validate products section when assigned to user/company

CPCN-444
superdesk · Nov 3, 2023 · 7893efb · 7893efb
1 parent b1d5c7f
commit 7893efb
Show file tree

Hide file tree

Showing 7 changed files with 172 additions and 10 deletions.
diff --git a/server/cp/mgmt_api/companies.py b/server/cp/mgmt_api/companies.py
@@ -1,13 +1,14 @@
 from bson.objectid import ObjectId
 from flask import request, current_app as app
+from cp.mgmt_api.utils import validate_product_refs
 
 import newsroom
+import superdesk
 from newsroom.companies import CompaniesResource, CompaniesService
 from newsroom.companies.views import get_errors_company
 from newsroom.products.products import ProductsResource
 from newsroom.products.views import get_product_ref
 from newsroom.utils import find_one
-import superdesk
 from superdesk.errors import SuperdeskApiError
 
 
@@ -42,13 +43,17 @@ def on_create(self, docs):
                 raise SuperdeskApiError.badRequestError(
                     message=message, payload=message
                 )
+            if doc.get("products"):
+                validate_product_refs(doc["products"])
 
     def on_created(self, docs):
         super().on_created(docs)
         for doc in docs:
             app.cache.set(str(doc["_id"]), doc)
 
     def on_update(self, updates, original):
+        if updates.get("products"):
+            validate_product_refs(updates["products"])
         super().on_update(updates, original)
         app.cache.delete(str(original["_id"]))
 

diff --git a/server/cp/mgmt_api/users.py b/server/cp/mgmt_api/users.py
@@ -2,9 +2,11 @@
 import superdesk
 
 from bson.objectid import ObjectId
+from flask import current_app as app
 from newsroom.users import UsersResource, UsersService
 from superdesk.errors import SuperdeskApiError
-from flask import current_app as app
+
+from cp.mgmt_api.utils import validate_product_refs
 
 
 class CPUsersResource(newsroom.Resource):
@@ -20,6 +22,10 @@ def init_app(app):
 
 
 class CPUsersService(UsersService):
+    def check_permissions(self, doc, updates=None):
+        """Avoid testing if user has permissions."""
+        pass
+
     def on_create(self, docs):
         super().on_create(docs)
         for doc in docs:
@@ -32,7 +38,9 @@ def on_create(self, docs):
                 raise SuperdeskApiError.badRequestError(message=message, payload=message)
             if doc.get('company'):
                 doc['company'] = ObjectId(doc.get('company'))
+            if doc.get("products"):
+                validate_product_refs(doc["products"])
 
-    def check_permissions(self, doc, updates=None):
-        """Avoid testing if user has permissions."""
-        pass
+    def on_update(self, updates, original):
+        if updates.get("products"):
+            validate_product_refs(updates["products"])
diff --git a/server/cp/mgmt_api/utils.py b/server/cp/mgmt_api/utils.py
@@ -0,0 +1,14 @@
+import superdesk
+
+
+def validate_product_refs(products):
+    products_service = superdesk.get_resource_service("products")
+    for product_spec in products:
+        product = products_service.find_one(req=None, _id=product_spec["_id"])
+        assert product is not None and product["product_type"] == product_spec.get(
+            "section"
+        ), (
+            f"invalid product type for product {product_spec['_id']}, should be {product['product_type']}"
+            if product
+            else f"unknown product {product_spec['_id']}"
+        )
diff --git a/server/features/mgmt_api_companies.feature b/server/features/mgmt_api_companies.feature
@@ -81,4 +81,62 @@ Feature: Management API - Companies
             ]
         }
         """
-
+
+    Scenario: Validate company products section
+        Given "products"
+        """
+        [
+            {"name": "test", "query": "test", "product_type": "agenda"}
+        ]
+        """
+
+        When we post to "/companies"
+        """
+        {
+            "name": "zzz company",
+            "contact_name": "zzz company",
+            "contact_email": "[email protected]",
+            "phone": "99999999",
+            "products": [
+                {"_id": "#products._id#", "section": "wire"}
+            ]
+        }
+        """
+        Then we get error 400
+        """
+        {"code": 400, "message": "invalid product type for product #products._id#, should be agenda"}
+        """
+
+        When we post to "/companies"
+        """
+        {
+            "name": "zzz company",
+            "contact_name": "zzz company",
+            "contact_email": "[email protected]",
+            "phone": "99999999",
+            "products": [
+                {"_id": "#products._id#", "section": "agenda"}
+            ]
+        }
+        """
+        Then we get response code 201
+
+        When we patch "/companies/#companies._id#"
+        """
+        {
+            "products": [
+                {"_id": "#products._id#", "section": "wire"}
+            ]
+        }
+        """
+        Then we get error 400
+
+        When we patch "/companies/#companies._id#"
+        """
+        {
+            "products": [
+                {"_id": "#products._id#", "section": "agenda"}
+            ]
+        }
+        """
+        Then we get response code 200
diff --git a/server/features/mgmt_api_products.feature b/server/features/mgmt_api_products.feature
@@ -14,7 +14,7 @@ Feature: Management API - Products
             "name": "A fishy Product",
             "description": "a product for those interested in fish",
             "query": "fish",
-            "product_type": "news_api"
+            "product_type": "agenda"
         }]
         """
         Then we get response code 201
@@ -52,7 +52,7 @@ Feature: Management API - Products
                 "name": "A fishy Product",
                 "description": "new description",
                 "query": "fish",
-                "product_type": "news_api",
+                "product_type": "agenda",
                 "seats": 5
             }
         ]}
@@ -62,7 +62,7 @@ Feature: Management API - Products
         Then we get existing resource
         """
         {"products": [
-            {"_id": "#products._id#", "section": "news_api", "seats": 5}
+            {"_id": "#products._id#", "section": "agenda", "seats": 5}
         ]}
         """
 

diff --git a/server/features/mgmt_api_users.feature b/server/features/mgmt_api_users.feature
@@ -110,3 +110,74 @@ Feature: Management API - Users
         """
         When we delete latest
         Then we get ok response
+
+    Scenario: Validate product type
+        Scenario: Create a user
+        Given empty "users"
+        And "products"
+        """
+        [
+            {"name": "test", "query": "test", "product_type": "agenda"}
+        ]
+        """
+        And "companies"
+        """
+        [{"name": "zzz company"}]
+        """
+
+        When we post to "/users"
+        """
+        {
+            "first_name": "John",
+            "last_name": "Cena",
+            "email": "[email protected]",
+            "company": "#companies._id#",
+            "sections": {
+                "agenda": true
+            },
+            "products": [
+                {"_id": "#products._id#", "section": "wire"}
+            ]
+        }
+        """
+        Then we get error 400
+        """
+        {"code": 400, "message": "invalid product type for product #products._id#, should be agenda"}
+        """
+
+        When we post to "/users"
+        """
+        {
+            "first_name": "John",
+            "last_name": "Cena",
+            "email": "[email protected]",
+            "company": "#companies._id#",
+            "sections": {
+                "agenda": true
+            },
+            "products": [
+                {"section": "agenda", "_id": "#products._id#"}
+            ]
+        }
+        """
+        Then we get response code 201
+
+        When we patch "/users/#users._id#"
+        """
+        {
+            "products": [
+                {"section": "wire", "_id": "#products._id#"}
+            ]
+        }
+        """
+        Then we get error 400
+
+        When we patch "/users/#users._id#"
+        """
+        {
+            "products": [
+                {"section": "agenda", "_id": "#products._id#"}
+            ]
+        }
+        """
+        Then we get response code 200
diff --git a/server/theme/swagger.yaml b/server/theme/swagger.yaml
@@ -663,7 +663,7 @@ components:
 
     ProductType:
       type: string
-      default: 'wire'
+      example: wire
       enum:
         - wire
         - agenda
@@ -790,6 +790,9 @@ components:
                 $ref: '#/components/schemas/ProductType'
               _id:
                 $ref: '#/components/schemas/ObjectId'
+            required:
+              - _id
+              - section
 
       required:
         - first_name
@@ -865,6 +868,9 @@ components:
               seats:
                 type: number
                 example: 5
+            required:
+              - _id
+              - section
 
       required:
         - name