Commit d3f4a181 authored by Calum Mackervoy's avatar Calum Mackervoy Committed by Matthieu Fesselier

bugfix: fixed permissions issues for sib-invoicing

parent 79589114
Pipeline #9474 passed with stage
in 28 seconds
# Generated by Django 2.2.17 on 2021-01-12 10:08
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
('djangoldp_invoice', '0004_auto_20201210_0828'),
]
operations = [
migrations.AlterModelOptions(
name='batch',
options={'default_permissions': ('add', 'change', 'delete', 'view', 'control')},
),
migrations.AlterModelOptions(
name='customerinvoice',
options={'default_permissions': ('add', 'change', 'delete', 'view', 'control')},
),
migrations.AlterModelOptions(
name='freelanceinvoice',
options={'default_permissions': ('add', 'change', 'delete', 'view', 'control')},
),
migrations.AlterModelOptions(
name='task',
options={'default_permissions': ('add', 'change', 'delete', 'view', 'control')},
),
]
......@@ -7,9 +7,8 @@ from django.db import models
from django.db.models import Sum
from djangoldp.models import Model
from djangoldp_project.models import Customer
from djangoldp_project.models import Project
from .permissions import InvoicePermissions
from djangoldp_project.models import Customer, Project
from djangoldp_invoice.permissions import InvoicePermissions
# TODO : useful?
......@@ -41,7 +40,7 @@ class FreelanceInvoice(Model):
modificationDate = models.DateField(auto_now=True)
invoicingDate = models.DateField(default=datetime.date.today)
class Meta:
class Meta(Model.Meta):
container_path = "freelance-invoices/"
rdf_type = "sib:Invoice"
permission_classes = [InvoicePermissions]
......@@ -49,7 +48,6 @@ class FreelanceInvoice(Model):
authenticated_perms = []
owner_perms = []
def __str__(self):
return '{} ({} / {})'.format(self.freelanceFullname, self.identifier, self.title)
......@@ -77,17 +75,15 @@ class CustomerInvoice(Model):
amount = Decimal(0.0)
return amount
def tvaAmount(self):
return Decimal(self.tvaRate * self.htAmount() / Decimal(100))
def ttcAmount(self):
return Decimal(self.tvaAmount() + self.htAmount())
class Meta:
class Meta(Model.Meta):
depth = 2
container_path = "customer-invoices/"
nested_fields = ["batches", "project", "customer"]
serializer_fields = ["@id", "identifier", "title", "state", "htAmount", "tvaRate", "invoicingDate",
"tvaAmount", "ttcAmount", "batches", "additionalText", "project", "customer"]
rdf_type = "sib:Invoice"
......@@ -107,12 +103,12 @@ class Batch(Model):
creationDate = models.DateField(auto_now_add=True)
modificationDate = models.DateField(auto_now=True)
class Meta:
nested_fields = ["tasks"]
class Meta(Model.Meta):
serializer_fields = ['@id', 'title', 'htAmount', 'tasks']
anonymous_perms = ['view']
authenticated_perms = ['inherit', 'add']
owner_perms = ['inherit', 'change', 'control', 'delete']
authenticated_perms = ['inherit', 'add', 'change', 'delete']
owner_perms = ['inherit', 'control']
permission_classes = [InvoicePermissions]
def __str__(self):
return '{} - {} ({} € HT)'.format(self.invoice.title, self.title, self.htAmount())
......@@ -131,10 +127,11 @@ class Task(Model):
creationDate = models.DateField(auto_now_add=True)
modificationDate = models.DateField(auto_now=True)
class Meta:
class Meta(Model.Meta):
anonymous_perms = ['view']
authenticated_perms = ['inherit', 'add']
owner_perms = ['inherit', 'change', 'control', 'delete']
authenticated_perms = ['inherit', 'add', 'change', 'delete']
owner_perms = ['inherit', 'control']
permission_classes = [InvoicePermissions]
def __str__(self):
return '{} - {} ({} € HT)'.format(self.batch.title, self.title, self.htAmount)
......@@ -19,6 +19,9 @@ config = {
# map the config of the core settings (avoid asserts to fail)
'SITE_URL': 'http://happy-dev.fr',
'BASE_URL': 'http://happy-dev.fr',
# TODO: https://git.startinblox.com/djangoldp-packages/djangoldp/issues/341
'SERIALIZER_CACHE': False,
'PERMISSIONS_CACHE': False
}
}
......@@ -32,6 +35,7 @@ test_runner = DiscoverRunner(verbosity=1)
failures = test_runner.run_tests([
'djangoldp_invoice.tests.tests_permissions',
'djangoldp_invoice.tests.tests_get',
])
if failures:
sys.exit(failures)
import uuid
from djangoldp.serializers import LDListMixin, LDPSerializer
from rest_framework.test import APIRequestFactory, APIClient, APITestCase
from djangoldp_project.models import Project, Member
from djangoldp_invoice.models import Task, Batch, FreelanceInvoice, CustomerInvoice
from djangoldp_invoice.tests.models import User
class TestGET(APITestCase):
def setUp(self):
self.factory = APIRequestFactory()
self.client = APIClient()
LDListMixin.to_representation_cache.reset()
LDPSerializer.to_representation_cache.reset()
def setUpLoggedInUser(self):
self.user = User(email='test@mactest.co.uk', first_name='Test', last_name='Mactest', username='test',
password='glass onion')
self.user.save()
self.client.force_authenticate(user=self.user)
def _get_random_project(self):
return Project.objects.create(name=str(uuid.uuid4()), status='Public')
def _get_random_customer_invoice(self, project=None, customer=None):
return CustomerInvoice.objects.create(project=project, customer=customer, identifier=str(uuid.uuid4()),
title=str(uuid.uuid4()), tvaRate=20)
def test_get_invoices_nested_field_on_project(self):
'''
GET as nested field in Project, and assert that customerInvoices and freelanceInvoices are included as a
nested field on this model
'''
self.setUpLoggedInUser()
project = self._get_random_project()
self._get_random_customer_invoice(project=project)
response = self.client.get('/projects/{}/'.format(project.pk))
self.assertEqual(response.status_code, 200)
self.assertIn('customerInvoices', response.data)
self.assertIn('freelancerInvoices', response.data)
self.assertEqual(len(response.data['customerInvoices']['ldp:contains']), 1)
self.assertEqual(len(response.data['freelancerInvoices']['ldp:contains']), 0)
import uuid
import json
from datetime import datetime, timedelta
from django.urls import reverse
from djangoldp.permissions import LDPPermissions
from djangoldp.serializers import LDListMixin, LDPSerializer
from rest_framework.test import APITestCase, APIClient
from guardian.shortcuts import assign_perm
from djangoldp_project.models import Project, Member
from djangoldp_invoice.models import Task, Batch, FreelanceInvoice, CustomerInvoice
......@@ -19,7 +13,6 @@ class PermissionsTestCase(APITestCase):
self.client = APIClient()
LDListMixin.to_representation_cache.reset()
LDPSerializer.to_representation_cache.reset()
# LDPPermissions.invalidate_cache()
def setUpLoggedInUser(self):
self.user = User(email='test@mactest.co.uk', first_name='Test', last_name='Mactest', username='test',
......@@ -34,6 +27,9 @@ class PermissionsTestCase(APITestCase):
return CustomerInvoice.objects.create(project=project, customer=customer, identifier=str(uuid.uuid4()),
title=str(uuid.uuid4()), tvaRate=20)
def _get_random_batch(self, customer_invoice):
return Batch.objects.create(invoice=customer_invoice, title=str(uuid.uuid4()))
def _get_random_user(self):
return User.objects.create(email='{}@test.co.uk'.format(str(uuid.uuid4())), first_name='Test', last_name='Test',
username=str(uuid.uuid4()))
......@@ -84,3 +80,19 @@ class PermissionsTestCase(APITestCase):
response = self.client.get('/customer-invoices/{}/'.format(invoice.pk))
self.assertEqual(response.status_code, 200)
def test_get_invoice_batches_anonymous(self):
invoice = self._get_random_customer_invoice()
self._get_random_batch(invoice)
response = self.client.get('/customer-invoices/{}/batches/'.format(invoice.pk))
self.assertEqual(response.status_code, 403)
# TODO: https://git.startinblox.com/djangoldp-packages/djangoldp-invoice/issues/11
def test_get_invoice_batches_authenticated(self):
self.setUpLoggedInUser()
invoice = self._get_random_customer_invoice()
self._get_random_batch(invoice)
response = self.client.get('/customer-invoices/{}/batches/'.format(invoice.pk))
self.assertEqual(response.status_code, 200)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment