bugfix: fixed permissions issues for sib-invoicing

d3f4a181 · Calum Mackervoy · Matthieu Fesselier · 79589114 · d3f4a181 · d3f4a181
Commit d3f4a181 authored Jan 12, 2021 by Calum Mackervoy Committed by Matthieu Fesselier Jan 12, 2021
5 changed files
--- a/djangoldp_invoice/migrations/0005_auto_20210112_1008.py
+++ b/djangoldp_invoice/migrations/0005_auto_20210112_1008.py
+# Generated by Django 2.2.17 on 2021-01-12 10:08
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('djangoldp_invoice', '0004_auto_20201210_0828'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='batch',
+            options={'default_permissions': ('add', 'change', 'delete', 'view', 'control')},
+        ),
+        migrations.AlterModelOptions(
+            name='customerinvoice',
+            options={'default_permissions': ('add', 'change', 'delete', 'view', 'control')},
+        ),
+        migrations.AlterModelOptions(
+            name='freelanceinvoice',
+            options={'default_permissions': ('add', 'change', 'delete', 'view', 'control')},
+        ),
+        migrations.AlterModelOptions(
+            name='task',
+            options={'default_permissions': ('add', 'change', 'delete', 'view', 'control')},
+        ),
+    ]
--- a/djangoldp_invoice/models.py
+++ b/djangoldp_invoice/models.py
@@ -7,9 +7,8 @@ from django.db import models
 from django.db.models import Sum

 from djangoldp.models import Model
-from djangoldp_project.models import Customer
-from djangoldp_project.models import Project
-from .permissions import InvoicePermissions
+from djangoldp_project.models import Customer, Project
+from djangoldp_invoice.permissions import InvoicePermissions


 # TODO : useful?
@@ -41,7 +40,7 @@ class FreelanceInvoice(Model):
    modificationDate = models.DateField(auto_now=True)
    invoicingDate = models.DateField(default=datetime.date.today)

-    class Meta:
+    class Meta(Model.Meta):
        container_path = "freelance-invoices/"
        rdf_type = "sib:Invoice"
        permission_classes = [InvoicePermissions]
@@ -49,7 +48,6 @@ class FreelanceInvoice(Model):
        authenticated_perms = []
        owner_perms = []

-
    def __str__(self):
        return '{} ({} / {})'.format(self.freelanceFullname, self.identifier, self.title)

@@ -77,17 +75,15 @@ class CustomerInvoice(Model):
            amount = Decimal(0.0)
        return amount

-
    def tvaAmount(self):
        return Decimal(self.tvaRate * self.htAmount() / Decimal(100))

    def ttcAmount(self):
        return Decimal(self.tvaAmount() + self.htAmount())

-    class Meta:
+    class Meta(Model.Meta):
        depth = 2
        container_path = "customer-invoices/"
-        nested_fields = ["batches", "project", "customer"]
        serializer_fields = ["@id", "identifier", "title", "state", "htAmount", "tvaRate", "invoicingDate",
                             "tvaAmount", "ttcAmount", "batches", "additionalText", "project", "customer"]
        rdf_type = "sib:Invoice"
@@ -107,12 +103,12 @@ class Batch(Model):
    creationDate = models.DateField(auto_now_add=True)
    modificationDate = models.DateField(auto_now=True)

-    class Meta:
-        nested_fields = ["tasks"]
+    class Meta(Model.Meta):
        serializer_fields = ['@id', 'title', 'htAmount', 'tasks']
        anonymous_perms = ['view']
-        authenticated_perms = ['inherit', 'add']
-        owner_perms = ['inherit', 'change', 'control', 'delete']
+        authenticated_perms = ['inherit', 'add', 'change', 'delete']
+        owner_perms = ['inherit', 'control']
+        permission_classes = [InvoicePermissions]

    def __str__(self):
        return '{} - {} ({} € HT)'.format(self.invoice.title, self.title, self.htAmount())
@@ -131,10 +127,11 @@ class Task(Model):
    creationDate = models.DateField(auto_now_add=True)
    modificationDate = models.DateField(auto_now=True)

-    class Meta:
+    class Meta(Model.Meta):
        anonymous_perms = ['view']
-        authenticated_perms = ['inherit', 'add']
-        owner_perms = ['inherit', 'change', 'control', 'delete']
+        authenticated_perms = ['inherit', 'add', 'change', 'delete']
+        owner_perms = ['inherit', 'control']
+        permission_classes = [InvoicePermissions]

    def __str__(self):
        return '{} - {} ({} € HT)'.format(self.batch.title, self.title, self.htAmount)
--- a/djangoldp_invoice/tests/runner.py
+++ b/djangoldp_invoice/tests/runner.py
@@ -19,6 +19,9 @@ config = {
        # map the config of the core settings (avoid asserts to fail)
        'SITE_URL': 'http://happy-dev.fr',
        'BASE_URL': 'http://happy-dev.fr',
+        # TODO: https://git.startinblox.com/djangoldp-packages/djangoldp/issues/341
+        'SERIALIZER_CACHE': False,
+        'PERMISSIONS_CACHE': False
    }
 }

@@ -32,6 +35,7 @@ test_runner = DiscoverRunner(verbosity=1)

 failures = test_runner.run_tests([
    'djangoldp_invoice.tests.tests_permissions',
+    'djangoldp_invoice.tests.tests_get',
 ])
 if failures:
    sys.exit(failures)
--- a/djangoldp_invoice/tests/tests_get.py
+++ b/djangoldp_invoice/tests/tests_get.py
+import uuid
+from djangoldp.serializers import LDListMixin, LDPSerializer
+from rest_framework.test import APIRequestFactory, APIClient, APITestCase
+
+from djangoldp_project.models import Project, Member
+from djangoldp_invoice.models import Task, Batch, FreelanceInvoice, CustomerInvoice
+from djangoldp_invoice.tests.models import User
+
+
+class TestGET(APITestCase):
+
+    def setUp(self):
+        self.factory = APIRequestFactory()
+        self.client = APIClient()
+        LDListMixin.to_representation_cache.reset()
+        LDPSerializer.to_representation_cache.reset()
+
+    def setUpLoggedInUser(self):
+        self.user = User(email='test@mactest.co.uk', first_name='Test', last_name='Mactest', username='test',
+                         password='glass onion')
+        self.user.save()
+        self.client.force_authenticate(user=self.user)
+
+    def _get_random_project(self):
+        return Project.objects.create(name=str(uuid.uuid4()), status='Public')
+
+    def _get_random_customer_invoice(self, project=None, customer=None):
+        return CustomerInvoice.objects.create(project=project, customer=customer, identifier=str(uuid.uuid4()),
+                                              title=str(uuid.uuid4()), tvaRate=20)
+
+    def test_get_invoices_nested_field_on_project(self):
+        '''
+        GET as nested field in Project, and assert that customerInvoices and freelanceInvoices are included as a
+        nested field on this model
+        '''
+        self.setUpLoggedInUser()
+        project = self._get_random_project()
+        self._get_random_customer_invoice(project=project)
+
+        response = self.client.get('/projects/{}/'.format(project.pk))
+        self.assertEqual(response.status_code, 200)
+        self.assertIn('customerInvoices', response.data)
+        self.assertIn('freelancerInvoices', response.data)
+        self.assertEqual(len(response.data['customerInvoices']['ldp:contains']), 1)
+        self.assertEqual(len(response.data['freelancerInvoices']['ldp:contains']), 0)
--- a/djangoldp_invoice/tests/tests_permissions.py
+++ b/djangoldp_invoice/tests/tests_permissions.py
 import uuid
-import json
-from datetime import datetime, timedelta
-
-from django.urls import reverse
-from djangoldp.permissions import LDPPermissions

 from djangoldp.serializers import LDListMixin, LDPSerializer
 from rest_framework.test import APITestCase, APIClient
-from guardian.shortcuts import assign_perm

 from djangoldp_project.models import Project, Member
 from djangoldp_invoice.models import Task, Batch, FreelanceInvoice, CustomerInvoice
@@ -19,7 +13,6 @@ class PermissionsTestCase(APITestCase):
        self.client = APIClient()
        LDListMixin.to_representation_cache.reset()
        LDPSerializer.to_representation_cache.reset()
-        # LDPPermissions.invalidate_cache()

    def setUpLoggedInUser(self):
        self.user = User(email='test@mactest.co.uk', first_name='Test', last_name='Mactest', username='test',
@@ -34,6 +27,9 @@ class PermissionsTestCase(APITestCase):
        return CustomerInvoice.objects.create(project=project, customer=customer, identifier=str(uuid.uuid4()),
                                              title=str(uuid.uuid4()), tvaRate=20)

+    def _get_random_batch(self, customer_invoice):
+        return Batch.objects.create(invoice=customer_invoice, title=str(uuid.uuid4()))
+
    def _get_random_user(self):
        return User.objects.create(email='{}@test.co.uk'.format(str(uuid.uuid4())), first_name='Test', last_name='Test',
                                   username=str(uuid.uuid4()))
@@ -84,3 +80,19 @@ class PermissionsTestCase(APITestCase):

        response = self.client.get('/customer-invoices/{}/'.format(invoice.pk))
        self.assertEqual(response.status_code, 200)
+
+    def test_get_invoice_batches_anonymous(self):
+        invoice = self._get_random_customer_invoice()
+        self._get_random_batch(invoice)
+
+        response = self.client.get('/customer-invoices/{}/batches/'.format(invoice.pk))
+        self.assertEqual(response.status_code, 403)
+
+    # TODO: https://git.startinblox.com/djangoldp-packages/djangoldp-invoice/issues/11
+    def test_get_invoice_batches_authenticated(self):
+        self.setUpLoggedInUser()
+        invoice = self._get_random_customer_invoice()
+        self._get_random_batch(invoice)
+
+        response = self.client.get('/customer-invoices/{}/batches/'.format(invoice.pk))
+        self.assertEqual(response.status_code, 200)