Skip to content

Commit fa0e5a4

Browse files
HadleyKingHadleyKing
committed
Update documentation and tests
fix #168 Changes to be committed: modified: api/scripts/method_specific/POST_api_objects_drafts_modify.py modified: api/views.py modified: tests/test_views/test_api_objects_drafts_modify.py
1 parent 15b1a50 commit fa0e5a4

File tree

3 files changed

+262
-118
lines changed

3 files changed

+262
-118
lines changed

api/scripts/method_specific/POST_api_objects_drafts_modify.py

Lines changed: 90 additions & 75 deletions
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,12 @@ def post_api_objects_drafts_modify(request):
4141

4242
db_utils = DbUtils.DbUtils()
4343
user = UserUtils.UserUtils().user_from_request(request=request)
44-
bulk_request = request.data["POST_api_objects_drafts_modify"]
44+
try:
45+
bulk_request = request.data["POST_api_objects_drafts_modify"]
46+
except KeyError as error:
47+
return Response(status=status.HTTP_400_BAD_REQUEST, data={
48+
'KeyError': f'{str(error)}'
49+
})
4550
px_perms = UserUtils.UserUtils().prefix_perms_for_user(
4651
flatten=True, user_object=user, specific_permission=["add"]
4752
)
@@ -50,101 +55,111 @@ def post_api_objects_drafts_modify(request):
5055
returning = []
5156
any_failed = False
5257
for draft_object in bulk_request:
53-
# Get the prefix for this draft.
54-
prefix = draft_object["object_id"].split("/")[-2].split("_")[0].upper()
58+
try:
59+
# Get the prefix for this draft.
60+
prefix = draft_object["object_id"].split("/")[-2].split("_")[0].upper()
5561

56-
# Does the requestor have change permissions for
57-
# the *prefix*?
62+
# Does the requestor have change permissions for
63+
# the *prefix*?
5864

59-
# TODO: add permission setting view...
60-
# if 'change_' + prefix in px_perms:
61-
if "add_" + prefix in px_perms:
65+
# TODO: add permission setting view...
66+
# if 'change_' + prefix in px_perms:
6267

63-
# The requestor has change permissions for
64-
# the prefix, but do they have object-level
65-
# change permissions?
68+
if "add_" + prefix in px_perms:
6669

67-
# This can be checked by seeing if the requestor
68-
# is the object owner OR they are a user with
69-
# object-level change permissions OR if they are in a
70-
# group that has object-level change permissions.
71-
# To check these options, we need the actual object.
70+
# The requestor has change permissions for
71+
# the prefix, but do they have object-level
72+
# change permissions?
7273

73-
if draft_object["object_id"] not in draft_object["contents"]["object_id"]:
74-
returning.append(
75-
db_utils.messages(
76-
parameters={
77-
"object_id": draft_object["contents"]["object_id"],
78-
"draft_object_id": draft_object["object_id"],
79-
}
80-
)["409_draft_object_id_conflict"]
81-
)
82-
any_failed = True
83-
continue
74+
# This can be checked by seeing if the requestor
75+
# is the object owner OR they are a user with
76+
# object-level change permissions OR if they are in a
77+
# group that has object-level change permissions.
78+
# To check these options, we need the actual object.
79+
if draft_object["object_id"] not in draft_object["contents"]["object_id"]:
80+
returning.append(
81+
db_utils.messages(
82+
parameters={
83+
"object_id": draft_object["contents"]["object_id"],
84+
"draft_object_id": draft_object["object_id"],
85+
}
86+
)["409_draft_object_id_conflict"]
87+
)
88+
any_failed = True
89+
continue
8490

85-
if BCO.objects.filter(
86-
object_id=draft_object["contents"]["object_id"]
87-
).exists():
88-
objected = BCO.objects.get(
91+
if BCO.objects.filter(
8992
object_id=draft_object["contents"]["object_id"]
90-
)
93+
).exists():
94+
objected = BCO.objects.get(
95+
object_id=draft_object["contents"]["object_id"]
96+
)
9197

92-
# We don't care where the view permission comes from,
93-
# be it a User permission or a Group permission.
94-
all_permissions = get_perms(user, objected)
95-
# TODO: add permission setting view...
96-
if (
97-
user.username == objected.owner_user.username
98-
or "add_" + prefix in px_perms
99-
):
100-
101-
# # User does *NOT* have to be in the owner group!
102-
# # to assign the object's group owner.
103-
# if Group.objects.filter(
104-
# name = draft_object['owner_group'].lower()
105-
# ).exists():
106-
#
107-
# Update the object.
108-
# *** COMPLETELY OVERWRITES CONTENTS!!! ***
109-
objected.contents = draft_object["contents"]
110-
111-
if "state" in draft_object:
112-
if draft_object["state"] == "DELETE":
113-
objected.state = "DELETE"
114-
115-
# Set the update time.
116-
objected.last_update = timezone.now()
117-
118-
# Save it.
119-
objected.save()
120-
121-
# Update the request status.
98+
# We don't care where the view permission comes from,
99+
# be it a User permission or a Group permission.
100+
all_permissions = get_perms(user, objected)
101+
# TODO: add permission setting view...
102+
if (
103+
user.username == objected.owner_user.username
104+
or "add_" + prefix in px_perms
105+
):
106+
107+
# # User does *NOT* have to be in the owner group!
108+
# # to assign the object's group owner.
109+
# if Group.objects.filter(
110+
# name = draft_object['owner_group'].lower()
111+
# ).exists():
112+
#
113+
# Update the object.
114+
# *** COMPLETELY OVERWRITES CONTENTS!!! ***
115+
objected.contents = draft_object["contents"]
116+
117+
if "state" in draft_object:
118+
if draft_object["state"] == "DELETE":
119+
objected.state = "DELETE"
120+
121+
# Set the update time.
122+
objected.last_update = timezone.now()
123+
124+
# Save it.
125+
objected.save()
126+
127+
# Update the request status.
128+
returning.append(
129+
db_utils.messages(
130+
parameters={"object_id": draft_object["object_id"]}
131+
)["200_update"]
132+
)
133+
else:
134+
# Insufficient permissions.
135+
returning.append(
136+
db_utils.messages(parameters={
137+
})["403_insufficient_permissions"]
138+
)
139+
any_failed = True
140+
141+
else:
122142
returning.append(
123143
db_utils.messages(
124144
parameters={"object_id": draft_object["object_id"]}
125-
)["200_update"]
126-
)
127-
else:
128-
# Insufficient permissions.
129-
returning.append(
130-
db_utils.messages(parameters={})["403_insufficient_permissions"]
145+
)["404_object_id"]
131146
)
132147
any_failed = True
133-
134148
else:
135149
returning.append(
136-
db_utils.messages(
137-
parameters={"object_id": draft_object["object_id"]}
138-
)["404_object_id"]
150+
db_utils.messages(parameters={"prefix": prefix})[
151+
"401_prefix_unauthorized"
152+
]
139153
)
140154
any_failed = True
141-
else:
155+
except:
142156
returning.append(
143-
db_utils.messages(parameters={"prefix": prefix})[
144-
"401_prefix_unauthorized"
157+
db_utils.messages(parameters={})[
158+
"400_bad_request"
145159
]
146160
)
147161
any_failed = True
162+
148163
if any_failed and len(returning) == 1:
149164
if returning[0]["status_code"] == "403":
150165
return Response(status=status.HTTP_403_FORBIDDEN, data=returning)

api/views.py

Lines changed: 18 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -627,13 +627,13 @@ def post(self, request) -> Response:
627627

628628
class ApiObjectsDraftsModify(APIView):
629629
"""
630-
Modify a BCO Object
630+
Bulk Modify BCO Objects
631631
632632
--------------------
633633
634-
Modifies a BCO object. The BCO object must be a draft in order to be
635-
modifiable. WARNING: The contents of the BCO will be replaced with the new
636-
contents provided in the request body.
634+
Modifies one or more BCO objects. The BCO objects must be a draft in order
635+
to be modifiable. WARNING: The contents of the BCO will be replaced with
636+
the new contents provided in the request body.
637637
"""
638638

639639
POST_api_objects_drafts_modify_schema = openapi.Schema(
@@ -668,19 +668,24 @@ class ApiObjectsDraftsModify(APIView):
668668
@swagger_auto_schema(
669669
request_body=request_body,
670670
responses={
671-
200: "Modification of BCO draft is successful.",
671+
200: "All modifications of BCO drafts are successful.",
672672
207: "Some or all BCO modifications failed. Each object submitted"
673673
" will have it's own response object with it's own status"
674674
" code and message:\n"
675-
"201: The prefix * was successfully created.\n"
676-
"400: Bad Request. The expiration date * is not valid.\n"
677-
"400: Bad Request. The prefix * does not follow the naming rules for a prefix.\n"
678-
"403: Forbidden. User does not have permission to perform this action.\n"
679-
"404: Not Found. The user * was not found on the server.\n"
680-
"409: Conflict. The prefix the requestor is attempting to create already exists.\n",
681-
401: "Unauthorized. Authentication credentials were not provided.",
675+
"200: Success. The object with ID <'object_id'> was"
676+
"updated.\n"
677+
"400: Bad request. The request could not be processed with"
678+
"the parameters provided.\n "
679+
"401: Prefix unauthorized. The token provided does not "
680+
"have draft permissions for this prefix <'prefix'>.\n"
681+
"404: Not Found. The object ID <'object_id'> was not found "
682+
"on the server.\n"
683+
"409: Conflict. The provided object_id <'object_id'> does "
684+
"not match the saved draft object_id <'object_id'>. "
685+
"Once a draft is created you can not change the "
686+
"object_id.\n",
682687
400: "Bad request.",
683-
403: "Invalid token.",
688+
403: "Forbidden. Authentication credentials were not provided, or the token is invalid."
684689
},
685690
tags=["BCO Management"],
686691
)

0 commit comments

Comments
 (0)