Merge pull request #1116 from thunderstore-io/cyberstorm-api-update-team

Implement update team endpoint (TS-2314)

Author: Roffenlund

django/thunderstore/api/cyberstorm/serializers/__init__.py

@@ -11,6 +11,7 @@
     CyberstormTeamAddMemberResponseSerializer,
     CyberstormTeamMemberSerializer,
     CyberstormTeamSerializer,
+    CyberstormTeamUpdateSerializer,
 )
 
 __all__ = [
@@ -25,4 +26,5 @@
     "CyberstormTeamMemberSerializer",
     "CyberstormTeamSerializer",
     "PackagePermissionsSerializer",
+    "CyberstormTeamUpdateSerializer",
 ]

django/thunderstore/api/cyberstorm/serializers/team.py

@@ -1,5 +1,6 @@
 from typing import Optional
 
+from django.core.validators import URLValidator
 from rest_framework import serializers
 
 from thunderstore.repository.forms import AddTeamMemberForm
@@ -53,3 +54,9 @@ class CyberstormCreateTeamSerializer(serializers.Serializer):
     name = serializers.CharField(
         max_length=64, validators=[PackageReferenceComponentValidator("Author name")]
     )
+
+
+class CyberstormTeamUpdateSerializer(serializers.Serializer):
+    donation_link = serializers.CharField(
+        max_length=1024, validators=[URLValidator(["https"])]
+    )

django/thunderstore/api/cyberstorm/services/team.py

@@ -31,3 +31,14 @@ def create_team(user: UserType, team_name: str) -> Team:
     team = Team.objects.create(name=team_name)
     team.add_member(user=user, role=TeamMemberRole.owner)
     return team
+
+
+@transaction.atomic
+def update_team(agent: UserType, team: Team, donation_link: str) -> Team:
+    team.ensure_user_can_access(agent)
+    team.ensure_user_can_edit_info(agent)
+
+    team.donation_link = donation_link
+    team.save()
+
+    return team

django/thunderstore/api/cyberstorm/tests/services/test_team_services.py

@@ -3,6 +3,7 @@
 from django.http import Http404
 
 from thunderstore.api.cyberstorm.services import team as team_services
+from thunderstore.core.exceptions import PermissionValidationError
 from thunderstore.repository.models import Namespace, Team, TeamMemberRole
 
 
@@ -67,3 +68,38 @@ def test_create_team_success(user):
     assert Team.objects.filter(name=team_name).exists()
     assert team.name == team_name
     assert team.members.filter(user=user, role=TeamMemberRole.owner).exists()
+
+
+@pytest.mark.django_db
+def test_update_team_success(team_owner):
+    team = team_owner.team
+    new_donation_link = "https://example.com/donate"
+    updated_team = team_services.update_team(
+        agent=team_owner.user, team=team, donation_link=new_donation_link
+    )
+
+    assert updated_team.donation_link == new_donation_link
+
+
+@pytest.mark.django_db
+def test_update_team_user_cannot_access(user, team):
+    new_donation_link = "https://example.com/donate"
+
+    error_msg = "Must be a member to access team"
+    with pytest.raises(PermissionValidationError, match=error_msg):
+        team_services.update_team(
+            agent=user, team=team, donation_link=new_donation_link
+        )
+
+
+@pytest.mark.django_db
+def test_update_team_user_cannot_edit_info(team_member):
+    new_donation_link = "https://example.com/donate"
+
+    error_msg = "Must be an owner to edit team info"
+    with pytest.raises(PermissionValidationError, match=error_msg):
+        team_services.update_team(
+            agent=team_member.user,
+            team=team_member.team,
+            donation_link=new_donation_link,
+        )

django/thunderstore/api/cyberstorm/tests/test_endpoints.py

@@ -42,7 +42,11 @@
 put_payload_map = {}
 
 
-patch_payload_map = {}
+patch_payload_map = {
+    "/api/cyberstorm/team/{team_name}/update/": {
+        "donation_link": "https://example.com/donate",
+    }
+}
 
 
 payload_mapping = {
@@ -162,7 +166,7 @@ def test_validate_extracted_paths_with_urlpatterns(api_client):
 
 @pytest.mark.django_db
 @pytest.mark.parametrize("http_verb", ["put", "patch", "post"])
-def test_find_missing_post_endpoints(api_client, http_verb):
+def test_find_missing_endpoints(api_client, http_verb):
     schema = get_schema(api_client)
     api_paths = extract_paths(schema, "cyberstorm", http_verb)
     failures = []

django/thunderstore/api/cyberstorm/tests/test_team.py

@@ -322,3 +322,137 @@ def test_team_member_add_api_view__when_adding_a_member__fails_because_user_is_n
         .count()
         == 0
     )
+
+
+@pytest.mark.django_db
+def test_team_update_succeeds(
+    api_client: APIClient,
+    user: UserType,
+    team: Team,
+):
+    TeamMemberFactory(team=team, user=user, role="owner")
+    api_client.force_authenticate(user)
+
+    new_donation_link = "https://example.com"
+
+    response = api_client.patch(
+        f"/api/cyberstorm/team/{team.name}/update/",
+        json.dumps({"donation_link": new_donation_link}),
+        content_type="application/json",
+    )
+
+    expected_response = {"donation_link": new_donation_link}
+    assert response.status_code == 200
+
+    assert response.json() == expected_response
+    assert Team.objects.get(pk=team.pk).donation_link == new_donation_link
+
+
+@pytest.mark.django_db
+def test_team_update_fails_user_not_authenticated(
+    api_client: APIClient,
+    team: Team,
+):
+    new_donation_link = "https://example.com"
+
+    response = api_client.patch(
+        f"/api/cyberstorm/team/{team.name}/update/",
+        json.dumps({"donation_link": new_donation_link}),
+        content_type="application/json",
+    )
+
+    expected_response = {"detail": "Authentication credentials were not provided."}
+
+    assert response.status_code == 401
+    assert response.json() == expected_response
+    assert Team.objects.get(pk=team.pk).donation_link is None
+
+
+@pytest.mark.django_db
+def test_team_update_fails_validation(
+    api_client: APIClient,
+    user: UserType,
+    team: Team,
+):
+    TeamMemberFactory(team=team, user=user, role="owner")
+    api_client.force_authenticate(user)
+
+    new_bad_donation_link = "example.com"
+
+    response = api_client.patch(
+        f"/api/cyberstorm/team/{team.name}/update/",
+        json.dumps({"donation_link": new_bad_donation_link}),
+        content_type="application/json",
+    )
+
+    expected_response = {"donation_link": ["Enter a valid URL."]}
+
+    assert response.status_code == 400
+    assert response.json() == expected_response
+
+
+@pytest.mark.django_db
+def test_team_update_fail_user_not_owner(
+    api_client: APIClient,
+    user: UserType,
+    team: Team,
+):
+    TeamMemberFactory(team=team, user=user, role="member")
+    api_client.force_authenticate(user)
+
+    new_donation_link = "https://example.com"
+
+    response = api_client.patch(
+        f"/api/cyberstorm/team/{team.name}/update/",
+        json.dumps({"donation_link": new_donation_link}),
+        content_type="application/json",
+    )
+
+    expected_response = {"non_field_errors": ["Must be an owner to edit team info"]}
+
+    assert response.status_code == 403
+    assert response.json() == expected_response
+    assert Team.objects.get(pk=team.pk).donation_link is None
+
+
+@pytest.mark.django_db
+def test_team_update_fail_team_does_not_exist(
+    api_client: APIClient,
+    user: UserType,
+):
+    api_client.force_authenticate(user)
+
+    new_donation_link = "https://example.com"
+
+    response = api_client.patch(
+        "/api/cyberstorm/team/FakeTeam/update/",
+        json.dumps({"donation_link": new_donation_link}),
+        content_type="application/json",
+    )
+
+    expected_response = {"detail": "Not found."}
+
+    assert response.status_code == 404
+    assert response.json() == expected_response
+
+
+@pytest.mark.django_db
+def test_team_update_fail_user_not_team_member(
+    api_client: APIClient,
+    user: UserType,
+    team: Team,
+):
+    api_client.force_authenticate(user)
+
+    new_donation_link = "https://example.com"
+
+    response = api_client.patch(
+        f"/api/cyberstorm/team/{team.name}/update/",
+        json.dumps({"donation_link": new_donation_link}),
+        content_type="application/json",
+    )
+
+    expected_response = {"non_field_errors": ["Must be a member to access team"]}
+
+    assert response.status_code == 403
+    assert response.json() == expected_response

django/thunderstore/api/cyberstorm/views/__init__.py

@@ -24,6 +24,7 @@
     TeamMemberAddAPIView,
     TeamMemberListAPIView,
     TeamServiceAccountListAPIView,
+    UpdateTeamAPIView,
 )
 
 __all__ = [
@@ -49,4 +50,5 @@
     "UpdatePackageListingCategoriesAPIView",
     "RejectPackageListingAPIView",
     "ApprovePackageListingAPIView",
+    "UpdateTeamAPIView",
 ]

django/thunderstore/api/cyberstorm/views/team.py

@@ -1,4 +1,3 @@
-from django.core.exceptions import ValidationError as DjangoValidationError
 from django.db.models import Q, QuerySet
 from rest_framework import status
 from rest_framework.exceptions import PermissionDenied, ValidationError
@@ -16,8 +15,13 @@
     CyberstormTeamAddMemberResponseSerializer,
     CyberstormTeamMemberSerializer,
     CyberstormTeamSerializer,
+    CyberstormTeamUpdateSerializer,
+)
+from thunderstore.api.cyberstorm.services.team import (
+    create_team,
+    disband_team,
+    update_team,
 )
-from thunderstore.api.cyberstorm.services import team as team_services
 from thunderstore.api.ordering import StrictOrderingFilter
 from thunderstore.api.utils import (
     CyberstormAutoSchemaMixin,
@@ -66,7 +70,7 @@ def post(self, request, *args, **kwargs):
         serializer = CyberstormCreateTeamSerializer(data=request.data)
         serializer.is_valid(raise_exception=True)
         team_name = serializer.validated_data["name"]
-        team = team_services.create_team(user=request.user, team_name=team_name)
+        team = create_team(user=request.user, team_name=team_name)
         return_data = CyberstormTeamSerializer(team).data
         return Response(return_data, status=status.HTTP_201_CREATED)
 
@@ -135,5 +139,32 @@ class DisbandTeamAPIView(APIView):
     )
     def delete(self, request, *args, **kwargs):
         team_name = kwargs["team_name"]
-        team_services.disband_team(user=request.user, team_name=team_name)
+        disband_team(user=request.user, team_name=team_name)
         return Response(status=status.HTTP_204_NO_CONTENT)
+
+
+class UpdateTeamAPIView(APIView):
+    permission_classes = [IsAuthenticated]
+    serializer_class = CyberstormTeamUpdateSerializer
+    http_method_names = ["patch"]
+
+    @conditional_swagger_auto_schema(
+        operation_id="cyberstorm.team.update",
+        tags=["cyberstorm"],
+        request_body=CyberstormTeamUpdateSerializer,
+        responses={status.HTTP_200_OK: serializer_class},
+    )
+    def patch(self, request, team_name, *args, **kwargs):
+        team = get_object_or_404(Team.objects.exclude(is_active=False), name=team_name)
+
+        serializer = self.serializer_class(data=request.data)
+        serializer.is_valid(raise_exception=True)
+
+        updated_team = update_team(
+            agent=request.user,
+            team=team,
+            donation_link=serializer.validated_data["donation_link"],
+        )
+
+        return_data = self.serializer_class(instance=updated_team).data
+        return Response(return_data, status=status.HTTP_200_OK)

django/thunderstore/api/urls.py

@@ -23,6 +23,7 @@
     TeamMemberListAPIView,
     TeamServiceAccountListAPIView,
     UpdatePackageListingCategoriesAPIView,
+    UpdateTeamAPIView,
 )
 
 cyberstorm_urls = [
@@ -126,6 +127,11 @@
         TeamAPIView.as_view(),
         name="cyberstorm.team",
     ),
+    path(
+        "team/<str:team_name>/update/",
+        UpdateTeamAPIView.as_view(),
+        name="cyberstorm.team.update",
+    ),
     path(
         "team/<str:team_name>/disband/",
         DisbandTeamAPIView.as_view(),

django/thunderstore/repository/forms/team.py

@@ -4,6 +4,7 @@
 from django.contrib.auth import get_user_model
 from django.core.exceptions import ObjectDoesNotExist, ValidationError
 
+from thunderstore.api.cyberstorm.services.team import update_team
 from thunderstore.core.exceptions import PermissionValidationError
 from thunderstore.core.types import UserType
 from thunderstore.repository.models import (
@@ -183,10 +184,20 @@ def __init__(self, user: UserType, *args, **kwargs):
     def clean(self):
         if not self.instance.pk:
             raise ValidationError("Missing team instance")
-        self.instance.ensure_user_can_edit_info(self.user)
         return super().clean()
 
     @transaction.atomic
     def save(self, **kwargs):
-        self.instance.ensure_user_can_edit_info(self.user)
-        return super().save(**kwargs)
+        if self.errors:
+            raise ValidationError(self.errors)
+
+        try:
+            update_team(
+                agent=self.user,
+                team=self.instance,
+                donation_link=self.cleaned_data["donation_link"],
+            )
+        except ValidationError as e:
+            self.add_error(None, e)
+
+        return self.instance