def test_permissions(self): UsersLogic.register(RegisteredUser('ShaharShahar', '1212345678')) UsersLogic.register(RegisteredUser('TomerTomerLev', '65412321')) shop = Shop('myShop', 'Active') ShopLogic.create_shop(shop, 'ShaharShahar') UsersLogic.add_manager( 'ShaharShahar', StoreManager('TomerTomerLev', 'myShop', 1, 1, 1, 1, 1, 1, 1, 1)) ItemsLogic.add_item_to_shop( Item(None, 'myShop', 'doll', 'toys', 'toys:kids', 20, 300, 'regular', None, 0, 0, 0), 'TomerTomerLev') item = Items.get_item(1) self.assertEqual(item.shop_name, 'myShop') self.assertEqual(item.price, 20) self.assertEqual(item.quantity, 300) status = ItemsLogic.edit_shop_item('TomerTomerLev', 1, 'price', 40) self.assertTrue(status) status = ItemsLogic.edit_shop_item('TomerTomerLev', 1, 'name', 'doll_new') self.assertTrue(status) status = ItemsLogic.edit_shop_item('TomerTomerLev', 1, 'quantity', 40) self.assertTrue(status) item = Items.get_item(1) self.assertEqual(item.name, 'doll_new') self.assertEqual(item.quantity, 40) self.assertEqual(item.keyWords, 'toys:kids') status = ItemsLogic.remove_item_from_shop(1, 'TomerTomerLev') self.assertTrue(status)
def remove_item_from_shop(request): if request.method == 'POST': login = request.COOKIES.get('login_hash') username = None if login is not None: username = Consumer.loggedInUsers.get(login) if username is None: return HttpResponse('fail') item_id = request.POST.get('item_id') item = ItemsLogic.get_item(item_id) if item is False: return HttpResponse('fail') if not UsersLogic.is_owner_of_shop(username, item.shop_name): if UsersLogic.is_manager_of_shop(username, item.shop_name): manager = UsersLogic.get_manager(username, item.shop_name) if manager.permission_remove_item is not 1: # no permission return HttpResponse('no permission to remove item') else: return HttpResponse('fail') # not manager not owner status = ItemsLogic.remove_item_from_shop(item_id, username) if status is False: return HttpResponse('fail') return HttpResponse('success')
def remove_item(request): if request.method == 'POST': # return HttpResponse('item added') item_id = request.POST.get('item_id') username = request.POST.get('username') ItemsLogic.remove_item_from_shop(item_id, username)