Added uploading auction log

openprocurement · Feb 6, 2015 · 64a5a98 · 64a5a98
1 parent c773c16
commit 64a5a98
Show file tree

Hide file tree

Showing 6 changed files with 65 additions and 13 deletions.
diff --git a/src/openprocurement/api/models.py b/src/openprocurement/api/models.py
@@ -512,6 +512,7 @@ def __acl__(self):
         ]
         acl.extend([
             (Allow, '{}_{}'.format(self.owner, self.owner_token), 'edit_tender'),
+            (Allow, '{}_{}'.format(self.owner, self.owner_token), 'upload_tender_documents'),
             (Allow, '{}_{}'.format(self.owner, self.owner_token), 'review_complaint'),
         ])
         return acl

diff --git a/src/openprocurement/api/tests/auction.py b/src/openprocurement/api/tests/auction.py
@@ -103,10 +103,8 @@ def test_post_tender_auction(self):
         self.assertEqual(response.content_type, 'application/json')
         self.assertEqual(response.json['errors'][0]["description"], "Can't report auction results in current (active.tendering) tender status")
 
-        self.app.authorization = ('Basic', ('token', ''))
         self.set_status('active.auction')
 
-        self.app.authorization = ('Basic', ('auction', ''))
         #response = self.app.post_json('/tenders/{}/auction'.format(self.tender_id), {'data': {}}, status=422)
         #self.assertEqual(response.status, '422 Unprocessable Entity')
         #self.assertEqual(response.content_type, 'application/json')
@@ -195,10 +193,8 @@ def test_patch_tender_auction(self):
         self.assertEqual(response.content_type, 'application/json')
         self.assertEqual(response.json['errors'][0]["description"], "Can't report auction results in current (active.tendering) tender status")
 
-        self.app.authorization = ('Basic', ('token', ''))
         self.set_status('active.auction')
 
-        self.app.authorization = ('Basic', ('auction', ''))
         #response = self.app.patch_json('/tenders/{}/auction'.format(self.tender_id), {'data': {}}, status=422)
         #self.assertEqual(response.status, '422 Unprocessable Entity')
         #self.assertEqual(response.content_type, 'application/json')
@@ -258,15 +254,66 @@ def test_patch_tender_auction(self):
         self.assertEqual(tender["bids"][0]['participationUrl'], patch_data["bids"][1]['participationUrl'])
         self.assertEqual(tender["bids"][1]['participationUrl'], patch_data["bids"][0]['participationUrl'])
 
-        self.app.authorization = ('Basic', ('token', ''))
         self.set_status('complete')
 
-        self.app.authorization = ('Basic', ('auction', ''))
         response = self.app.patch_json('/tenders/{}/auction'.format(self.tender_id), {'data': patch_data}, status=403)
         self.assertEqual(response.status, '403 Forbidden')
         self.assertEqual(response.content_type, 'application/json')
         self.assertEqual(response.json['errors'][0]["description"], "Can't report auction results in current (complete) tender status")
 
+    def test_post_tender_auction_document(self):
+        self.app.authorization = ('Basic', ('auction', ''))
+        response = self.app.post('/tenders/{}/documents'.format(self.tender_id), upload_files=[('file', 'name.doc', 'content')], status=403)
+        self.assertEqual(response.status, '403 Forbidden')
+        self.assertEqual(response.content_type, 'application/json')
+        self.assertEqual(response.json['errors'][0]["description"], "Can't add document in current (active.tendering) tender status")
+
+        self.set_status('active.auction')
+
+        response = self.app.post('/tenders/{}/documents'.format(self.tender_id), upload_files=[('file', 'name.doc', 'content')])
+        self.assertEqual(response.status, '201 Created')
+        self.assertEqual(response.content_type, 'application/json')
+        doc_id = response.json["data"]['id']
+        key = response.json["data"]["url"].split('?')[-1].split('=')[-1]
+
+        patch_data = {
+            'bids': [
+                {
+                    "id": self.initial_bids[1]['id'],
+                    "value": {
+                        "amount": 409,
+                        "currency": "UAH",
+                        "valueAddedTaxIncluded": True
+                    }
+                },
+                {
+                    'id': self.initial_bids[0]['id'],
+                    "value": {
+                        "amount": 419,
+                        "currency": "UAH",
+                        "valueAddedTaxIncluded": True
+                    }
+                }
+            ]
+        }
+
+        response = self.app.post_json('/tenders/{}/auction'.format(self.tender_id), {'data': patch_data})
+        self.assertEqual(response.status, '200 OK')
+        self.assertEqual(response.content_type, 'application/json')
+
+        response = self.app.put('/tenders/{}/documents/{}'.format(self.tender_id, doc_id), upload_files=[('file', 'name.doc', 'content_with_names')])
+        self.assertEqual(response.status, '200 OK')
+        self.assertEqual(response.content_type, 'application/json')
+        self.assertEqual(doc_id, response.json["data"]["id"])
+        key2 = response.json["data"]["url"].split('?')[-1].split('=')[-1]
+        self.assertNotEqual(key, key2)
+
+        self.set_status('complete')
+        response = self.app.post('/tenders/{}/documents'.format(self.tender_id), upload_files=[('file', 'name.doc', 'content')], status=403)
+        self.assertEqual(response.status, '403 Forbidden')
+        self.assertEqual(response.content_type, 'application/json')
+        self.assertEqual(response.json['errors'][0]["description"], "Can't add document in current (complete) tender status")
+
 
 def suite():
     suite = unittest.TestSuite()

diff --git a/src/openprocurement/api/tests/document.py b/src/openprocurement/api/tests/document.py
@@ -379,6 +379,7 @@ def get_key(self, key_name, headers=NOT_IMPL, version_id=NOT_IMPL):
             return None
         return self.keys[key_name]
 
+
 class MockProvider(object):
 
     def __init__(self, provider):

diff --git a/src/openprocurement/api/tests/migration.py b/src/openprocurement/api/tests/migration.py
@@ -485,7 +485,6 @@ def test_migrate_from12to13(self):
         self.assertEqual('lowestCost', migrated_item['awardCriteria'])
         self.assertEqual('electronicAuction', migrated_item['submissionMethod'])
 
-
     def test_migrate_from13to14(self):
         set_db_schema_version(self.db, 13)
         data = {

diff --git a/src/openprocurement/api/traversal.py b/src/openprocurement/api/traversal.py
@@ -25,6 +25,7 @@ class Root(object):
         (Allow, 'g:brokers', 'create_question'),
         (Allow, 'g:brokers', 'create_tender'),
         (Allow, 'g:auction', 'auction'),
+        (Allow, 'g:auction', 'upload_tender_documents'),
         (Allow, 'g:chronograph', 'edit_tender'),
         (Allow, 'g:Administrator', 'edit_tender'),
         (Allow, 'g:admins', ALL_PERMISSIONS),

diff --git a/src/openprocurement/api/views/tender_document.py b/src/openprocurement/api/views/tender_document.py
@@ -44,10 +44,11 @@ def collection_get(self):
             ]).values(), key=lambda i: i['dateModified'])
         return {'data': collection_data}
 
-    @view(renderer='json', permission='edit_tender', validators=(validate_file_upload,))
+    @view(renderer='json', permission='upload_tender_documents', validators=(validate_file_upload,))
     def collection_post(self):
         """Tender Document Upload"""
-        if self.request.validated['tender_status'] != 'active.enquiries':
+        if self.request.authenticated_role != 'auction' and self.request.validated['tender_status'] != 'active.enquiries' or \
+           self.request.authenticated_role == 'auction' and self.request.validated['tender_status'] not in ['active.auction', 'active.qualification']:
             self.request.errors.add('body', 'data', 'Can\'t add document in current ({}) tender status'.format(self.request.validated['tender_status']))
             self.request.errors.status = 403
             return
@@ -75,10 +76,11 @@ def get(self):
         ]
         return {'data': document_data}
 
-    @view(renderer='json', permission='edit_tender', validators=(validate_file_update,))
+    @view(renderer='json', permission='upload_tender_documents', validators=(validate_file_update,))
     def put(self):
         """Tender Document Update"""
-        if self.request.validated['tender_status'] != 'active.enquiries':
+        if self.request.authenticated_role != 'auction' and self.request.validated['tender_status'] != 'active.enquiries' or \
+           self.request.authenticated_role == 'auction' and self.request.validated['tender_status'] not in ['active.auction', 'active.qualification']:
             self.request.errors.add('body', 'data', 'Can\'t update document in current ({}) tender status'.format(self.request.validated['tender_status']))
             self.request.errors.status = 403
             return
@@ -88,10 +90,11 @@ def put(self):
             LOGGER.info('Updated tender document {}'.format(self.request.context.id), extra={'MESSAGE_ID': 'tender_document_put'})
             return {'data': document.serialize("view")}
 
-    @view(renderer='json', permission='edit_tender', validators=(validate_patch_document_data,))
+    @view(renderer='json', permission='upload_tender_documents', validators=(validate_patch_document_data,))
     def patch(self):
         """Tender Document Update"""
-        if self.request.validated['tender_status'] != 'active.enquiries':
+        if self.request.authenticated_role != 'auction' and self.request.validated['tender_status'] != 'active.enquiries' or \
+           self.request.authenticated_role == 'auction' and self.request.validated['tender_status'] not in ['active.auction', 'active.qualification']:
             self.request.errors.add('body', 'data', 'Can\'t update document in current ({}) tender status'.format(self.request.validated['tender_status']))
             self.request.errors.status = 403
             return