stop creating Product_Member / Product_Type_Member during auto_create_context

devGregA · devGregA · commit f171a1e84c9c · 2026-05-07T16:53:01.000-06:00
The scan-import auto-create flow no longer bootstraps Owner RBAC rows
inline. Pro's post_save signals on Product and Product_Type take care of
this on any newly created instance. Drop the Product_Member,
Product_Type_Member, Role, get_current_user imports — they're unused now.
diff --git a/dojo/importers/auto_create_context.py b/dojo/importers/auto_create_context.py
@@ -2,16 +2,10 @@
 from datetime import datetime, timedelta
 from typing import Any
 
-from crum import get_current_user
 from django.db import transaction
 from django.http.request import QueryDict
 from django.utils import timezone
 
-from dojo.authorization.models import (
-    Product_Member,
-    Product_Type_Member,
-    Role,
-)
 from dojo.models import (
     Engagement,
     Product,
@@ -233,20 +227,14 @@ def get_or_create_product_type(
     ) -> Product_Type:
         """
         Fetches a product type by name if one already exists. If not,
-        a new product type will be created with the current user being
-        added as product type member
+        a new product type will be created. RBAC ownership of the new row
+        is bootstrapped by Pro's post_save signal on Product_Type.
         """
         # Look for an existing object
         if product_type := self.get_target_product_type_if_exists(product_type_name=product_type_name):
             return product_type
         with transaction.atomic():
-            product_type, created = Product_Type.objects.select_for_update().get_or_create(name=product_type_name)
-            if created:
-                Product_Type_Member.objects.create(
-                    user=get_current_user(),
-                    product_type=product_type,
-                    role=Role.objects.get(is_owner=True),
-                )
+            product_type, _created = Product_Type.objects.select_for_update().get_or_create(name=product_type_name)
             return product_type
 
     def get_or_create_product(
@@ -259,8 +247,8 @@ def get_or_create_product(
     ) -> Product:
         """
         Fetches a product by name if it exists. When `auto_create_context` is
-        enabled the product will be created with the current user being added
-        as product member
+        enabled the product will be created. RBAC ownership of the new row is
+        bootstrapped by Pro's post_save signal on Product.
         """
         # try to find the product (within the provided product_type)
         if product := self.get_target_product_if_exists(product_name, product_type_name):
@@ -273,13 +261,7 @@ def get_or_create_product(
         product_type = self.get_or_create_product_type(product_type_name=product_type_name)
         # Create the product
         with transaction.atomic():
-            product, created = Product.objects.select_for_update().get_or_create(name=product_name, prod_type=product_type, description=product_name)
-            if created:
-                Product_Member.objects.create(
-                    user=get_current_user(),
-                    product=product,
-                    role=Role.objects.get(is_owner=True),
-                )
+            product, _created = Product.objects.select_for_update().get_or_create(name=product_name, prod_type=product_type, description=product_name)
 
         return product
 
