def test_does_not_raise_error_when_user_has_editor_rights_on_booking(
self, app):
# Given
user = create_user()
offerer = create_offerer()
user_offerer = create_user_offerer(user, offerer, None)
repository.save(user, offerer, user_offerer)
# Then the following should not raise
check_user_can_validate_bookings_v2(user, offerer.id)
def test_check_user_can_validate_v2_bookings_raise_api_error_when_user_is_authenticated_but_does_not_have_editor_rights_on_booking(
self, app):
# Given
user = User()
user.is_authenticated = True
# When
with pytest.raises(ApiErrors) as errors:
check_user_can_validate_bookings_v2(user, None)
# Then
assert errors.value.errors["user"] == [
"Vous n'avez pas les droits suffisants pour valider cette contremarque."
]
def test_check_user_can_validate_v2_bookings_raise_api_error_when_user_is_authenticated_but_does_not_have_editor_rights_on_booking(
self, app):
# Given
user = User()
user.is_authenticated = True
# When
with pytest.raises(ApiErrors) as errors:
check_user_can_validate_bookings_v2(user, None)
# Then
assert errors.value.errors["user"] == [
"Vous n’avez pas les droits suffisants pour valider cette contremarque car cette réservation n'a pas été faite sur une de vos offres, ou que votre rattachement à la structure est encore en cours de validation"
]
def patch_booking_keep_by_token(token: str) -> None:
# in French, to be used by Swagger for the API documentation
"""Annulation de la validation d'une réservation."""
booking = booking_repository.find_by(token=token)
if current_user.is_authenticated:
check_user_can_validate_bookings_v2(current_user, booking.offererId)
if current_api_key:
check_api_key_allows_to_validate_booking(
current_api_key, # type: ignore[arg-type]
booking.offererId,
)
bookings_api.mark_as_unused(booking)
def patch_booking_keep_by_token(token: str):
"""Let a pro user mark a booking as _not_ used."""
booking = booking_repository.find_by(token=token.upper())
offerer_id = booking.stock.offer.venue.managingOffererId
valid_api_key = _get_api_key_from_header(request)
if current_user.is_authenticated:
check_user_can_validate_bookings_v2(current_user, offerer_id)
if valid_api_key:
check_api_key_allows_to_validate_booking(valid_api_key, offerer_id)
bookings_api.mark_as_unused(booking)
return "", 204
def patch_booking_use_by_token(token: str) -> None:
# in French, to be used by Swagger for the API documentation
"""Validation d'une réservation.
Pour confirmer que la réservation a bien été utilisée par le jeune.
"""
booking = booking_repository.find_by(token=token)
if current_user.is_authenticated:
check_user_can_validate_bookings_v2(current_user, booking.offererId)
if current_api_key:
check_api_key_allows_to_validate_booking(
current_api_key, # type: ignore[arg-type]
booking.offererId,
)
bookings_api.mark_as_used(booking)
def get_booking_by_token_v2(token: str):
valid_api_key = _get_api_key_from_header(request)
booking_token_upper_case = token.upper()
booking = booking_repository.find_by(token=booking_token_upper_case)
offerer_id = booking.stock.offer.venue.managingOffererId
if current_user.is_authenticated:
# warning : current user is not none when user is not logged in
check_user_can_validate_bookings_v2(current_user, offerer_id)
if valid_api_key:
check_api_key_allows_to_validate_booking(valid_api_key, offerer_id)
bookings_validation.check_is_usable(booking)
response = serialize_booking(booking)
return jsonify(response), 200
def get_booking_by_token_v2(token: str) -> GetBookingResponse:
# in French, to be used by Swagger for the API documentation
"""Consultation d'une réservation.
Le code “contremarque” ou "token" est une chaîne de caractères permettant d’identifier la réservation et qui sert de preuve de réservation.
Ce code unique est généré pour chaque réservation d'un utilisateur sur l'application et lui est transmis à cette occasion.
"""
booking = booking_repository.find_by(token=token)
if current_user.is_authenticated:
# warning : current user is not none when user is not logged in
check_user_can_validate_bookings_v2(current_user, booking.offererId)
if current_api_key:
check_api_key_allows_to_validate_booking(
current_api_key, # type: ignore[arg-type]
booking.offererId,
)
bookings_validation.check_is_usable(booking)
return get_booking_response(booking)
