Skip to content

Commit

Permalink
fix: removes discrepancies in cancelling order
Browse files Browse the repository at this point in the history 
add test

fix hound

fix test
  • Loading branch information
@shreyanshdwivedi
shreyanshdwivedi committed Jul 25, 2019
1 parent 0ed4363 commit 8ce2148
Show file tree
Hide file tree
Showing 3 changed files with 111 additions and 24 deletions.
8 changes: 6 additions & 2 deletions app/api/helpers/notification.py
View file
Expand Up @@ -304,11 +304,15 @@ def send_notif_ticket_cancel(order):
send_notification(
user=order.event.owner,
title=NOTIFS[TICKET_CANCELLED_ORGANIZER]['title'].format(
invoice_id=order.invoice_number
invoice_id=order.invoice_number,
event_name=order.event.name
),
message=NOTIFS[TICKET_CANCELLED_ORGANIZER]['message'].format(
cancel_note=order.cancel_note,
invoice_id=order.invoice_number
invoice_id=order.invoice_number,
event_name=order.event.name,
cancel_order_page=make_frontend_url('/events/{identifier}/tickets/orders/cancelled'
.format(identifier=order.event.identifier))
)
)

Expand Down
81 changes: 59 additions & 22 deletions app/api/orders.py
View file
Expand Up @@ -284,41 +284,78 @@ def before_update_object(self, order, data, view_kwargs):
if current_user.id == order.user_id:
# Order created from the tickets tab.
for element in data:
if data[element] and data[element]\
!= getattr(order, element, None) and element not in get_updatable_fields():
raise ForbiddenException({'pointer': 'data/{}'.format(element)},
"You cannot update {} of an order".format(element))
if data[element]:
if element not in ['event', 'ticket_holders', 'user'] and data[element]\
!= getattr(order, element, None) and element not in get_updatable_fields():
raise ForbiddenException({'pointer': 'data/{}'.format(element)},
"You cannot update {} of an order".format(element))
elif element in ['event', 'user'] and data[element]\
!= str(getattr(order, element, None).id) and element not in get_updatable_fields():
raise ForbiddenException({'pointer': 'data/{}'.format(element)},
"You cannot update {} of an order".format(element))
elif element == 'ticket_holders':
ticket_holders = []
for ticket_holder in order.ticket_holders:
ticket_holders.append(str(ticket_holder.id))
if data[element] != ticket_holders and element not in get_updatable_fields():
raise ForbiddenException({'pointer': 'data/{}'.format(element)},
"You cannot update {} of an order".format(element))

else:
# Order created from the public pages.
for element in data:
if data[element] and data[element] != getattr(order, element, None):
if element != 'status' and element != 'deleted_at':
if data[element]:
if element not in ['event', 'ticket_holders', 'user'] and data[element]\
!= getattr(order, element, None):
if element != 'status' and element != 'deleted_at':
raise ForbiddenException({'pointer': 'data/{}'.format(element)},
"You cannot update {} of an order".format(element))
elif element == 'status' and order.amount and order.status == 'completed':
# Since we don't have a refund system.
raise ForbiddenException({'pointer': 'data/status'},
"You cannot update the status of a completed paid order")
elif element == 'status' and order.status == 'cancelled':
# Since the tickets have been unlocked and we can't revert it.
raise ForbiddenException({'pointer': 'data/status'},
"You cannot update the status of a cancelled order")
elif element in ['event', 'user'] and data[element]\
!= str(getattr(order, element, None).id):
raise ForbiddenException({'pointer': 'data/{}'.format(element)},
"You cannot update {} of an order".format(element))
elif element == 'status' and order.amount and order.status == 'completed':
# Since we don't have a refund system.
raise ForbiddenException({'pointer': 'data/status'},
"You cannot update the status of a completed paid order")
elif element == 'status' and order.status == 'cancelled':
# Since the tickets have been unlocked and we can't revert it.
raise ForbiddenException({'pointer': 'data/status'},
"You cannot update the status of a cancelled order")
elif element == 'ticket_holders':
ticket_holders = []
for ticket_holder in order.ticket_holders:
ticket_holders.append(str(ticket_holder.id))
if data[element] != ticket_holders:
raise ForbiddenException({'pointer': 'data/{}'.format(element)},
"You cannot update {} of an order".format(element))

elif current_user.id == order.user_id:
if order.status != 'initializing' and order.status != 'pending':
raise ForbiddenException({'pointer': ''},
"You cannot update a non-initialized or non-pending order")
else:
for element in data:
if element == 'is_billing_enabled' and order.status == 'completed' and data[element]\
and data[element] != getattr(order, element, None):
raise ForbiddenException({'pointer': 'data/{}'.format(element)},
"You cannot update {} of a completed order".format(element))
elif data[element] and data[element]\
!= getattr(order, element, None) and element not in get_updatable_fields():
raise ForbiddenException({'pointer': 'data/{}'.format(element)},
"You cannot update {} of an order".format(element))
if data[element]:
if element == 'is_billing_enabled' and order.status == 'completed'\
and data[element] != getattr(order, element, None):
raise ForbiddenException({'pointer': 'data/{}'.format(element)},
"You cannot update {} of a completed order".format(element))
elif element not in ['event', 'ticket_holders', 'user'] and data[element]\
!= getattr(order, element, None) and element not in get_updatable_fields():
raise ForbiddenException({'pointer': 'data/{}'.format(element)},
"You cannot update {} of an order".format(element))
elif element in ['event', 'user'] and data[element]\
!= str(getattr(order, element, None).id) and element not in get_updatable_fields():
raise ForbiddenException({'pointer': 'data/{}'.format(element)},
"You cannot update {} of an order".format(element))
elif element == 'ticket_holders':
ticket_holders = []
for ticket_holder in order.ticket_holders:
ticket_holders.append(str(ticket_holder.id))
if data[element] != ticket_holders and element not in get_updatable_fields():
raise ForbiddenException({'pointer': 'data/{}'.format(element)},
"You cannot update {} of an order".format(element))

if has_access('is_organizer', event_id=order.event_id) and 'order_notes' in data:
if order.order_notes and data['order_notes'] not in order.order_notes.split(","):
Expand Down
46 changes: 46 additions & 0 deletions tests/all/integration/api/test_order.py
View file
@@ -0,0 +1,46 @@
import unittest
from flask import Request, request, jsonify

from app import current_app as app, db
from app.api.helpers.db import save_to_db
from app.factories.attendee import AttendeeFactory
from app.factories.event import EventFactoryBasic
from app.factories.order import OrderFactory
from app.models.order import Order
from app.api.helpers.db import save_to_db
from tests.all.integration.setup_database import Setup


class TestOrderUtilities(OpenEventTestCase):
def setUp(self):
self.app = Setup.create_app()

def test_order_cancellation(self):
"""Method to test order cancellation"""

with app.test_request_context():
client = app.test_client()
attendee = AttendeeFactory()
save_to_db(attendee)

obj = OrderFactory()
obj.ticket_holders = [attendee, ]
save_to_db(obj)
data = {
"data": {
"attributes": {
"status": "cancelled"
},
"type": "order",
"id": obj.id
}
}
resp = client.patch('/v1/orders/1', data=dict(
order=obj,
data=data))
res = resp.get_json()
self.assertEqual(res['status'], 'cancelled')


if __name__ == '__main__':
unittest.main()

0 comments on commit 8ce2148

Please sign in to comment.