Test and document '/api/groups/modify/'

Fix #183
Changes to be committed:
	modified:   api/model/groups.py
	modified:   api/views.py
	deleted:    tests/test_api_groups _modify.py
	new file:   tests/test_views/test_api_groups_modify.py

Author: HadleyKing

api/model/groups.py

@@ -12,6 +12,7 @@
 
 from api.scripts.utilities.DbUtils import DbUtils
 from api.scripts.utilities.UserUtils import UserUtils
+from api.models import BCO
 
 usr_utils = UserUtils()
 db_utils = DbUtils()
@@ -280,14 +281,20 @@ def post_api_groups_delete(request):
 
 
 def post_api_groups_modify(request):
-    """Instantiate any necessary imports."""
-
-    bulk_request = request.data["POST_api_groups_modify"]
+    """Instantiate any necessary imports.
+    TODO: This needs a serious revamp... Permissions and specific groups need
+    to be adjusted. IE no one should be able to change a group without GroupInfo.
+    """
+    try:
+        bulk_request = request.data["POST_api_groups_modify"]
+    except:
+        return Response(status=status.HTTP_400_BAD_REQUEST)
     requestor_info = usr_utils.user_from_request(request=request)
     groups = list(Group.objects.all().values_list("name", flat=True))
     return_data = []
     for modification_object in bulk_request:
         standardized = modification_object["name"].lower()
+
         if standardized in groups:
             grouped = Group.objects.get(name=standardized)
             if (
@@ -319,6 +326,12 @@ def post_api_groups_modify(request):
                         if action_set["rename"] not in groups:
                             grouped.name = action_set["rename"]
                             grouped.save()
+                            group_information.group = grouped
+                            group_information.save()
+                            bco_list = BCO.objects.filter(owner_group=standardized)
+                            for bco in bco_list:
+                                bco.owner_group = grouped
+                                bco.save()
 
                     # Change description of group if set in actions.
                     if "redescribe" in action_set:

api/views.py

@@ -418,25 +418,32 @@ def post(self, request):
 
 
 class ApiGroupsModify(APIView):
-    """Modify group
+    """Bulk Modify groups
 
     --------------------
-    Modifies an already existing BCO group.  An array of objects are taken where each of these objects
-    represents the instructions to modify a specific group.  Within each of these objects, along with the
-    group name, the set of modifications to that group exists in a dictionary as defined below.
-
-    Example request body which encodes renaming a group named `myGroup1` to `myGroup2`:
+    Modifies one or more existing BCO groups. An array of objects are taken
+    where each of these objects represents the instructions to modify a
+    specific group.  Within each of these objects, along with the group name,
+    the set of modifications to that group exists in a dictionary indecated by
+    the following 'actions': 'rename', 'redescribe', 'add_users',
+    'remove_users', and 'owner_user'.
+
+    Example request body which encodes renaming a group named `myGroup1` to
+    `myGroup2`:
     ```
-    request_body = ['POST_api_groups_modify' : {
-                        'name': 'myGroup1',
-                        'actions': {
-                            'rename': 'myGroup2'
-                            }
-                        }
-                    ]
+   "POST_api_groups_modify": [
+        {
+            "name": "myGroup1",
+            "actions": {
+                "rename": "myGroup2"
+            }
+        }
+    ]
     ```
 
-    More than one action can be included for a specific group name.
+    More than one action can be included for a specific group name, and more
+    than one group can be modified with a request. To modify multiple groups
+    they must each have their own request object. 
     """
 
     POST_api_groups_modify_schema = openapi.Schema(

tests/test_api_groups _modify.py

@@ -0,0 +1,90 @@
+
+#!/usr/bin/env python3
+
+"""Group info
+Tests for 'Authorization is successful. Group permissions returned' (200), 
+Forbidden response (400)
+"""
+
+
+from django.test import TestCase
+from rest_framework.test import APIClient
+from rest_framework.authtoken.models import Token
+from django.contrib.auth.models import User, Group
+from api.models import BCO
+from api.model.groups import GroupInfo
+
+
+class GroupInfoAPITestCase(TestCase):
+    fixtures = ['tests/fixtures/test_data']
+
+    def setUp(self):
+        self.client = APIClient()
+
+    def test_success_response(self):
+        """Successful request with authentication data
+        """
+        
+        old_name = "test_drafter"
+        new_name = "new_name"
+        old_bco_counts = len(BCO.objects.filter(owner_group=old_name))
+        old_group_counts = len(Group.objects.filter(name=old_name))
+        old_groupInfo_counts = len(GroupInfo.objects.filter(group=old_name))
+        
+        token = Token.objects.get(user=User.objects.get(username='test50')).key
+
+        data = {
+            "POST_api_groups_modify": [
+                {
+                    "name": old_name,
+                    "actions": {
+                        "rename": new_name
+                    }
+                }
+            ]
+        }
+
+        self.client.credentials(HTTP_AUTHORIZATION='Token ' + token)
+        response = self.client.post('/api/groups/modify/', data=data, format='json')
+        new_bco_counts = len(BCO.objects.filter(owner_group=new_name))
+        new_group_counts = len(Group.objects.filter(name=new_name))
+        new_groupInfo_counts = len(GroupInfo.objects.filter(group=new_name))
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(new_bco_counts, old_bco_counts)
+        self.assertEqual(new_group_counts, old_group_counts)
+        self.assertEqual(new_groupInfo_counts, old_groupInfo_counts)
+    
+    def test_bad_request_response(self):
+        """Bad request: Authorization is not provided in the request headers
+        Gives 403 instead of 400
+        """
+
+        token = Token.objects.get(user=User.objects.get(username='test50')).key
+
+        data = {
+            "POST_api_groups_info": {
+                "names": ["anon", "wheel"]
+            }
+        }
+        self.client.credentials(HTTP_AUTHORIZATION='Token ' + token)
+        response = self.client.post('/api/groups/modify/', data=data, format='json')
+        self.assertEqual(response.status_code, 400)
+
+    def test_unauthorized_response(self):
+        # Unauthorized: Authentication credentials were not valid
+        #Gives 403 instead of 401
+
+        data = {
+            "POST_api_groups_modify": [
+                {
+                    "name": "old_name",
+                    "actions": {
+                        "rename": "new_name"
+                    }
+                }
+            ]
+        }
+        
+        self.client.credentials(HTTP_AUTHORIZATION='Token InvalidToken')
+        response = self.client.post('/api/groups/group_info/', data=data, format='json')
+        self.assertEqual(response.status_code, 403)