test all endpoints & fix bugs

Author: EarthenSky

src/elections/urls.py

@@ -21,7 +21,7 @@
 
 def _slugify(text: str) -> str:
     """Creates a unique slug based on text passed in. Assumes non-unicode text."""
-    return re.sub(r"[\W_]+", "-", text.replace("/", "").replace("&", ""))
+    return re.sub(r"[\W_]+", "-", text.strip().replace("/", "").replace("&", ""))
 
 async def _validate_user(
     request: Request,
@@ -80,7 +80,10 @@ async def create_election(
     survey_link: str | None,
 ):
     if election_type not in election_types:
-        raise RequestValidationError()
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=f"unknown election type {election_type}",
+        )
 
     is_valid_user, _, _ = await _validate_user(request, db_session)
     if not is_valid_user:
@@ -90,12 +93,12 @@ async def create_election(
             # TODO: is this header actually required?
             headers={"WWW-Authenticate": "Basic"},
         )
-    elif len(name) <= elections.tables.MAX_ELECTION_NAME:
+    elif len(name) > elections.tables.MAX_ELECTION_NAME:
         raise HTTPException(
             status_code=status.HTTP_400_BAD_REQUEST,
             detail=f"election name {name} is too long",
         )
-    elif len(_slugify(name)) <= elections.tables.MAX_SLUG_NAME:
+    elif len(_slugify(name)) > elections.tables.MAX_ELECTION_SLUG:
         raise HTTPException(
             status_code=status.HTTP_400_BAD_REQUEST,
             detail=f"election slug {_slugify(name)} is too long",
@@ -115,9 +118,8 @@ async def create_election(
             detail="dates must be in order from earliest to latest",
         )
 
-    # TODO: force dates to be in order; here & on the update election endpoint
-
     await elections.crud.create_election(
+        db_session,
         Election(
             slug = _slugify(name),
             name = name,
@@ -126,8 +128,7 @@ async def create_election(
             datetime_start_voting = datetime_start_voting,
             datetime_end_voting = datetime_end_voting,
             survey_link = survey_link
-        ),
-        db_session
+        )
     )
     await db_session.commit()
 
@@ -211,11 +212,11 @@ async def delete_election(
             headers={"WWW-Authenticate": "Basic"},
         )
 
-    await elections.crud.delete_election(_slugify(name), db_session)
+    await elections.crud.delete_election(db_session, _slugify(name))
     await db_session.commit()
 
     old_election = await elections.crud.get_election(db_session, _slugify(name))
-    return JSONResponse({"exists": old_election is None})
+    return JSONResponse({"exists": old_election is not None})
 
 # registration ------------------------------------------------------------- #
 

src/main.py

@@ -1,4 +1,5 @@
 import logging
+import os
 
 from fastapi import FastAPI, Request, status
 from fastapi.encoders import jsonable_encoder
@@ -14,7 +15,20 @@
 logging.basicConfig(level=logging.DEBUG)
 database.setup_database()
 
-app = FastAPI(lifespan=database.lifespan, title="CSSS Site Backend", root_path="/api")
+_login_link = (
+    "https://cas.sfu.ca/cas/login?service=" + (
+        "http%3A%2F%2Flocalhost%3A8080"
+        if os.environ.get("LOCAL") == "true"
+        else "https%3A%2F%2Fnew.sfucsss.org"
+    ) + "%2Fapi%2Fauth%2Flogin%3Fredirect_path%3D%2Fapi%2Fapi%2Fdocs%2F%26redirect_fragment%3D"
+)
+
+app = FastAPI(
+    lifespan=database.lifespan,
+    title="CSSS Site Backend",
+    description=f'To login, please click <a href="{_login_link}">here</a><br><br>To logout from CAS click <a href="https://cas.sfu.ca/cas/logout">here</a>',
+    root_path="/api"
+)
 
 app.include_router(auth.urls.router)
 app.include_router(elections.urls.router)

src/permission/types.py

@@ -40,14 +40,14 @@ async def has_permission(db_session: database.DBSession, computing_id: str) -> b
         officer_terms = await officers.crud.current_officers(db_session, True)
         current_election_officer = officer_terms.get(
             officers.constants.OfficerPosition.ELECTIONS_OFFICER
-        )[0]
+        )
         if current_election_officer is not None:
-            # no need to verify if position is election officer, we do so above
-            if (
-                current_election_officer.private_data.computing_id == computing_id
-                and current_election_officer.is_current_officer
-            ):
-                return True
+            for election_officer in current_election_officer[1]:
+                if (
+                    election_officer.private_data.computing_id == computing_id
+                    and election_officer.is_current_officer
+                ):
+                    return True
 
         return False
 

src/utils.py

@@ -0,0 +1,71 @@
+import re
+from datetime import date, datetime
+
+from sqlalchemy import Select
+
+# we can't use and/or in sql expressions, so we must use these functions
+from sqlalchemy.sql.expression import and_, or_
+
+from officers.tables import OfficerTerm
+
+
+def is_iso_format(date_str: str) -> bool:
+    try:
+        datetime.fromisoformat(date_str)
+        return True
+    except ValueError:
+        return False
+
+def is_active_officer(query: Select) -> Select:
+    """
+    An active officer is one who is currently part of the CSSS officer team.
+    That is, they are not upcoming, or in the past.
+    """
+    return query.where(
+        and_(
+            # cannot be an officer who has not started yet
+            OfficerTerm.start_date <= date.today(),
+            or_(
+                # executives without a specified end_date are considered active
+                OfficerTerm.end_date.is_(None),
+                # check that today's timestamp is before (smaller than) the term's end date
+                date.today() <= OfficerTerm.end_date,
+            )
+        )
+    )
+
+def has_started_term(query: Select) -> bool:
+    return query.where(
+        OfficerTerm.start_date <= date.today()
+    )
+
+def is_active_term(term: OfficerTerm) -> bool:
+    return (
+        # cannot be an officer who has not started yet
+        term.start_date <= date.today()
+        and (
+            # executives without a specified end_date are considered active
+            term.end_date is None
+            # check that today's timestamp is before (smaller than) the term's end date
+            or date.today() <= term.end_date
+        )
+    )
+
+def is_past_term(term: OfficerTerm) -> bool:
+    """Any term which has concluded"""
+    return (
+        # an officer with no end date is current
+        term.end_date is not None
+        # if today is past the end date, it's a past term
+        and date.today() > term.end_date
+    )
+
+def is_valid_phone_number(phone_number: str) -> bool:
+    return (
+        len(phone_number) == 10
+        and phone_number.isnumeric()
+    )
+
+def is_valid_email(email: str):
+    return re.match(r"^[^@]+@[^@]+\.[a-zA-Z]*$", email)
+