remove orphaned OrganizationGroup V3 API ViewSet, serializer, filter, and permission

Same shape as the previous slice. The OrganizationGroupViewSet,
OrganizationGroupSerializer, OrganizationGroupFilterSet, and
UserHasOrganizationGroupPermission classes touch the Product_Type_Group
RBAC model and were never registered with v2_api. Drop them and the
unused imports left over (Product_Type_Group,
get_authorized_product_type_groups, user_has_permission, NumberFilter,
PermissionDenied, ValidationError).

Author: devGregA

dojo/authorization/api_permissions.py

@@ -571,25 +571,6 @@ def has_object_permission(self, request, view, obj):
         )
 
 
-class UserHasOrganizationGroupPermission(permissions.BasePermission):
-    def has_permission(self, request, view):
-        return check_post_permission(
-            request,
-            Product_Type,
-            "organization",
-            "add",
-        )
-
-    def has_object_permission(self, request, view, obj):
-        return check_object_permission(
-            request,
-            obj,
-            "view",
-            "edit",
-            "delete",
-        )
-
-
 class UserHasReimportPermission(permissions.BasePermission):
     def has_permission(self, request, view):
         # permission check takes place before validation, so we don't have access to serializer.validated_data()

dojo/organization/api/filters.py

@@ -1,9 +1,6 @@
-from django_filters import BooleanFilter, NumberFilter
+from django_filters import BooleanFilter
 from django_filters.rest_framework import FilterSet
 
-from dojo.authorization.models import (
-    Product_Type_Group,
-)
 from dojo.labels import get_labels
 from dojo.models import Product_Type
 
@@ -19,9 +16,3 @@ class Meta:
         fields = ("id", "name", "created", "updated")
 
 
-class OrganizationGroupFilterSet(FilterSet):
-    asset_type_id = NumberFilter(field_name="product_type_id")
-
-    class Meta:
-        model = Product_Type_Group
-        fields = ("id", "group_id")

dojo/organization/api/serializers.py

@@ -1,10 +1,5 @@
 from rest_framework import serializers
-from rest_framework.exceptions import PermissionDenied, ValidationError
 
-from dojo.authorization.authorization import user_has_permission
-from dojo.authorization.models import (
-    Product_Type_Group,
-)
 from dojo.models import Product_Type
 from dojo.product_type.queries import get_authorized_product_types
 
@@ -14,49 +9,6 @@ def get_queryset(self):
         return get_authorized_product_types("view")
 
 
-class OrganizationGroupSerializer(serializers.ModelSerializer):
-    organization = RelatedOrganizationField(source="product_type")
-
-    class Meta:
-        model = Product_Type_Group
-        exclude = ("product_type",)
-
-    def validate(self, data):
-        if (
-            self.instance is not None
-            and data.get("organization") != self.instance.product_type
-            and not user_has_permission(
-                self.context["request"].user,
-                data.get("organization"),
-                "add",
-            )
-        ):
-            msg = "You are not permitted to add a group to this Organization"
-            raise PermissionDenied(msg)
-
-        if (
-            self.instance is None
-            or data.get("organization") != self.instance.product_type
-            or data.get("group") != self.instance.group
-        ):
-            members = Product_Type_Group.objects.filter(
-                product_type=data.get("organization"), group=data.get("group"),
-            )
-            if members.count() > 0:
-                msg = "Organization Group already exists"
-                raise ValidationError(msg)
-
-        if data.get("role").is_owner and not user_has_permission(
-            self.context["request"].user,
-            data.get("organization"),
-            "staff_only",
-        ):
-            msg = "You are not permitted to add a group as Owner to this Organization"
-            raise PermissionDenied(msg)
-
-        return data
-
-
 class OrganizationSerializer(serializers.ModelSerializer):
     critical_asset = serializers.BooleanField(source="critical_product", default=False)
     key_asset = serializers.BooleanField(source="key_product", default=False)

dojo/organization/api/views.py

@@ -8,19 +8,10 @@
 from dojo.api_v2.serializers import ReportGenerateOptionSerializer, ReportGenerateSerializer
 from dojo.api_v2.views import PrefetchDojoModelViewSet, report_generate, schema_with_prefetch
 from dojo.authorization import api_permissions as permissions
-from dojo.authorization.models import (
-    Product_Type_Group,
-)
 from dojo.models import Product_Type
 from dojo.organization.api import serializers
-from dojo.organization.api.filters import (
-    OrganizationFilterSet,
-    OrganizationGroupFilterSet,
-)
-from dojo.product_type.queries import (
-    get_authorized_product_type_groups,
-    get_authorized_product_types,
-)
+from dojo.organization.api.filters import OrganizationFilterSet
+from dojo.product_type.queries import get_authorized_product_types
 from dojo.utils import async_delete, get_setting
 
 
@@ -90,29 +81,3 @@ def generate_report(self, request, pk=None):
         return Response(report.data)
 
 
-# Authorization: object-based
-@extend_schema_view(**schema_with_prefetch())
-class OrganizationGroupViewSet(
-    PrefetchDojoModelViewSet,
-):
-    serializer_class = serializers.OrganizationGroupSerializer
-    queryset = Product_Type_Group.objects.none()
-    filter_backends = (DjangoFilterBackend,)
-    filterset_class = OrganizationGroupFilterSet
-    permission_classes = (
-        IsAuthenticated,
-        permissions.UserHasOrganizationGroupPermission,
-    )
-
-    def get_queryset(self):
-        return get_authorized_product_type_groups(
-            "view",
-        ).distinct()
-
-    @extend_schema(
-        exclude=True,
-    )
-    def partial_update(self, request, pk=None):
-        # Object authorization won't work if not all data is provided
-        response = {"message": "Patch function is not offered in this path."}
-        return Response(response, status=status.HTTP_405_METHOD_NOT_ALLOWED)