Skip to content

Commit

Permalink
Fix: Allow managers of a project to edit partnerships
Browse files Browse the repository at this point in the history
  • Loading branch information
@bshankar
bshankar committed Jul 12, 2024
1 parent 0a97174 commit 4478f63
Showing 1 changed file with 69 additions and 69 deletions.
138 changes: 69 additions & 69 deletions backend/api/projects/partnerships.py
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
from flask_restful import Resource, request
from backend.services.project_partnership_service import ProjectPartnershipService
from backend.services.users.authentication_service import token_auth
from backend.services.users.user_service import UserService
from backend.services.project_admin_service import ProjectAdminService
from backend.models.dtos.project_partner_dto import (
ProjectPartnershipDTO,
ProjectPartnershipUpdateDTO,
Expand Down Expand Up @@ -88,46 +88,44 @@ def post(self):
400:
description: Ivalid dates or started_on was after ended_on
401:
description: Forbidden, if user is not an admin
description: Forbidden, if user is not a manager of this project
403:
description: Forbidden, if user is not authenticated
404:
description: Not found
500:
description: Internal Server Error
"""
try:
partnership_dto = ProjectPartnershipDTO(request.get_json())
is_admin = UserService.is_user_an_admin(token_auth.current_user())
partnership_dto = ProjectPartnershipDTO(request.get_json())

if not is_admin:
raise ValueError()

if partnership_dto.started_on is None:
partnership_dto.started_on = timestamp()

partnership_dto = ProjectPartnershipDTO(request.get_json())
partnership_id = ProjectPartnershipService.create_partnership(
partnership_dto.project_id,
partnership_dto.partner_id,
partnership_dto.started_on,
partnership_dto.ended_on,
)
return (
{
"Success": "Partner {} assigned to project {}".format(
partnership_dto.partner_id, partnership_dto.project_id
),
"partnershipId": partnership_id,
},
201,
)
except ValueError:
if not ProjectAdminService.is_user_action_permitted_on_project(
token_auth.current_user(), partnership_dto.project_id
):
return {
"Error": "User is not an admin",
"Error": "User is not a manager of the project",
"SubCode": "UserPermissionError",
}, 401

if partnership_dto.started_on is None:
partnership_dto.started_on = timestamp()

partnership_dto = ProjectPartnershipDTO(request.get_json())
partnership_id = ProjectPartnershipService.create_partnership(
partnership_dto.project_id,
partnership_dto.partner_id,
partnership_dto.started_on,
partnership_dto.ended_on,
)
return (
{
"Success": "Partner {} assigned to project {}".format(
partnership_dto.partner_id, partnership_dto.project_id
),
"partnershipId": partnership_id,
},
201,
)

@staticmethod
@token_auth.login_required
def patch(partnership_id: int):
Expand Down Expand Up @@ -172,43 +170,44 @@ def patch(partnership_id: int):
400:
description: Ivalid dates or started_on was after ended_on
401:
description: Forbidden, if user is not an admin
description: Forbidden, if user is not a manager of this project
403:
description: Forbidden, if user is not authenticated
404:
description: Not found
500:
description: Internal Server Error
"""
try:
partnership_updates = ProjectPartnershipUpdateDTO(request.get_json())
is_admin = UserService.is_user_an_admin(token_auth.current_user())

if not is_admin:
raise ValueError()

partnership = ProjectPartnershipService.update_partnership_time_range(
partnership_id,
partnership_updates.started_on,
partnership_updates.ended_on,
)
partnership_updates = ProjectPartnershipUpdateDTO(request.get_json())
partnership_dto = ProjectPartnershipService.get_partnership_as_dto(
partnership_id
)

return (
{
"Success": "Updated time range. startedOn: {}, endedOn: {}".format(
partnership.started_on, partnership.ended_on
),
"startedOn": f"{partnership.started_on}",
"endedOn": f"{partnership.ended_on}",
},
200,
)
except ValueError:
if not ProjectAdminService.is_user_action_permitted_on_project(
token_auth.current_user(), partnership_dto.project_id
):
return {
"Error": "User is not an admin",
"Error": "User is not a manager of the project",
"SubCode": "UserPermissionError",
}, 401

partnership = ProjectPartnershipService.update_partnership_time_range(
partnership_id,
partnership_updates.started_on,
partnership_updates.ended_on,
)

return (
{
"Success": "Updated time range. startedOn: {}, endedOn: {}".format(
partnership.started_on, partnership.ended_on
),
"startedOn": f"{partnership.started_on}",
"endedOn": f"{partnership.ended_on}",
},
200,
)

@staticmethod
@token_auth.login_required
def delete(partnership_id: int):
Expand Down Expand Up @@ -237,33 +236,34 @@ def delete(partnership_id: int):
201:
description: Partner project association created
401:
description: Forbidden, if user is not an admin
description: Forbidden, if user is not a manager of this project
403:
description: Forbidden, if user is not authenticated
404:
description: Not found
500:
description: Internal Server Error
"""
try:
is_admin = UserService.is_user_an_admin(token_auth.current_user())

if not is_admin:
raise ValueError()
partnership_dto = ProjectPartnershipService.get_partnership_as_dto(
partnership_id
)

ProjectPartnershipService.delete_partnership(partnership_id)
return (
{
"Success": "Partnership ID {} deleted".format(partnership_id),
},
200,
)
except ValueError:
if not ProjectAdminService.is_user_action_permitted_on_project(
token_auth.current_user(), partnership_dto.project_id
):
return {
"Error": "User is not an admin",
"Error": "User is not a manager of the project",
"SubCode": "UserPermissionError",
}, 401

ProjectPartnershipService.delete_partnership(partnership_id)
return (
{
"Success": "Partnership ID {} deleted".format(partnership_id),
},
200,
)


class PartnersByProjectAPI(Resource):
@staticmethod
Expand Down

0 comments on commit 4478f63

Please sign in to comment.