Merge branch 'mapping-team' into develop

osmchadjango/users/tests/test_views.py

@@ -166,3 +166,216 @@ def test_filters(self):
         response = self.client.get(self.url, {'trusted': 'false'})
         self.assertEqual(response.status_code, 200)
         self.assertEqual(response.data.get('count'), 1)
+
+
+class TestMappingTeamDetailAPIView(APITestCase):
+    def setUp(self):
+        self.user = User.objects.create_user(
+            username='test',
+            password='password',
+            email='[email protected]'
+            )
+        self.social_auth = UserSocialAuth.objects.create(
+            user=self.user,
+            provider='openstreetmap',
+            uid='123123',
+            )
+        self.payload = {
+            "name": "Map Company",
+            "users": [
+                {
+                    "username" : "test_1",
+                    "doj" : "2017-02-13T00:00:00Z",
+                    "uid" : "989",
+                    "dol" : ""
+                },
+                {
+                    "username" : "test_2",
+                    "doj" : "2017-02-13T00:00:00Z",
+                    "uid" : "987",
+                    "dol" : ""
+                }
+            ],
+            "trusted": True
+        }
+        self.team = MappingTeam.objects.create(
+            name="Group of Users",
+            users=self.payload,
+            created_by=self.user
+            )
+
+    def test_unauthenticated(self):
+        url = reverse('users:mapping-team-detail', args=[self.team.id])
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, 401)
+
+        response = self.client.put(url, data=self.payload)
+        self.assertEqual(response.status_code, 401)
+
+        response = self.client.patch(url, data=self.payload)
+        self.assertEqual(response.status_code, 401)
+
+        response = self.client.delete(url)
+        self.assertEqual(response.status_code, 401)
+
+    def test_with_owner(self):
+        url = reverse('users:mapping-team-detail', args=[self.team.id])
+        self.client.login(username='test', password='password')
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, 200)
+
+        response = self.client.put(url, data=self.payload)
+        self.assertEqual(response.status_code, 200)
+
+        response = self.client.patch(url, data=self.payload)
+        self.assertEqual(response.status_code, 200)
+
+        self.assertEqual(MappingTeam.objects.filter(trusted=False).count(), 1)
+        self.assertEqual(MappingTeam.objects.filter(trusted=True).count(), 0)
+
+        response = self.client.delete(url)
+        self.assertEqual(response.status_code, 204)
+        self.assertEqual(MappingTeam.objects.count(), 0)
+
+    def test_with_staff_user(self):
+        user = User.objects.create_user(
+            username='staff_user',
+            password='password',
+            email='[email protected]',
+            is_staff=True
+            )
+        url = reverse('users:mapping-team-detail', args=[self.team.id])
+        self.client.login(username='staff_user', password='password')
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, 200)
+
+        response = self.client.put(url, data=self.payload)
+        self.assertEqual(response.status_code, 200)
+
+        response = self.client.patch(url, data=self.payload)
+        self.assertEqual(response.status_code, 200)
+
+        response = self.client.delete(url)
+        self.assertEqual(response.status_code, 204)
+
+    def test_with_other_user(self):
+        user = User.objects.create_user(
+            username='test_2',
+            password='password',
+            email='[email protected]'
+            )
+        url = reverse('users:mapping-team-detail', args=[self.team.id])
+        self.client.login(username='test_2', password='password')
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, 200)
+
+        response = self.client.put(url, data=self.payload)
+        self.assertEqual(response.status_code, 403)
+
+        response = self.client.patch(url, data=self.payload)
+        self.assertEqual(response.status_code, 403)
+
+        response = self.client.delete(url)
+        self.assertEqual(response.status_code, 403)
+
+
+class TestMappingTeamTrustingAPIView(APITestCase):
+    def setUp(self):
+        self.user = User.objects.create_user(
+            username='test',
+            password='password',
+            email='[email protected]'
+            )
+        self.social_auth = UserSocialAuth.objects.create(
+            user=self.user,
+            provider='openstreetmap',
+            uid='123123',
+            )
+        self.payload = {
+            "name": "Map Company",
+            "users": [
+                {
+                    "username" : "test_1",
+                    "doj" : "2017-02-13T00:00:00Z",
+                    "uid" : "989",
+                    "dol" : ""
+                },
+                {
+                    "username" : "test_2",
+                    "doj" : "2017-02-13T00:00:00Z",
+                    "uid" : "987",
+                    "dol" : ""
+                }
+            ],
+            "trusted": True
+        }
+        self.team = MappingTeam.objects.create(
+            name="Group of Users",
+            users=self.payload,
+            created_by=self.user
+            )
+
+    def test_unauthenticated(self):
+        url = reverse('users:trust-mapping-team', args=[self.team.id])
+        response = self.client.put(url)
+        self.assertEqual(response.status_code, 401)
+
+        url = reverse('users:untrust-mapping-team', args=[self.team.id])
+        response = self.client.put(url)
+        self.assertEqual(response.status_code, 401)
+
+    def test_with_owner(self):
+        url = reverse('users:trust-mapping-team', args=[self.team.id])
+        self.client.login(username='test', password='password')
+        response = self.client.put(url)
+        self.assertEqual(response.status_code, 403)
+
+        url = reverse('users:untrust-mapping-team', args=[self.team.id])
+        response = self.client.put(url)
+        self.assertEqual(response.status_code, 403)
+
+        self.assertEqual(MappingTeam.objects.filter(trusted=False).count(), 1)
+        self.assertEqual(MappingTeam.objects.filter(trusted=True).count(), 0)
+
+    def test_with_staff_user(self):
+        user = User.objects.create_user(
+            username='staff_user',
+            password='password',
+            email='[email protected]',
+            is_staff=True
+            )
+        url = reverse('users:trust-mapping-team', args=[self.team.id])
+        self.client.login(username='staff_user', password='password')
+
+        response = self.client.put(url)
+        self.assertEqual(response.status_code, 200)
+        self.team.refresh_from_db()
+        self.assertEqual(MappingTeam.objects.filter(trusted=False).count(), 0)
+        self.assertEqual(MappingTeam.objects.filter(trusted=True).count(), 1)
+
+        url = reverse('users:untrust-mapping-team', args=[self.team.id])
+
+        response = self.client.put(url)
+        self.assertEqual(response.status_code, 200)
+        self.team.refresh_from_db()
+        self.assertEqual(MappingTeam.objects.filter(trusted=False).count(), 1)
+        self.assertEqual(MappingTeam.objects.filter(trusted=True).count(), 0)
+
+    def test_with_other_user(self):
+        user = User.objects.create_user(
+            username='test_2',
+            password='password',
+            email='[email protected]'
+            )
+        self.client.login(username='test_2', password='password')
+
+        url = reverse('users:trust-mapping-team', args=[self.team.id])
+        response = self.client.put(url)
+        self.assertEqual(response.status_code, 403)
+
+        url = reverse('users:untrust-mapping-team', args=[self.team.id])
+        response = self.client.put(url)
+        self.assertEqual(response.status_code, 403)
+
+        self.assertEqual(MappingTeam.objects.filter(trusted=False).count(), 1)
+        self.assertEqual(MappingTeam.objects.filter(trusted=True).count(), 0)

osmchadjango/users/urls.py

@@ -23,4 +23,19 @@
         views.MappingTeamListCreateAPIView.as_view(),
         name="mapping-team"
         ),
+    re_path(
+        r'^mapping-team/(?P<pk>\d+)/$',
+        views.MappingTeamDetailAPIView.as_view(),
+        name="mapping-team-detail"
+        ),
+    re_path(
+        r'^mapping-team/(?P<pk>\d+)/trust/$',
+        view=views.MappingTeamTrustingAPIView.as_view({'put': 'set_trusted'}),
+        name='trust-mapping-team'
+    ),
+    re_path(
+        r'^mapping-team/(?P<pk>\d+)/untrust/$',
+        view=views.MappingTeamTrustingAPIView.as_view({'put': 'set_untrusted'}),
+        name='untrust-mapping-team'
+    ),
     ]

osmchadjango/users/views.py

@@ -6,9 +6,15 @@
 
 from rest_framework.authtoken.models import Token
 from rest_framework.generics import (
-    ListCreateAPIView, RetrieveUpdateAPIView, GenericAPIView
+    ListCreateAPIView, RetrieveUpdateAPIView, RetrieveUpdateDestroyAPIView,
+    GenericAPIView
     )
-from rest_framework.permissions import IsAuthenticated
+from rest_framework.viewsets import ModelViewSet
+from rest_framework.permissions import (
+    IsAuthenticated, IsAdminUser, BasePermission, SAFE_METHODS
+    )
+from rest_framework.decorators import detail_route
+from rest_framework import status
 from rest_framework.response import Response
 from social_django.utils import load_strategy, load_backend
 from requests_oauthlib import OAuth1Session
@@ -23,6 +29,18 @@
 User = get_user_model()
 
 
+class IsOwnerAdminOrReadOnly(BasePermission):
+    """Object-level permission to only allow owners of an object to edit it."""
+
+    def has_object_permission(self, request, view, obj):
+        # Read permissions are allowed to any request,
+        # so we'll always allow GET, HEAD or OPTIONS requests.
+        if request.method in SAFE_METHODS:
+            return True
+        else:
+            return obj.created_by == request.user or request.user.is_staff
+
+
 class CurrentUserDetailAPIView(RetrieveUpdateAPIView):
     """
     get:
@@ -132,3 +150,54 @@ def perform_create(self, serializer):
         serializer.save(
             created_by=self.request.user,
             )
+
+
+class MappingTeamDetailAPIView(RetrieveUpdateDestroyAPIView):
+    """List and create Mapping teams."""
+    queryset = MappingTeam.objects.all()
+    serializer_class = MappingTeamSerializer
+    permission_classes = (IsAuthenticated, IsOwnerAdminOrReadOnly,)
+
+
+class MappingTeamTrustingAPIView(ModelViewSet):
+    queryset = MappingTeam.objects.all()
+    serializer_class = MappingTeamSerializer
+    permission_classes = (IsAdminUser,)
+
+    def update_team(self, team, request, trusted):
+        """Update 'checked', 'harmful', 'check_user', 'check_date' fields of the
+        changeset and return a 200 response"""
+        team.trusted = trusted
+        team.save(
+            update_fields=['trusted']
+            )
+        return Response(
+            {'detail': 'Mapping Team set as {}.'.format('trusted' if trusted else 'untrusted')},
+            status=status.HTTP_200_OK
+            )
+
+    @detail_route(methods=['put'])
+    def set_trusted(self, request, pk):
+        """Set a Mapping Team as trusted. You don't need to send data,
+        just make an empty PUT request.
+        """
+        team = self.get_object()
+        if team.trusted:
+            return Response(
+                {'detail': 'Mapping team is already trusted.'},
+                status=status.HTTP_403_FORBIDDEN
+                )
+        return self.update_team(team, request, trusted=True)
+
+    @detail_route(methods=['put'])
+    def set_untrusted(self, request, pk):
+        """Set a Mapping Team as untrusted. You don't need to send data,
+        just make an empty PUT request.
+        """
+        team = self.get_object()
+        if team.trusted == False:
+            return Response(
+                {'detail': 'Mapping team is already untrusted.'},
+                status=status.HTTP_403_FORBIDDEN
+                )
+        return self.update_team(team, request, trusted=False)