def test_can_stop_users_from_proceeding_if_not_logged_in(self):
"""
Several routes depend on a method to get the session user that will
throw if no request user is logged in.
"""
request = self.request_factory.get("/")
SessionMiddleware().process_request(request)
AuthenticationMiddleware().process_request(request)
with self.assertRaises(AuthenticationRequiredException):
IdentityService.get_required_session_user(request)
def get_team_by_id(self, request):
"""
Get a team by their ID.
"""
user = IdentityService.get_required_session_user(request)
team_id = re.match(r"/api/teams/([0-9]*)", request.path)[1]
team = TeamService.get(team_id)
return JsonResponse({"team": serialize_team(team)}, status=200)
def get_teams_of_user(self, request):
"""
Get the teams of which the session user is a member.
"""
user = IdentityService.get_required_session_user(request)
teams = TeamService.get_teams_of_user_with_id(user.id)
return JsonResponse(
{"teams": [serialize_team(team) for team in teams]}, status=200)
def create_team(self, request):
"""
Create a new team, with the session user as a member.
If roles are implemented, this may also include asssigning them as an
'owner'-like role.
"""
user = IdentityService.get_required_session_user(request)
body = json.loads(request.body.decode("utf-8"))
name = body["name"]
website = body["website"]
team = TeamService.create_team_with_user_as_owner(user, name, website)
return JsonResponse({"team": serialize_team(team)}, status=201)
def get_meetings_of_team(self, request):
"""
Gets the meetings of a given team.
"""
user = IdentityService.get_required_session_user(request)
team_id = re.match(r"/api/teams/([0-9]*)/meetings", request.path)[1]
if not PermissionsService.can_read_meetings_of_team(user.id, team_id):
raise ForbiddenException(
"You are not allowed to view this team's meetings")
meetings = MeetingService.get_meetings_of_team_with_id(team_id)
return JsonResponse(
{"meetings": [serialize_meeting(meeting) for meeting in meetings]},
status=200,
)
def get_items_of_meeting(self, request):
"""
Obtains the items of a meeting
"""
user = IdentityService.get_required_session_user(request)
meeting_id = int(
re.match(r"/api/meetings/([0-9]*)/items", request.path)[1])
meeting = MeetingService.get(meeting_id)
if not PermissionsService.can_write_meetings_of_team(
user.id, meeting.team.id):
raise ForbiddenException(
"You are not allowed to view the items of this meeting")
items = ItemService.get_items_of_meeting_with_id(meeting_id)
return JsonResponse(
{"items": [serialize_item(item) for item in items]}, status=200)
def create_meeting_for_team(self, request):
"""
Creates a meeting for the given team.
"""
user = IdentityService.get_required_session_user(request)
team_id = re.match(r"/api/teams/([0-9]*)/meetings", request.path)[1]
body = json.loads(request.body.decode("utf-8"))
name = body["name"]
venue = body["venue"] if "venue" in body else ""
if not PermissionsService.can_write_meetings_of_team(user.id, team_id):
raise ForbiddenException(
"You are not allowed to create a meeting for this team")
meeting = MeetingService.create(team_id, name, venue)
return JsonResponse({"meeting": serialize_meeting(meeting)},
status=201)
def post_item_to_meeting(self, request):
"""
Creates an item within a meeting.
"""
user = IdentityService.get_required_session_user(request)
meeting_id = int(
re.match(r"/api/meetings/([0-9]*)/items", request.path)[1])
body = json.loads(request.body.decode("utf-8"))
name = body["name"]
description = body["description"]
meeting = MeetingService.get(meeting_id)
if not PermissionsService.can_write_meetings_of_team(
user.id, meeting.team.id):
raise ForbiddenException(
"You are not allowed to create items for this meeting")
item = ItemService.create(meeting.id, name, description)
return JsonResponse({"item": serialize_item(item)}, status=201)
def get_meeting_by_id(self, request):
"""
Returns a given meeting and the team that held it, requires the session
user be a member of said team.
To check team membership (and thus permission to read meetings), it's
fine to get the team ID from the meeting itself for now, as retreiving
meetings is not a particularly expensive operation.
"""
user = IdentityService.get_required_session_user(request)
meeting_id = int(re.match(r"/api/meetings/([0-9]*)", request.path)[1])
meeting = MeetingService.get(meeting_id)
if not PermissionsService.can_read_meetings_of_team(
user.id, meeting.team.id):
raise ForbiddenException(
"You are not allowed to view this meeting")
return JsonResponse({"meeting": serialize_meeting(meeting)},
status=200)