Merge pull request #168 from praekeltfoundation/add-rapidpro-views

Remove org id from url

sidekick/migrations/0012_alter_organization_filter_rapidpro_fields.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.2.21 on 2023-09-26 13:29
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('sidekick', '0011_organization_filter_rapidpro_fields'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='organization',
+            name='filter_rapidpro_fields',
+            field=models.CharField(blank=True, max_length=4000, null=True),
+        ),
+    ]

sidekick/models.py

@@ -21,7 +21,7 @@ class Organization(models.Model):
     engage_url = models.URLField(max_length=200, null=True)
     engage_token = models.CharField(max_length=1000, null=True)
     point_of_contact = models.EmailField(null=True)
-    filter_rapidpro_fields = models.CharField(max_length=4000, null=True)
+    filter_rapidpro_fields = models.CharField(max_length=4000, null=True, blank=True)
 
     def __str__(self):
         return self.name

sidekick/tests/test_views.py

@@ -906,12 +906,29 @@ def test_get_rapidpro_flows(self):
 
         self.client.force_authenticate(self.user)
 
-        url = reverse("rapidpro-flows", args=[self.org.pk])
+        url = reverse("rapidpro-flows")
         response = self.client.get(url)
 
         self.assertEqual(response.status_code, status.HTTP_200_OK)
         self.assertEqual(response.json(), response_body)
 
+    def test_start_rapidpro_flow_not_in_org(self):
+        """
+        Should not attempt to get flows from rapidpro if user is not in org
+        """
+
+        user = get_user_model().objects.create_superuser(
+            username="tseet", email="test@email.com", password="pass"
+        )
+
+        self.client.force_authenticate(user)
+
+        url = reverse("rapidpro-flows")
+        response = self.client.get(url)
+
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+        self.assertEqual(response.json(), {"error": "Organization not found"})
+
 
 class RapidproFlowStartViewTests(SidekickAPITestCase):
     @responses.activate
@@ -937,7 +954,7 @@ def test_start_rapidpro_flow(self):
         )
         self.client.force_authenticate(self.user)
 
-        url = reverse("rapidpro-flowstart", args=[self.org.pk])
+        url = reverse("rapidpro-flowstart")
         response = self.client.post(
             url,
             json={
@@ -949,6 +966,23 @@ def test_start_rapidpro_flow(self):
         self.assertEqual(response.status_code, status.HTTP_200_OK)
         self.assertEqual(response.json(), response_body)
 
+    def test_start_rapidpro_flow_not_in_org(self):
+        """
+        Should not attempt to start flow on rapidpro if user is not in org
+        """
+
+        user = get_user_model().objects.create_superuser(
+            username="tseet", email="test@email.com", password="pass"
+        )
+
+        self.client.force_authenticate(user)
+
+        url = reverse("rapidpro-flowstart")
+        response = self.client.post(url)
+
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+        self.assertEqual(response.json(), {"error": "Organization not found"})
+
 
 class RapidproContactViewTests(SidekickAPITestCase):
     @responses.activate
@@ -981,7 +1015,7 @@ def test_get_rapidpro_contact(self):
 
         self.client.force_authenticate(self.user)
 
-        url = reverse("rapidpro-contact", args=[self.org.pk])
+        url = reverse("rapidpro-contact")
         response = self.client.get(url)
 
         self.assertEqual(response.status_code, status.HTTP_200_OK)
@@ -1020,7 +1054,7 @@ def test_get_rapidpro_contact_with_field_filter(self):
 
         self.client.force_authenticate(self.user)
 
-        url = reverse("rapidpro-contact", args=[self.org.pk])
+        url = reverse("rapidpro-contact")
         response = self.client.get(url)
 
         self.assertEqual(response.status_code, status.HTTP_200_OK)
@@ -1029,3 +1063,20 @@ def test_get_rapidpro_contact_with_field_filter(self):
         response_body["results"][0]["fields"].pop("loss_start_date")
 
         self.assertEqual(response.json(), response_body)
+
+    def test_get_rapidpro_contact_not_in_org(self):
+        """
+        Should not attempt to get contact from rapidpro if user is not in org
+        """
+
+        user = get_user_model().objects.create_superuser(
+            username="tseet", email="test@email.com", password="pass"
+        )
+
+        self.client.force_authenticate(user)
+
+        url = reverse("rapidpro-contact")
+        response = self.client.get(url)
+
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+        self.assertEqual(response.json(), {"error": "Organization not found"})

sidekick/urls.py

@@ -47,17 +47,17 @@
         name="list_contacts",
     ),
     path(
-        "<int:org_id>/api/v2/flows.json",
+        "api/v2/flows.json",
         views.RapidproFlowsView.as_view(),
         name="rapidpro-flows",
     ),
     path(
-        "<int:org_id>/api/v2/flow_starts.json",
+        "api/v2/flow_starts.json",
         views.RapidproFlowStartView.as_view(),
         name="rapidpro-flowstart",
     ),
     path(
-        "<int:org_id>/api/v2/contacts.json",
+        "api/v2/contacts.json",
         views.RapidproContactView.as_view(),
         name="rapidpro-contact",
     ),

sidekick/views.py

@@ -4,6 +4,7 @@
 
 import requests
 from django.conf import settings
+from django.contrib.auth import get_user_model
 from django.db import connections
 from django.db.utils import OperationalError
 from django.http import HttpResponse, JsonResponse
@@ -342,17 +343,13 @@ def get(self, request, pk, *args, **kwargs):
 
 
 class RapidproFlowsView(GenericAPIView):
-    def get(self, request, org_id, *args, **kwargs):
-        try:
-            org = Organization.objects.get(id=org_id)
-        except Organization.DoesNotExist:
-            return JsonResponse(
-                {"error": "Organization not found"}, status=status.HTTP_400_BAD_REQUEST
-            )
+    def get(self, request, *args, **kwargs):
+        user = get_user_model().objects.get(id=request.user.id)
+        org = user.org_users.first()
 
-        if not org.users.filter(id=request.user.id).exists():
+        if not org:
             return JsonResponse(
-                data={"error": "user not in org"}, status=status.HTTP_401_UNAUTHORIZED
+                {"error": "Organization not found"}, status=status.HTTP_400_BAD_REQUEST
             )
 
         headers = {
@@ -365,20 +362,16 @@ def get(self, request, org_id, *args, **kwargs):
 
 
 class RapidproFlowStartView(GenericAPIView):
-    def post(self, request, org_id):
+    def post(self, request):
         """
         Starts the specified flow
         """
-        try:
-            org = Organization.objects.get(id=org_id)
-        except Organization.DoesNotExist:
-            return JsonResponse(
-                {"error": "Organization not found"}, status=status.HTTP_400_BAD_REQUEST
-            )
+        user = get_user_model().objects.get(id=request.user.id)
+        org = user.org_users.first()
 
-        if not org.users.filter(id=request.user.id).exists():
+        if not org:
             return JsonResponse(
-                data={"error": "user not in org"}, status=status.HTTP_401_UNAUTHORIZED
+                {"error": "Organization not found"}, status=status.HTTP_400_BAD_REQUEST
             )
 
         headers = {
@@ -395,17 +388,13 @@ def post(self, request, org_id):
 
 
 class RapidproContactView(GenericAPIView):
-    def get(self, request, org_id, *args, **kwargs):
-        try:
-            org = Organization.objects.get(id=org_id)
-        except Organization.DoesNotExist:
-            return JsonResponse(
-                {"error": "Organization not found"}, status=status.HTTP_400_BAD_REQUEST
-            )
+    def get(self, request, *args, **kwargs):
+        user = get_user_model().objects.get(id=request.user.id)
+        org = user.org_users.first()
 
-        if not org.users.filter(id=request.user.id).exists():
+        if not org:
             return JsonResponse(
-                data={"error": "user not in org"}, status=status.HTTP_401_UNAUTHORIZED
+                {"error": "Organization not found"}, status=status.HTTP_400_BAD_REQUEST
             )
 
         headers = {