Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Users | post/put/delete company functional for developer #332

Merged
merged 6 commits into from
Jun 28, 2023
Merged

Users | post/put/delete company functional for developer #332

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
983cf16
* add post/put/delete company functional for developer
Roman-Zhirovskis Jun 21, 2023
c5a46de
fix bugs
gravity48 Jun 22, 2023
63b32ab
when registering, the developer receives superuser permissions
Roman-Zhirovskis Jun 24, 2023
72c4879
Made changes in accordance with the discussion to the pull request
Roman-Zhirovskis Jun 26, 2023
ebb13bf
developer panel refactoring
Roman-Zhirovskis Jun 27, 2023
e828a42
fixing issues
Roman-Zhirovskis Jun 28, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion backend/users/backend/common/permissions/verifiers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ def verify(self, user) -> bool:
class CompanyOwnerVerify(AbstractUserVerify):
def verify(self, user) -> bool:
if isinstance(user, CompanyUser):
return Company.objects.filter(created_by=user).exists()
return user.is_superuser or Company.objects.filter(created_by=user).exists()
return False


Expand Down
12 changes: 0 additions & 12 deletions backend/users/backend/developer/permissions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,19 +1,7 @@
from rest_framework.permissions import BasePermission

from common.permissions.permissons import CompanyOwnerPerm
from developer.models import CompanyUser, Company


class IsAdminOrOwnerCompany(BasePermission):
def has_object_permission(self, request, view, obj):
return obj.created_by == request.user or request.user.is_staff


class IsAdmin(BasePermission):
def has_permission(self, request, view):
return request.user.is_staff


class CompanyOwnerEmployeePerm(CompanyOwnerPerm):
def has_object_permission(self, request, view, obj: CompanyUser):
return obj.company == Company.objects.get(created_by=request.user)
6 changes: 3 additions & 3 deletions backend/users/backend/developer/serializers/serializers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,16 +5,16 @@
class CompanyUserSerializer(serializers.ModelSerializer):
class Meta:
model = CompanyUser
fields = '__all__'
fields = "__all__"


class CompanySerializer(serializers.ModelSerializer):
class Meta:
model = Company
fields = '__all__'
fields = ("title", "description", "contact", "email", "created_by", "image")


class CompanyEmployeeSerializer(CompanySerializer):
class Meta:
model = Company
fields = ('email', 'description', 'image', 'created_by')
fields = ("email", "description", "image", "created_by")
30 changes: 30 additions & 0 deletions backend/users/backend/developer/serializers/v1/company_serializer.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
from rest_framework import serializers
from developer.models import Company
from rest_framework.exceptions import ValidationError


class CompanyCreateSerializer(serializers.ModelSerializer):
created_by = serializers.HiddenField(default=serializers.CurrentUserDefault())

class Meta:
model = Company
fields = ("title", "description", "contact", "email", "created_by", "image")

def validate(self, attrs):
user = self.context["request"].user
if Company.objects.filter(created_by=user).exists():
raise ValidationError("User can create only one company")
return attrs


class CompanyUpdateSerializer(serializers.ModelSerializer):
class Meta:
model = Company
fields = ("title", "description", "contact", "email", "image")
read_only_fields = ("created_by",)


class CompanySerializer(serializers.ModelSerializer):
class Meta:
model = Company
fields = ("title", "description", "contact", "email", "created_by", "image")
2 changes: 1 addition & 1 deletion backend/users/backend/developer/serializers/v1/developer_registration_serializer.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
class DeveloperRegistrationSerializer(serializers.ModelSerializer):
def create(self, validated_data):
"""send totp"""
return CompanyUser.objects.create_user(**validated_data, is_superuser=False)
return CompanyUser.objects.create_superuser(**validated_data, is_superuser=True)

class Meta:
model = CompanyUser
Expand Down
286 changes: 286 additions & 0 deletions backend/users/backend/developer/tests/test_company_view.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,286 @@
import datetime
from typing import List, Optional, Union

from django.test import TestCase
from django.urls import reverse

from rest_framework import status

from administrator.models import Admin
from base.base_tests.tests import BaseTestView
from customer.models import CustomerUser
from developer.models import Company, CompanyUser


class CompanyTestAPI(BaseTestView, TestCase):
@classmethod
def setUpTestData(cls):
cls.url = reverse("company")
cls.admin_user = Admin.objects.create_superuser(
username="adminR",
email="adminR@test.com",
phone="891123123",
password="testpass123R",
is_active=True,
)
cls.customer_user = CustomerUser.objects.create_user(
username="customer_user",
email="email@mail.ru",
password="test_user1",
first_name="user_test_name",
last_name="user_test_name",
phone="89991234567",
birthday=datetime.date.today(),
is_active=True,
)
cls.superuser_developer = CompanyUser.objects.create_user(
username="test super_user",
email="testuser@example.com",
phone="1234567890",
password="testpassword",
is_active=True,
is_superuser=True,
)
cls.developer = CompanyUser.objects.create_user(
username="emplayer1",
email="emplayer1@example.com",
phone="123451290",
password="testpassword1",
is_active=True,
is_superuser=False,
)

##################################
#### Testing get method ####
##################################
def test_get_company_by_user_who_have_his_own_company(self):
superuser_developer = CompanyUser.objects.create_user(
username="test super_user1",
email="testuse1r@example.com",
phone="12314567890",
password="testpassword1",
is_active=True,
is_superuser=True,
)
Company.objects.create(
created_by=superuser_developer,
title="company",
description="company_description",
email="company@email.com",
)
self.client.credentials(HTTP_AUTHORIZATION=self.get_token(superuser_developer))
response = self.client.get(self.url)
self.assertEqual(response.status_code, status.HTTP_200_OK)

def test_get_company_by_user_who_dont_have_any_own_company(self):
superuser_developer = CompanyUser.objects.create_user(
username="test super_user1",
email="testuse1r@example.com",
phone="12314567890",
password="testpassword1",
is_active=True,
is_superuser=True,
)
self.client.credentials(HTTP_AUTHORIZATION=self.get_token(superuser_developer))
response = self.client.get(self.url)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)

def test_get_users_permission_deny(self):
employer = CompanyUser.objects.create_user(
username="test super_user1",
email="testuse1r@example.com",
phone="12314567890",
password="testpassword1",
is_active=True,
is_superuser=False,
)
Company.objects.create(
created_by=employer,
title="company",
description="company_description",
email="company@email.com",
)
incorrect_users_list: List[Union[CustomerUser, Admin, CustomerUser]] = [
self.admin_user,
self.customer_user,
self.developer,
]
for user in incorrect_users_list:
self.client.credentials(HTTP_AUTHORIZATION=self.get_token(user))
response = self.client.get(self.url)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)

# ##################################
# ### Testing post method ###
# ##################################

def test_superuser_developer_can_create_company(self):
data = {
"title": "My Company",
"description": "We are a company that does things.",
"email": "info@mycompany.com",
}
self.client.credentials(
HTTP_AUTHORIZATION=self.get_token(self.superuser_developer)
)
response = self.client.post(self.url, data)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertEqual(Company.objects.count(), 1)

def test_superuser_developer_can_create_company_but_invalid_data(self):
data = {
"title": str("a" * 51),
"description": "We are a company that does things.",
"email": "info@mycompany.com",
}
self.client.credentials(
HTTP_AUTHORIZATION=self.get_token(self.superuser_developer)
)
response = self.client.post(self.url, data)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)

def test_not_superuser_developer_cant_create_company(self):
data = {
"title": "My Company",
"description": "We are a company that does things.",
"email": "info@mycompany.com",
}
self.client.credentials(HTTP_AUTHORIZATION=self.get_token(self.developer))
response = self.client.post(self.url, data)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertEqual(Company.objects.count(), 0)

def test_admin_cant_create_company(self):
data = {
"title": "My Company",
"description": "We are a company that does things.",
"email": "info@mycompany.com",
}
self.client.credentials(HTTP_AUTHORIZATION=self.get_token(self.admin_user))
response = self.client.post(self.url, data)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertEqual(Company.objects.count(), 0)

def test_customer_user_cant_create_company(self):
data = {
"title": "My Company",
"description": "We are a company that does things.",
"email": "info@mycompany.com",
}
self.client.credentials(HTTP_AUTHORIZATION=self.get_token(self.customer_user))
response = self.client.post(self.url, data)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertEqual(Company.objects.count(), 0)

def test_unautorized_user_can_create_company(self):
data = {
"title": "My Company",
"description": "We are a company that does things.",
"email": "info@mycompany.com",
}
self.client.credentials(HTTP_AUTHORIZATION="")
response = self.client.post(self.url, data)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertEqual(Company.objects.count(), 0)

def test_superuser_developer_cant_create_multiply_companies(self):
company_owner = CompanyUser.objects.create_user(
username="testuser1",
email="testuser1@example.com",
phone="12345617890",
password="testpassword1",
is_active=True,
is_superuser=True,
)
Company.objects.create(
created_by=company_owner,
title="company",
description="company_description",
email="company@email.com",
)
data = {
"title": "My Company",
"description": "We are a company that does things.",
"email": "info@mycompany.com",
}
self.client.credentials(HTTP_AUTHORIZATION=self.get_token(company_owner))
response = self.client.post(self.url, data)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)

##################################
### Testing put method ###
##################################

def test_developer_can_update_own_company(self):
company_owner = self.superuser_developer
Company.objects.create(
created_by=company_owner,
title="company1",
description="company_description",
email="company@email.com",
)

new_data = {
"title": "My Company",
}
self.client.credentials(HTTP_AUTHORIZATION=self.get_token(company_owner))
response = self.client.put(self.url, new_data)
self.assertEqual(response.status_code, status.HTTP_200_OK)

def test_developer_can_update_own_company_but_invalid_data(self):
company_owner = self.superuser_developer
Company.objects.create(
created_by=company_owner,
title="company1",
description="company_description",
email="company@email.com",
)

new_data = {
"title": str("a" * 51),
}
self.client.credentials(HTTP_AUTHORIZATION=self.get_token(company_owner))
response = self.client.put(self.url, new_data)

self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)

##################################
### Testing delete method ###
##################################

def test_developer_can_delete_own_company(self):
company_owner = self.superuser_developer
Company.objects.create(
created_by=company_owner,
title="company1",
description="company_description",
email="company@email.com",
)

self.client.credentials(HTTP_AUTHORIZATION=self.get_token(company_owner))
response = self.client.delete(self.url)
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)

def test_admin_cant_delete_company(self):
Company.objects.create(
created_by=self.developer,
title="company1",
description="company_description",
email="company@email.com",
)

self.client.credentials(HTTP_AUTHORIZATION=self.get_token(self.admin_user))
response = self.client.delete(self.url)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)

def test_customer_cant_delete_company(self):
Company.objects.create(
created_by=self.developer,
title="company1",
description="company_description",
email="company@email.com",
)

self.client.credentials(HTTP_AUTHORIZATION=self.get_token(self.customer_user))
response = self.client.delete(self.url)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
Loading