def has_permission(self, request, view): """Check permissions When an object does not yet exist (POST)""" # Fallback to has_object_permission unless it's a POST if request.method != 'POST': return True # Need this information to make a decision if not (('privileged_access' in request.data) and ('credit_trade' in request.data)): return False credit_trade = request.data['credit_trade'] privileged_access = request.data['privileged_access'] # Check if the user is a party to this credit_trade (or Government) # using CreditTradeService logic found = CreditTradeService.get_organization_credit_trades(request.user.organization) \ .filter(id=credit_trade).first() if not found: return False return CreditTradeCommentPermissions.user_can_comment( request.user, found, privileged_access )
def get_queryset(self): """ This view should return a list of all the purchases for the currently authenticated user. """ user = self.request.user return CreditTradeService.get_organization_credit_trades( user.organization)
def test_get_organization_credit_trades_gov(self): """ As a government user I shouldn't see drafts unless I'm the initiator I shouldn't see cancelled transfers as they're considered (deleted) """ # the function shouldn't see this as it's only a draft and the # initiator is not government draft_credit_trade = CreditTrade.objects.create( status=self.statuses['draft'], initiator=self.organizations['from'], respondent=self.organizations['to'], type=self.credit_trade_types['sell'], number_of_credits=1000, fair_market_value_per_credit=1, zero_reason=None, trade_effective_date=datetime.datetime.today().strftime( '%Y-%m-%d')) # the function should see this as it's a draft from the government draft_credit_trade_from_gov = CreditTrade.objects.create( status=self.statuses['draft'], initiator=self.users['gov_analyst'].organization, respondent=self.organizations['to'], type=self.credit_trade_types['sell'], number_of_credits=1000, fair_market_value_per_credit=1, zero_reason=None, trade_effective_date=datetime.datetime.today().strftime( '%Y-%m-%d')) # the function should see this as it's approved approved_credit_trade = CreditTrade.objects.create( status=self.statuses['approved'], initiator=self.organizations['from'], respondent=self.organizations['to'], type=self.credit_trade_types['sell'], number_of_credits=1000, fair_market_value_per_credit=1, zero_reason=None, trade_effective_date=datetime.datetime.today().strftime( '%Y-%m-%d')) credit_trades = CreditTradeService.get_organization_credit_trades( self.users['gov_analyst'].organization) self.assertNotIn(draft_credit_trade, credit_trades) self.assertIn(draft_credit_trade_from_gov, credit_trades) self.assertIn(approved_credit_trade, credit_trades)
def has_permission(self, request, view): """Check permissions When an object does not yet exist (POST)""" if not request.user.has_perm('SIGN_CREDIT_TRANSFER'): return False if isinstance(request.data, list): to_check = request.data else: to_check = [request.data] if len(to_check) == 0: return False # Need this information to make a decision for obj in to_check: if 'credit_trade' in obj: credit_trade = obj['credit_trade'] # Check if the user is a party to this credit_trade # (or Government) using CreditTradeService logic found = CreditTradeService.get_organization_credit_trades( request.user.organization).filter(id=credit_trade).first() if not found: return False if not SigningAuthorityConfirmationPermissions.user_can_sign( request.user, found): return False elif 'compliance_report' in obj: # check that the compliance report does exist and the user can # sign it compliance_report = obj['compliance_report'] found = ComplianceReport.objects.filter( id=compliance_report, organization=request.user.organization) if not found: return False else: # Neither credit trade or compliance report was provided return False return True
def has_permission(self, request, view): """Check permissions When an object does not yet exist (POST)""" if not request.user.has_perm('SIGN_CREDIT_TRANSFER'): return False if isinstance(request.data, list): to_check = request.data else: to_check = [request.data] if len(to_check) == 0: return False # Need this information to make a decision for obj in to_check: if 'credit_trade' not in obj: return False credit_trade = obj['credit_trade'] # Check if the user is a party to this credit_trade (or Government) # using CreditTradeService logic found = CreditTradeService.get_organization_credit_trades(request.user.organization) \ .filter(id=credit_trade).first() if not found: return False if not SigningAuthorityConfirmationPermissions.user_can_sign( request.user, found): return False return True
def test_get_organization_credit_trades_fuel_supplier(self): completed_status, created = CreditTradeStatus.objects.get_or_create( status='Completed') cancelled_status, created = CreditTradeStatus.objects.get_or_create( status='Cancelled') draft_status, created = CreditTradeStatus.objects.get_or_create( status='Draft') submitted_status, created = CreditTradeStatus.objects.get_or_create( status='Submitted') credit_trade_type, created = CreditTradeType.objects.get_or_create( the_type='Sell') test_organization_1 = Organization.objects.create(name="Test 1", actions_type_id=1, status_id=1) test_organization_2 = Organization.objects.create(name="Test 2", actions_type_id=1, status_id=1) test_organization_3 = Organization.objects.create(name="Test 3", actions_type_id=1, status_id=1) # the function shouldn't see this as it's only a draft and the # initiator is not fuel_supplier # (even though the fuel supplier is the respondent) draft_credit_trade = CreditTrade.objects.create( status=draft_status, initiator=test_organization_2, respondent=test_organization_1, type=credit_trade_type, number_of_credits=1000, fair_market_value_per_credit=1, zero_reason=None, trade_effective_date=datetime.datetime.today().strftime( '%Y-%m-%d')) # the function should see this as it's a draft from the fuel supplier draft_credit_trade_from_fuel_supplier = CreditTrade.objects.create( status=draft_status, initiator=test_organization_1, respondent=test_organization_2, type=credit_trade_type, number_of_credits=1000, fair_market_value_per_credit=1, zero_reason=None, trade_effective_date=datetime.datetime.today().strftime( '%Y-%m-%d')) # the function shouldn't see this as it's a submitted transaction # not involving the fuel supplier submitted_credit_trade = CreditTrade.objects.create( status=submitted_status, initiator=test_organization_2, respondent=test_organization_3, type=credit_trade_type, number_of_credits=1000, fair_market_value_per_credit=1, zero_reason=None, trade_effective_date=datetime.datetime.today().strftime( '%Y-%m-%d')) # the function should see this as it's a submitted transaction # involving the fuel supplier submitted_credit_trade_as_respondent = CreditTrade.objects.create( status=submitted_status, initiator=test_organization_2, respondent=test_organization_1, type=credit_trade_type, number_of_credits=1000, fair_market_value_per_credit=1, zero_reason=None, trade_effective_date=datetime.datetime.today().strftime( '%Y-%m-%d')) # the function should see this as it's completed completed_credit_trade = CreditTrade.objects.create( status=completed_status, initiator=test_organization_1, respondent=test_organization_2, type=credit_trade_type, number_of_credits=1000, fair_market_value_per_credit=1, zero_reason=None, trade_effective_date=datetime.datetime.today().strftime( '%Y-%m-%d')) credit_trades = CreditTradeService.get_organization_credit_trades( test_organization_1) self.assertNotIn(draft_credit_trade, credit_trades) self.assertIn(draft_credit_trade_from_fuel_supplier, credit_trades) self.assertNotIn(submitted_credit_trade, credit_trades) self.assertIn(submitted_credit_trade_as_respondent, credit_trades) self.assertIn(completed_credit_trade, credit_trades)
def test_get_organization_credit_trades_gov(self): completed_status, created = CreditTradeStatus.objects.get_or_create( status='Completed') cancelled_status, created = CreditTradeStatus.objects.get_or_create( status='Cancelled') draft_status, created = CreditTradeStatus.objects.get_or_create( status='Draft') credit_trade_type, created = CreditTradeType.objects.get_or_create( the_type='Sell') from_organization = Organization.objects.create(name="Test 1", actions_type_id=1, status_id=1) to_organization = Organization.objects.create(name="Test 2", actions_type_id=1, status_id=1) # the function shouldn't see this as it's only a draft and the # initiator is not government draft_credit_trade = CreditTrade.objects.create( status=draft_status, initiator=from_organization, respondent=to_organization, type=credit_trade_type, number_of_credits=1000, fair_market_value_per_credit=1, zero_reason=None, trade_effective_date=datetime.datetime.today().strftime( '%Y-%m-%d')) # the function should see this as it's a draft from the government draft_credit_trade_from_gov = CreditTrade.objects.create( status=draft_status, initiator=self.gov_user.organization, respondent=to_organization, type=credit_trade_type, number_of_credits=1000, fair_market_value_per_credit=1, zero_reason=None, trade_effective_date=datetime.datetime.today().strftime( '%Y-%m-%d')) # the function should see this as it's completed completed_credit_trade = CreditTrade.objects.create( status=completed_status, initiator=from_organization, respondent=to_organization, type=credit_trade_type, number_of_credits=1000, fair_market_value_per_credit=1, zero_reason=None, trade_effective_date=datetime.datetime.today().strftime( '%Y-%m-%d')) credit_trades = CreditTradeService.get_organization_credit_trades( self.gov_user.organization) self.assertNotIn(draft_credit_trade, credit_trades) self.assertIn(draft_credit_trade_from_gov, credit_trades) self.assertIn(completed_credit_trade, credit_trades)
def test_get_organization_credit_trades_fuel_supplier(self): """ As a fuel supplier I shouldn't see drafts unless I'm the initiator I shouldn't see cancelled transfers as they're considered (deleted) I shouldn't see submitted transfers unless I'm involved somehow """ # the function shouldn't see this as it's only a draft and the # initiator is not fuel_supplier # (even though the fuel supplier is the respondent) draft_credit_trade = CreditTrade.objects.create( status=self.statuses['draft'], initiator=self.organizations['to'], respondent=self.organizations['from'], type=self.credit_trade_types['sell'], number_of_credits=1000, fair_market_value_per_credit=1, zero_reason=None, trade_effective_date=datetime.datetime.today().strftime( '%Y-%m-%d')) # the function should see this as it's a draft from the fuel supplier draft_from_fuel_supplier = CreditTrade.objects.create( status=self.statuses['draft'], initiator=self.organizations['from'], respondent=self.organizations['to'], type=self.credit_trade_types['sell'], number_of_credits=1000, fair_market_value_per_credit=1, zero_reason=None, trade_effective_date=datetime.datetime.today().strftime( '%Y-%m-%d')) # the function shouldn't see this as it's a submitted transaction # not involving the fuel supplier submitted_credit_trade = CreditTrade.objects.create( status=self.statuses['submitted'], initiator=self.organizations['to'], respondent=self.users['fs_user_3'].organization, type=self.credit_trade_types['sell'], number_of_credits=1000, fair_market_value_per_credit=1, zero_reason=None, trade_effective_date=datetime.datetime.today().strftime( '%Y-%m-%d')) # the function should see this as it's a submitted transaction # involving the fuel supplier credit_trade_as_respondent = CreditTrade.objects.create( status=self.statuses['submitted'], initiator=self.organizations['to'], respondent=self.organizations['from'], type=self.credit_trade_types['sell'], number_of_credits=1000, fair_market_value_per_credit=1, zero_reason=None, trade_effective_date=datetime.datetime.today().strftime( '%Y-%m-%d')) # the function should see this as it's approved approved_credit_trade = CreditTrade.objects.create( status=self.statuses['approved'], initiator=self.organizations['from'], respondent=self.organizations['to'], type=self.credit_trade_types['sell'], number_of_credits=1000, fair_market_value_per_credit=1, zero_reason=None, trade_effective_date=datetime.datetime.today().strftime( '%Y-%m-%d')) credit_trades = CreditTradeService.get_organization_credit_trades( self.organizations['from']) self.assertNotIn(draft_credit_trade, credit_trades) self.assertIn(draft_from_fuel_supplier, credit_trades) self.assertNotIn(submitted_credit_trade, credit_trades) self.assertIn(credit_trade_as_respondent, credit_trades) self.assertIn(approved_credit_trade, credit_trades)