuthenticatedOrTokenHasScope,
-        AcceptedTermsPermission,
     ]
     required_scopes = ["read", "write"]
 
@@ -382,7 +379,6 @@ class ContentMatches(GenericAPIView):
         else [
             permissions.IsAuthenticated,
             IsAuthenticatedOrTokenHasScope,
-            AcceptedTermsPermission,
             BlockUserWithoutSeat,
         ]
     )
@@ -608,7 +604,6 @@ class Explanation(APIView):
     permission_classes = [
         permissions.IsAuthenticated,
         IsAuthenticatedOrTokenHasScope,
-        AcceptedTermsPermission,
         BlockUserWithoutSeat,
         BlockUserWithoutSeatAndWCAReadyOrg,
         BlockUserWithSeatButWCANotReady,
@@ -776,7 +771,6 @@ class Generation(APIView):
     permission_classes = [
         permissions.IsAuthenticated,
         IsAuthenticatedOrTokenHasScope,
-        AcceptedTermsPermission,
         BlockUserWithoutSeat,
         BlockUserWithoutSeatAndWCAReadyOrg,
         BlockUserWithSeatButWCANotReady,

ansible_ai_connect/ai/api/wca/api_key_views.py

@@ -33,7 +33,6 @@
 from ansible_ai_connect.ai.api.aws.wca_secret_manager import Suffixes
 from ansible_ai_connect.ai.api.model_client.exceptions import WcaTokenFailureApiKeyError
 from ansible_ai_connect.ai.api.permissions import (
-    AcceptedTermsPermission,
     IsOrganisationAdministrator,
     IsOrganisationLightspeedSubscriber,
 )
@@ -49,7 +48,6 @@
     IsAuthenticatedOrTokenHasScope,
     IsOrganisationAdministrator,
     IsOrganisationLightspeedSubscriber,
-    AcceptedTermsPermission,
 ]
 
 

ansible_ai_connect/ai/api/wca/model_id_views.py

@@ -44,7 +44,6 @@
     WcaUserTrialExpired,
 )
 from ansible_ai_connect.ai.api.permissions import (
-    AcceptedTermsPermission,
     IsOrganisationAdministrator,
     IsOrganisationLightspeedSubscriber,
 )
@@ -61,7 +60,6 @@
     IsAuthenticatedOrTokenHasScope,
     IsOrganisationAdministrator,
     IsOrganisationLightspeedSubscriber,
-    AcceptedTermsPermission,
 ]
 
 

ansible_ai_connect/ai/api/wca/tests/test_api_key_views.py

@@ -31,7 +31,6 @@
 )
 from ansible_ai_connect.ai.api.model_client.wca_client import WCAClient
 from ansible_ai_connect.ai.api.permissions import (
-    AcceptedTermsPermission,
     IsOrganisationAdministrator,
     IsOrganisationLightspeedSubscriber,
 )
@@ -86,7 +85,6 @@ def test_permission_classes(self, *args):
             IsAuthenticatedOrTokenHasScope,
             IsOrganisationAdministrator,
             IsOrganisationLightspeedSubscriber,
-            AcceptedTermsPermission,
         ]
         self.assertEqual(len(view.permission_classes), len(required_permissions))
         for permission in required_permissions:

ansible_ai_connect/ai/api/wca/tests/test_model_id_views.py

@@ -33,7 +33,6 @@
 )
 from ansible_ai_connect.ai.api.model_client.wca_client import WCAClient, WcaKeyNotFound
 from ansible_ai_connect.ai.api.permissions import (
-    AcceptedTermsPermission,
     IsOrganisationAdministrator,
     IsOrganisationLightspeedSubscriber,
 )
@@ -90,7 +89,6 @@ def test_permission_classes(self, *args):
             IsAuthenticatedOrTokenHasScope,
             IsOrganisationAdministrator,
             IsOrganisationLightspeedSubscriber,
-            AcceptedTermsPermission,
         ]
         self.assertEqual(len(view.permission_classes), len(required_permissions))
         for permission in required_permissions:

ansible_ai_connect/main/tests/test_console_views.py

@@ -22,7 +22,6 @@
 
 import ansible_ai_connect.ai.feature_flags as feature_flags
 from ansible_ai_connect.ai.api.permissions import (
-    AcceptedTermsPermission,
     IsOrganisationAdministrator,
     IsOrganisationLightspeedSubscriber,
 )
@@ -74,7 +73,6 @@ def test_permission_classes(self, *args):
         required_permissions = [
             IsAuthenticated,
             IsAuthenticatedOrTokenHasScope,
-            AcceptedTermsPermission,
         ]
         self.assertEqual(len(view.permission_classes), len(required_permissions))
         for permission in required_permissions:

ansible_ai_connect/main/views.py

@@ -28,7 +28,6 @@
 from rest_framework.views import APIView
 
 from ansible_ai_connect.ai.api.permissions import (
-    AcceptedTermsPermission,
     IsOrganisationAdministrator,
     IsOrganisationLightspeedSubscriber,
 )
@@ -86,7 +85,6 @@ class ConsoleView(ProtectedTemplateView):
     permission_classes = [
         IsAuthenticated,
         IsAuthenticatedOrTokenHasScope,
-        AcceptedTermsPermission,
     ]
 
     def get_template_names(self):

ansible_ai_connect/users/tests/test_users.py

@@ -34,7 +34,6 @@
 
 import ansible_ai_connect.ai.feature_flags as feature_flags
 from ansible_ai_connect.ai.api.permissions import (
-    AcceptedTermsPermission,
     IsOrganisationAdministrator,
     IsOrganisationLightspeedSubscriber,
 )
@@ -663,7 +662,6 @@ def test_rhsso_user_with_telemetry_opted_out(self, LDClient):
     @override_settings(LAUNCHDARKLY_SDK_KEY="dummy_key")
     @patch.object(IsOrganisationAdministrator, "has_permission", return_value=True)
     @patch.object(IsOrganisationLightspeedSubscriber, "has_permission", return_value=True)
-    @patch.object(AcceptedTermsPermission, "has_permission", return_value=True)
     @patch.object(feature_flags, "LDClient")
     def test_rhsso_user_caching(self, LDClient, *args):
         LDClient.return_value.variation.return_value = True