Add backend endpoints for managing edit sessions.

tests/conftest.py

@@ -7,10 +7,12 @@
 from django.db import IntegrityError
 from pytest_redis import factories
 
+from tests.edit_session import common as cs
 from tests.entity import common as ce
 from tests.tag import common as ct
 from tests.user import common as cu
 from tests.user.api.integration.requests import post_login, post_register
+from vran.edit_session.models_django import EditSession, EditSessionParticipant
 from vran.entity.models_django import Entity, EntityJustification
 from vran.management.display_txt.util import DISPLAY_TXT_ORDER_CONFIG_KEY
 from vran.management.models_django import ConfigValue
@@ -202,6 +204,11 @@ def auth_server_commissioner(live_server, user_commissioner):
 
 @pytest.fixture
 def user(db):  # pylint: disable=unused-argument
+    session = EditSession.objects.create(
+        id_persistent=cs.id_session_user,
+        id_owner_persistent=cu.test_uuid,
+        name=cs.name_session_user,
+    )
     try:
         user = VranUser.objects.create_user(
             username=cu.test_username,
@@ -210,6 +217,13 @@ def user(db):  # pylint: disable=unused-argument
             first_name=cu.test_names_personal,
             id_persistent=cu.test_uuid,
             permission_group=VranUser.CONTRIBUTOR,
+            edit_session=session,
+        )
+        EditSessionParticipant.add(
+            id_session_persistent=session.id_persistent,
+            type_participant=EditSessionParticipant.INTERNAL,
+            id_participant=user.id_persistent,
+            name_participant=user.username,
         )
         return user
     except IntegrityError:
@@ -219,12 +233,24 @@ def user(db):  # pylint: disable=unused-argument
 @pytest.fixture
 def user1(db):  # pylint: disable=unused-argument
     try:
+        session = EditSession.objects.create(
+            id_persistent=cs.id_session_user1,
+            id_owner_persistent=cu.test_uuid1,
+            name=cs.name_session_user1,
+        )
         user = VranUser.objects.create_user(
             username=cu.test_username1,
             password=cu.test_password1,
             email=cu.test_email1,
             first_name=cu.test_names_personal1,
             id_persistent=cu.test_uuid1,
+            edit_session=session,
+        )
+        EditSessionParticipant.add(
+            id_session_persistent=session.id_persistent,
+            type_participant=EditSessionParticipant.INTERNAL,
+            id_participant=user.id_persistent,
+            name_participant=user.username,
         )
         return user
     except IntegrityError:
@@ -234,13 +260,25 @@ def user1(db):  # pylint: disable=unused-argument
 @pytest.fixture
 def user_commissioner(db):  # pylint: disable=unused-argument
     try:
+        session = EditSession.objects.create(
+            id_persistent=cs.id_session_commissioner,
+            id_owner_persistent=cu.test_uuid_commissioner,
+            name=cs.name_session_commissioner,
+        )
         user = VranUser.objects.create_user(
             username=cu.test_username_commissioner,
             password=cu.test_password_commissioner,
             email=cu.test_email_commissioner,
             first_name=cu.test_names_personal_commissioner,
             id_persistent=cu.test_uuid_commissioner,
             permission_group=VranUser.COMMISSIONER,
+            edit_session=session,
+        )
+        EditSessionParticipant.add(
+            id_session_persistent=session.id_persistent,
+            type_participant=EditSessionParticipant.INTERNAL,
+            id_participant=user.id_persistent,
+            name_participant=user.username,
         )
         return user
     except IntegrityError:
@@ -252,13 +290,25 @@ def user_commissioner(db):  # pylint: disable=unused-argument
 @pytest.fixture
 def user_editor(db):  # pylint: disable=unused-argument
     try:
+        session = EditSession.objects.create(
+            id_persistent=cs.id_session_editor,
+            id_owner_persistent=cu.test_uuid_editor,
+            name=cs.name_session_editor,
+        )
         user = VranUser.objects.create_user(
             username=cu.test_username_editor,
             password=cu.test_password_editor,
             email=cu.test_email_editor,
             first_name=cu.test_names_personal_editor,
             id_persistent=cu.test_uuid_editor,
             permission_group=VranUser.EDITOR,
+            edit_session=session,
+        )
+        EditSessionParticipant.add(
+            id_session_persistent=session.id_persistent,
+            type_participant=EditSessionParticipant.INTERNAL,
+            id_participant=user.id_persistent,
+            name_participant=user.username,
         )
         return user
     except IntegrityError:
@@ -269,11 +319,17 @@ def user_editor(db):  # pylint: disable=unused-argument
 
 @pytest.fixture
 def super_user(db):  # pylint: disable=unused-argument
+    session = EditSession.objects.create(
+        id_persistent=cs.id_session_super,
+        id_owner_persistent=cu.test_uuid_super,
+        name=cs.name_session_super,
+    )
     super_user = VranUser.objects.create_superuser(
         email=cu.test_email_super,
         username=cu.test_username_super,
         password=cu.test_password,
         id_persistent=cu.test_uuid_super,
+        edit_session=session,
     )
     return super_user
 

tests/edit_session/api/integration/delete_participant_test.py

@@ -0,0 +1,86 @@
+# pylint: disable=missing-module-docstring,missing-function-docstring,redefined-outer-name,invalid-name,unused-argument,too-many-locals,too-many-arguments,too-many-statements,duplicate-code
+
+
+from unittest.mock import MagicMock, patch
+
+import tests.edit_session.common as c
+import tests.user.common as cu
+from tests.edit_session.api.integration import requests as req
+from vran.edit_session.models_django import EditSessionParticipant
+from vran.exception import NotAuthenticatedException
+
+new_name = "patched name for user session"
+
+
+def test_unknown_user(auth_server, session_participant_commissioner):
+    "Test response when user can not be authenticated"
+    server, cookies = auth_server
+    mock = MagicMock()
+    mock.side_effect = NotAuthenticatedException()
+    with patch("vran.edit_session.api.check_user", mock):
+        rsp = req.delete_participant(
+            server.url, c.id_session_user, cu.test_uuid_commissioner, cookies=cookies
+        )
+    assert rsp.status_code == 401
+
+
+def test_no_cookies(auth_server, session_participant_commissioner):
+    "Check error code for missing cookies"
+    server, _cookies = auth_server
+    rsp = req.delete_participant(
+        server.url, c.id_session_user, cu.test_uuid_commissioner, cookies=None
+    )
+    assert rsp.status_code == 401
+
+
+def test_applicant(auth_server_applicant, session_participant_commissioner):
+    "Make sure applicant can not search for participants."
+    server, cookies = auth_server_applicant
+    rsp = req.delete_participant(
+        server.url, c.id_session_user, cu.test_uuid_commissioner, cookies=cookies
+    )
+    assert rsp.status_code == 403
+
+
+def test_wrong_user(auth_server1, session_participant_commissioner):
+    server, _cookies, cookies = auth_server1
+    rsp = req.delete_participant(
+        server.url, c.id_session_user, cu.test_uuid_commissioner, cookies=cookies
+    )
+    assert rsp.status_code == 403
+
+
+def test_remove_as_owner(auth_server, session_participant_commissioner):
+    "Make sure it can retrieve sessions owned by a user"
+    server, cookies = auth_server
+    assert (
+        len(EditSessionParticipant.objects.filter(edit_session_id=c.id_session_user))
+        == 2
+    )
+    rsp = req.delete_participant(
+        server.url, c.id_session_user, cu.test_uuid_commissioner, cookies=cookies
+    )
+    assert rsp.status_code == 200
+    assert (
+        len(EditSessionParticipant.objects.filter(edit_session_id=c.id_session_user))
+        == 1
+    )
+
+
+def test_remove_as_participant(
+    user, auth_server_commissioner, session_participant_commissioner
+):
+    "Make sure it can retrieve sessions owned by a user"
+    assert (
+        len(EditSessionParticipant.objects.filter(edit_session_id=c.id_session_user))
+        == 2
+    )
+    server, cookies = auth_server_commissioner
+    rsp = req.delete_participant(
+        server.url, c.id_session_user, cu.test_uuid_commissioner, cookies=cookies
+    )
+    assert rsp.status_code == 200
+    assert (
+        len(EditSessionParticipant.objects.filter(edit_session_id=c.id_session_user))
+        == 1
+    )

tests/edit_session/api/integration/get_sessions_owner_test.py

@@ -0,0 +1,63 @@
+# pylint: disable=missing-module-docstring,missing-function-docstring,redefined-outer-name,invalid-name,unused-argument,too-many-locals,too-many-arguments,too-many-statements
+
+
+from unittest.mock import MagicMock, patch
+
+import tests.edit_session.common as c
+import tests.user.common as cu
+from tests.edit_session.api.integration import requests as req
+from vran.exception import NotAuthenticatedException
+
+
+def test_unknown_user(auth_server):
+    "Test response when user can not be authenticated"
+    server, cookies = auth_server
+    mock = MagicMock()
+    mock.side_effect = NotAuthenticatedException()
+    with patch("vran.edit_session.api.check_user", mock):
+        rsp = req.get_sessions_owner(server.url, cookies=cookies)
+    assert rsp.status_code == 401
+
+
+def test_no_cookies(auth_server):
+    "Check error code for missing cookies"
+    server, _cookies = auth_server
+    rsp = req.get_sessions_owner(server.url, cookies=None)
+    assert rsp.status_code == 401
+
+
+def test_applicant(auth_server_applicant):
+    "Make sure applicant can not search for participants."
+    server, cookies = auth_server_applicant
+    rsp = req.get_sessions_owner(server.url, cookies=cookies)
+    assert rsp.status_code == 403
+
+
+def test_get_sessions_owner(auth_server, other_session):
+    "Make sure it can retrieve sessions owned by a user"
+    server, cookies = auth_server
+    rsp = req.get_sessions_owner(server.url, cookies=cookies)
+    assert rsp.status_code == 200
+    participant_json = {
+        "id_participant": cu.test_uuid,
+        "type_participant": "INTERNAL",
+        "name_participant": cu.test_username,
+    }
+    owner_json = participant_json.copy()
+    owner_json.pop("name_participant")
+    json = rsp.json()
+    session_list = json["edit_session_list"]
+    assert session_list == [
+        {
+            "id_persistent": c.id_session_user,
+            "owner": owner_json,
+            "name": c.name_session_user,
+            "participant_list": [participant_json],
+        },
+        {
+            "id_persistent": c.id_session_user_changed,
+            "owner": owner_json,
+            "name": c.name_session_user_changed,
+            "participant_list": [participant_json],
+        },
+    ]

tests/edit_session/api/integration/get_sessions_participant_test.py

@@ -0,0 +1,76 @@
+# pylint: disable=missing-module-docstring,missing-function-docstring,redefined-outer-name,invalid-name,unused-argument,too-many-locals,too-many-arguments,too-many-statements
+
+
+from unittest.mock import MagicMock, patch
+
+import tests.edit_session.common as c
+import tests.user.common as cu
+from tests.edit_session.api.integration import requests as req
+from vran.exception import NotAuthenticatedException
+
+
+def test_unknown_user(auth_server):
+    "Test response when user can not be authenticated"
+    server, cookies = auth_server
+    mock = MagicMock()
+    mock.side_effect = NotAuthenticatedException()
+    with patch("vran.edit_session.api.check_user", mock):
+        rsp = req.get_sessions_participant(server.url, cookies=cookies)
+    assert rsp.status_code == 401
+
+
+def test_no_cookies(auth_server):
+    "Check error code for missing cookies"
+    server, _cookies = auth_server
+    rsp = req.get_sessions_participant(server.url, cookies=None)
+    assert rsp.status_code == 401
+
+
+def test_applicant(auth_server_applicant):
+    "Make sure applicant can not search for participants."
+    server, cookies = auth_server_applicant
+    rsp = req.get_sessions_participant(server.url, cookies=cookies)
+    assert rsp.status_code == 403
+
+
+def test_get_sessions_participant(
+    auth_server_commissioner,
+    other_session,
+    session_participant_commissioner,
+    other_session_participant_commissioner,
+):
+    "Make sure it can retrieve sessions owned by a user"
+    server, cookies = auth_server_commissioner
+    rsp = req.get_sessions_participant(server.url, cookies=cookies)
+    assert rsp.status_code == 200
+    participant_json = {
+        "id_participant": cu.test_uuid,
+        "type_participant": "INTERNAL",
+        "name_participant": cu.test_username,
+    }
+    owner_json = participant_json.copy()
+    owner_json.pop("name_participant")
+    participant_list = [
+        participant_json,
+        {
+            "id_participant": cu.test_uuid_commissioner,
+            "type_participant": "INTERNAL",
+            "name_participant": cu.test_username_commissioner,
+        },
+    ]
+    json = rsp.json()
+    session_list = json["edit_session_list"]
+    assert session_list == [
+        {
+            "id_persistent": c.id_session_user,
+            "owner": owner_json,
+            "name": c.name_session_user,
+            "participant_list": participant_list,
+        },
+        {
+            "id_persistent": c.id_session_user_changed,
+            "owner": owner_json,
+            "name": c.name_session_user_changed,
+            "participant_list": participant_list,
+        },
+    ]