Made changes in accordance with the discussion to the pull request

DJWOMS · Jun 26, 2023 · 72c4879 · 72c4879
1 parent 63b32ab
commit 72c4879
Show file tree

Hide file tree

Showing 4 changed files with 200 additions and 139 deletions.
diff --git a/backend/users/backend/developer/serializers/v1/company_serializer.py b/backend/users/backend/developer/serializers/v1/company_serializer.py
@@ -0,0 +1,24 @@
+from rest_framework import serializers
+from developer.models import CompanyUser, Company
+from rest_framework.exceptions import ValidationError
+
+
+class CompanyCreateSerializer(serializers.ModelSerializer):
+    created_by = serializers.HiddenField(default=serializers.CurrentUserDefault())
+
+    def validate(self, attrs):
+        user = self.context["request"].user
+        if Company.objects.filter(created_by=user).exists():
+            raise ValidationError("User can create only one company")
+        return attrs
+
+    class Meta:
+        model = Company
+        fields = ("title", "description", "contact", "email", "created_by", "image")
+
+
+class CompanySerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Company
+        fields = ("title", "description", "contact", "email", "created_by", "image")
+        read_only_fields = ("created_by",)
diff --git a/backend/users/backend/developer/tests/test_company_view.py b/backend/users/backend/developer/tests/test_company_view.py
@@ -4,19 +4,17 @@
 from django.urls import reverse
 
 from rest_framework import status
-from rest_framework.test import APIClient
 
 from administrator.models import Admin
 from base.base_tests.tests import BaseTestView
-from common.services.jwt.token import Token
 from customer.models import CustomerUser
 from developer.models import Company, CompanyUser
 
 
 class CompanyTestAPI(BaseTestView, TestCase):
     @classmethod
     def setUpTestData(cls):
-        cls.url = reverse("companies")
+        cls.url = reverse("company")
         cls.admin_user = Admin.objects.create_superuser(
             username="adminR",
             email="adminR@test.com",
@@ -25,7 +23,7 @@ def setUpTestData(cls):
             is_active=True,
         )
         cls.customer_user = CustomerUser.objects.create_user(
-            username="test_user",
+            username="customer_user",
             email="email@mail.ru",
             password="test_user1",
             first_name="user_test_name",
@@ -34,36 +32,73 @@ def setUpTestData(cls):
             birthday=datetime.date.today(),
             is_active=True,
         )
-        cls.developer = CompanyUser.objects.create_user(
-            username="testuser",
+        cls.superuser_developer = CompanyUser.objects.create_user(
+            username="test super_user",
             email="testuser@example.com",
             phone="1234567890",
             password="testpassword",
             is_active=True,
             is_superuser=True,
         )
+        cls.developer = CompanyUser.objects.create_user(
+            username="emplayer1",
+            email="emplayer1@example.com",
+            phone="123451290",
+            password="testpassword1",
+            is_active=True,
+            is_superuser=False,
+        )
+
+    ##################################
+    ###    Testing post method     ###
+    ##################################
 
-    def test_developer_can_create_company(self):
+    def test_superuser_developer_can_create_company(self):
         data = {
             "title": "My Company",
             "description": "We are a company that does things.",
             "email": "info@mycompany.com",
         }
-        self.client.credentials(HTTP_AUTHORIZATION=self.get_token(self.developer))
+        self.client.credentials(
+            HTTP_AUTHORIZATION=self.get_token(self.superuser_developer)
+        )
         response = self.client.post(self.url, data)
         self.assertEqual(response.status_code, status.HTTP_201_CREATED)
         self.assertEqual(Company.objects.count(), 1)
 
-    # def test_admin_can_create_company(self):
-    #     data = {
-    #         "title": "My Company",
-    #         "description": "We are a company that does things.",
-    #         "email": "info@mycompany.com",
-    #     }
-    #     self.client.credentials(HTTP_AUTHORIZATION=self.get_token(self.admin_user))
-    #     response = self.client.post(self.url, data)
-    #     self.assertEqual(response.status_code, 400)
-    #     self.assertEqual(Company.objects.count(), 0)
+    def test_superuser_developer_can_create_company_but_invalid_data(self):
+        data = {
+            "title": str("a" * 51),
+            "description": "We are a company that does things.",
+            "email": "info@mycompany.com",
+        }
+        self.client.credentials(
+            HTTP_AUTHORIZATION=self.get_token(self.superuser_developer)
+        )
+        response = self.client.post(self.url, data)
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+    def test_not_superuser_developer_cant_create_company(self):
+        data = {
+            "title": "My Company",
+            "description": "We are a company that does things.",
+            "email": "info@mycompany.com",
+        }
+        self.client.credentials(HTTP_AUTHORIZATION=self.get_token(self.developer))
+        response = self.client.post(self.url, data)
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+        self.assertEqual(Company.objects.count(), 0)
+
+    def test_admin_cant_create_company(self):
+        data = {
+            "title": "My Company",
+            "description": "We are a company that does things.",
+            "email": "info@mycompany.com",
+        }
+        self.client.credentials(HTTP_AUTHORIZATION=self.get_token(self.admin_user))
+        response = self.client.post(self.url, data)
+        self.assertEqual(response.status_code, 403)
+        self.assertEqual(Company.objects.count(), 0)
 
     def test_customer_user_cant_create_company(self):
         data = {
@@ -94,6 +129,7 @@ def test_developer_cant_create_multiply_companies(self):
             phone="12345617890",
             password="testpassword1",
             is_active=True,
+            is_superuser=True,
         )
         Company.objects.create(
             created_by=company_owner,
@@ -110,21 +146,47 @@ def test_developer_cant_create_multiply_companies(self):
         response = self.client.post(self.url, data)
         self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
 
+    ##################################
+    ###     Testing put method     ###
+    ##################################
+
     def test_developer_can_update_own_company(self):
-        company_owner = self.developer
+        company_owner = self.superuser_developer
         company = Company.objects.create(
             created_by=company_owner,
             title="company1",
             description="company_description",
             email="company@email.com",
         )
-        url = reverse("company_detail", args=[company.title])
+        url = reverse("company_detail", args=[company.id])
         new_data = {
             "title": "My Company",
         }
         self.client.credentials(HTTP_AUTHORIZATION=self.get_token(company_owner))
         response = self.client.put(url, new_data)
-        self.assertEqual(response.data["title"], new_data["title"])
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+
+    def test_developer_cant_update_created_by_field_on_own_company(self):
+        company_owner = self.superuser_developer
+        company = Company.objects.create(
+            created_by=company_owner,
+            title="company1",
+            description="company_description",
+            email="company@email.com",
+        )
+
+        url = reverse("company_detail", args=[company.id])
+        new_data = {
+            "created_by": self.developer,
+        }
+        self.client.credentials(HTTP_AUTHORIZATION=self.get_token(company_owner))
+        response = self.client.put(url, new_data)
+        self.assertEqual(
+            company,
+            Company.objects.get(
+                created_by=CompanyUser.objects.get(id=response.data["created_by"])
+            ),
+        )
         self.assertEqual(response.status_code, status.HTTP_200_OK)
 
     def test_developer_can_update_own_company_but_invalid_data(self):
@@ -135,7 +197,7 @@ def test_developer_can_update_own_company_but_invalid_data(self):
             description="company_description",
             email="company@email.com",
         )
-        url = reverse("company_detail", args=[company.title])
+        url = reverse("company_detail", args=[company.id])
         new_data = {
             "title": str("a" * 51),
         }
@@ -160,7 +222,7 @@ def test_developer_cant_update_not_own_company(self):
             email="company@email.com",
         )
 
-        url = reverse("company_detail", args=[company.title])
+        url = reverse("company_detail", args=[company.id])
 
         new_data = {
             "title": "My Company",
@@ -178,7 +240,7 @@ def test_customer_user_cant_update_company(self):
             email="company@email.com",
         )
 
-        url = reverse("company_detail", args=[company.title])
+        url = reverse("company_detail", args=[company.id])
 
         new_data = {
             "title": "My Company",
@@ -196,7 +258,7 @@ def test_unauthorized_user_cant_update_company(self):
             email="company@email.com",
         )
 
-        url = reverse("company_detail", args=[company.title])
+        url = reverse("company_detail", args=[company.id])
 
         new_data = {
             "title": "My Company",
@@ -207,51 +269,55 @@ def test_unauthorized_user_cant_update_company(self):
 
         self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
 
+    ##################################
+    ###   Testing delete method    ###
+    ##################################
+
     def test_developer_can_delete_own_company(self):
-        company_owner = self.developer
+        company_owner = self.superuser_developer
         company = Company.objects.create(
             created_by=company_owner,
             title="company1",
             description="company_description",
             email="company@email.com",
         )
-        url = reverse("company_detail", args=[company.title])
+        url = reverse("company_detail", args=[company.id])
 
         self.client.credentials(HTTP_AUTHORIZATION=self.get_token(company_owner))
         response = self.client.delete(url)
         self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
 
     def test_developer_cant_delete_not_own_company(self):
-        company_owner = CompanyUser.objects.create_user(
+        not_company_owner = CompanyUser.objects.create_user(
             "company_owner2",
             "company_owner2@mail.ru",
             "980348988",
             "company_owner2",
         )
         company = Company.objects.create(
-            created_by=self.developer,
+            created_by=self.superuser_developer,
             title="company1",
             description="company_description",
             email="company@email.com",
         )
-        url = reverse("company_detail", args=[company.title])
+        url = reverse("company_detail", args=[company.id])
 
-        self.client.credentials(HTTP_AUTHORIZATION=self.get_token(company_owner))
+        self.client.credentials(HTTP_AUTHORIZATION=self.get_token(not_company_owner))
         response = self.client.delete(url)
         self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
 
-    # def test_admin_cant_delete_company(self):
-    #     company = Company.objects.create(
-    #         created_by=self.developer,
-    #         title="company1",
-    #         description="company_description",
-    #         email="company@email.com",
-    #     )
-    #     url = reverse("company_detail", args=[company.title])
+    def test_admin_cant_delete_company(self):
+        company = Company.objects.create(
+            created_by=self.developer,
+            title="company1",
+            description="company_description",
+            email="company@email.com",
+        )
+        url = reverse("company_detail", args=[company.id])
 
-    #     self.client.credentials(HTTP_AUTHORIZATION=self.get_token(self.admin_user))
-    #     response = self.client.delete(url)
-    #     self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+        self.client.credentials(HTTP_AUTHORIZATION=self.get_token(self.admin_user))
+        response = self.client.delete(url)
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
 
     def test_customer_cant_delete_company(self):
         company = Company.objects.create(
@@ -260,7 +326,7 @@ def test_customer_cant_delete_company(self):
             description="company_description",
             email="company@email.com",
         )
-        url = reverse("company_detail", args=[company.title])
+        url = reverse("company_detail", args=[company.id])
 
         self.client.credentials(HTTP_AUTHORIZATION=self.get_token(self.customer_user))
         response = self.client.delete(url)

diff --git a/backend/users/backend/developer/urls.py b/backend/users/backend/developer/urls.py
@@ -9,7 +9,7 @@
     DeveloperEmployeeListView,
     DeveloperEmployeeDetailView,
 )
-from developer.views.v1.company_view import CompanyAPIView
+from developer.views.v1.company_view import CompanyListAPIView, CompanyDetailAPIView
 
 router = routers.DefaultRouter()
 router.register(r"group", DeveloperGroupViewSet, basename="developer_group")
@@ -46,8 +46,8 @@
 auth_routes = [path("login/", DeveloperAuthView.as_view(), name="developer_login")]
 
 company_urls = [
-    path("companies/", CompanyAPIView.as_view(), name="companies"),
-    path("companies/<str:title>/", CompanyAPIView.as_view(), name="company_detail"),
+    path("company/", CompanyListAPIView.as_view(), name="company"),
+    path("company/<uuid:pk>/", CompanyDetailAPIView.as_view(), name="company_detail"),
 ]
 
 urlpatterns += account_router