From 7c6b20597b4787ff3d0f5e0f20c637949ee2d9d1 Mon Sep 17 00:00:00 2001 From: Cayo Puigdefabregas Date: Wed, 20 Oct 2021 14:53:33 +0200 Subject: [PATCH] fixing supplier permitions --- .../resources/documents/documents.py | 20 +++---- tests/test_metrics.py | 59 +++++++++++++++++-- 2 files changed, 62 insertions(+), 17 deletions(-) diff --git a/ereuse_devicehub/resources/documents/documents.py b/ereuse_devicehub/resources/documents/documents.py index 4e25c007..bb7a4834 100644 --- a/ereuse_devicehub/resources/documents/documents.py +++ b/ereuse_devicehub/resources/documents/documents.py @@ -3,11 +3,9 @@ import enum import uuid import time import datetime -import pathlib from collections import OrderedDict from io import StringIO from typing import Callable, Iterable, Tuple -from decouple import config import boltons import flask @@ -92,7 +90,6 @@ class DocumentView(DeviceView): res = flask.make_response(template) return res - @staticmethod def erasure(query: db.Query): def erasures(): @@ -153,7 +150,7 @@ class DevicesDocumentView(DeviceView): class ActionsDocumentView(DeviceView): @cache(datetime.timedelta(minutes=1)) def find(self, args: dict): - query = (x for x in self.query(args) if x.owner_id == g.user.id) + query = (x for x in self.query(args)) return self.generate_post_csv(query) def generate_post_csv(self, query): @@ -200,11 +197,11 @@ class LotsDocumentView(LotView): cw = csv.writer(data) first = True for lot in query: - l = LotRow(lot) + _lot = LotRow(lot) if first: - cw.writerow(l.keys()) + cw.writerow(_lot.keys()) first = False - cw.writerow(l.values()) + cw.writerow(_lot.values()) bfile = data.getvalue().encode('utf-8') output = make_response(bfile) insert_hash(bfile) @@ -290,7 +287,7 @@ class StampsView(View): ok = '100% coincidence. The attached file contains data 100% existing in \ to our backend' result = ('Bad', bad) - mime = ['text/csv', 'application/pdf', 'text/plain','text/markdown', + mime = ['text/csv', 'application/pdf', 'text/plain', 'text/markdown', 'image/jpeg', 'image/png', 'text/html', 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 'application/vnd.oasis.opendocument.spreadsheet', @@ -319,9 +316,9 @@ class InternalStatsView(DeviceView): create = '{}-{}'.format(ac.created.year, ac.created.month) user = ac.author.email - if not user in d: - d[user] = {} - if not create in d[user]: + if user not in d: + d[user] = {} + if create not in d[user]: d[user][create] = [] d[user][create].append(ac) @@ -449,4 +446,3 @@ class DocumentDef(Resource): auth=app.auth) wbconf_view = app.auth.requires_auth(wbconf_view) self.add_url_rule('/wbconf/', view_func=wbconf_view, methods=get) - diff --git a/tests/test_metrics.py b/tests/test_metrics.py index c8641e3f..afeeba8b 100644 --- a/tests/test_metrics.py +++ b/tests/test_metrics.py @@ -134,7 +134,7 @@ def test_metrics_action_status(user: UserClient, user2: UserClient): item='actions/', accept='text/csv', query=[('filter', {'type': ['Computer']})]) - head = 'DHID;Hid;Document-Name;Action-Type;Action-User-LastOwner-Supplier;Action-User-LastOwner-Receiver;Action-Create-By;Trade-Confirmed;Status-Supplier;Status-Receiver;Status Supplier – Created Date;Status Receiver – Created Date;Trade-Weight;Allocate-Start;Allocate-User-Code;Allocate-NumUsers;UsageTimeAllocate;Type;LiveCreate;UsageTimeHdd\n' + head = 'DHID;Hid;Document-Name;Action-Type;Action-User-LastOwner-Supplier;Action-User-LastOwner-Receiver;Action-Create-By;Trade-Confirmed;Status-Supplier;Status-Receiver;Status Supplier – Created Date;Status Receiver – Created Date;Trade-Weight;Action-Create;Allocate-Start;Allocate-User-Code;Allocate-NumUsers;UsageTimeAllocate;Type;LiveCreate;UsageTimeHdd\n' body = '93652;desktop-lenovo-9644w8n-0169622-00:1a:6b:5e:7f:10;;Status;;foo@foo.com;Receiver;;;Use;;' assert head in csv_str assert body in csv_str @@ -244,7 +244,56 @@ def test_metrics_action_status_for_containers(user: UserClient, user2: UserClien accept='text/csv', query=[('filter', {'type': ['Computer']})]) - body1 = '\n;bbbbbbbb;test.pdf;Trade-Document;foo@foo.com;foo2@foo.com;Supplier;False;;Use;;;150.0;' - body2 = ';;0;0;Trade-Container;0;0\n' - assert body1 in csv_str - assert body2 in csv_str + body1 = ';bbbbbbbb;test.pdf;Trade-Container;foo@foo.com;foo2@foo.com;Supplier;False;;;;;150.0;' + body2 = ';;0;0;Trade-Container;0;0' + assert len(csv_str.split('\n')) == 4 + assert body1 in csv_str.split('\n')[-2] + assert body2 in csv_str.split('\n')[-2] + + +@pytest.mark.mvp +@pytest.mark.usefixtures(conftest.app_context.__name__) +def test_visual_metrics_for_old_owners(user: UserClient, user2: UserClient): + """ Checks if one old owner can see the metrics in a trade enviroment.""" + # Insert computer + lenovo = yaml2json('desktop-9644w8n-lenovo-0169622.snapshot') + snap1, _ = user.post(json_encode(lenovo), res=ma.Snapshot) + lot, _ = user.post({'name': 'MyLot'}, res=Lot) + devices = [('id', snap1['device']['id'])] + lot, _ = user.post({}, + res=Lot, + item='{}/devices'.format(lot['id']), + query=devices) + request_post = { + 'type': 'Trade', + 'devices': [snap1['device']['id']], + 'userFromEmail': user.email, + 'userToEmail': user2.email, + 'price': 10, + 'date': "2020-12-01T02:00:00+00:00", + 'lot': lot['id'], + 'confirms': True, + } + trade, _ = user.post(res=ma.Action, data=request_post) + + request_confirm = { + 'type': 'Confirm', + 'action': trade['id'], + 'devices': [snap1['device']['id']] + } + user2.post(res=ma.Action, data=request_confirm) + + action = {'type': ma.Refurbish.t, 'devices': [snap1['device']['id']]} + action_use, _ = user.post(action, res=ma.Action) + csv_supplier, _ = user.get(res=documents.DocumentDef.t, + item='actions/', + accept='text/csv', + query=[('filter', {'type': ['Computer']})]) + csv_receiver, _ = user2.get(res=documents.DocumentDef.t, + item='actions/', + accept='text/csv', + query=[('filter', {'type': ['Computer']})]) + body = ';;0;0;Trade;0;0\n' + + assert body in csv_receiver + assert body in csv_supplier