Generate transfer token in set_ownership (#112)

src/openprocurement/api/tests/award.py

@@ -758,7 +758,7 @@ def test_create_tender_award_complaint(self):
         self.assertEqual(complaint['author']['name'], test_organization['name'])
         self.assertIn('id', complaint)
         self.assertIn(complaint['id'], response.headers['Location'])
-        self.assertNotIn('transfer', complaint)
+        self.assertNotIn('transfer_token', complaint)
 
         self.set_status('active.awarded')
 
@@ -987,8 +987,7 @@ def test_get_tender_award_complaint(self):
         self.assertEqual(response.status, '200 OK')
         self.assertEqual(response.content_type, 'application/json')
         self.assertEqual(response.json['data'], complaint)
-        self.assertNotIn('transfer', response.json.get('access', ''))
-        self.assertNotIn('transfer', response.json['data'])
+        self.assertNotIn('transfer_token', response.json['data'])
 
 
         response = self.app.get('/tenders/{}/awards/{}/complaints/some_id'.format(self.tender_id, self.award_id), status=404)

src/openprocurement/api/tests/tender.py

@@ -614,7 +614,7 @@ def test_create_tender(self):
         self.assertEqual(set(tender) - set(test_tender_data), set(
             [u'id', u'dateModified', u'tenderID', u'date', u'status', u'procurementMethod', u'awardCriteria', u'submissionMethod', u'next_check', u'owner']))
         self.assertIn(tender['id'], response.headers['Location'])
-        self.assertNotIn('transfer', tender)
+        self.assertNotIn('transfer_token', tender)
 
         response = self.app.get('/tenders/{}'.format(tender['id']))
         self.assertEqual(response.status, '200 OK')
@@ -660,8 +660,7 @@ def test_get_tender(self):
         self.assertEqual(response.status, '200 OK')
         self.assertEqual(response.content_type, 'application/json')
         self.assertEqual(response.json['data'], tender)
-        self.assertNotIn('transfer', response.json.get('access', ''))
-        self.assertNotIn('transfer', response.json['data'])
+        self.assertNotIn('transfer_token', response.json['data'])
 
         response = self.app.get('/tenders/{}?opt_jsonp=callback'.format(tender['id']))
         self.assertEqual(response.status, '200 OK')

src/openprocurement/api/utils.py

@@ -206,12 +206,12 @@ def get_revision_changes(dst, src):
 def set_ownership(item, request):
     item.owner = request.authenticated_userid
     item.owner_token = generate_id()
-    if item.get('transfer_token'):
-        if isinstance(getattr(type(item), 'transfer_token', None), StringType):
-            item.transfer_token = sha512(item.transfer_token).hexdigest()
-        else:
-            # remote object attribute which is not schematics field
-            del item.transfer_token
+    acc = {'token': item.owner_token}
+    if isinstance(getattr(type(item), 'transfer_token', None), StringType):
+        transfer = generate_id()
+        item.transfer_token = sha512(transfer).hexdigest()
+        acc['transfer'] = transfer
+    return acc
 
 
 def set_modetest_titles(tender):

src/openprocurement/api/views/award_complaint.py

@@ -51,18 +51,13 @@ def collection_post(self):
         else:
             complaint.status = 'draft'
         complaint.complaintID = '{}.{}{}'.format(tender.tenderID, self.server_id, sum([len(i.complaints) for i in tender.awards], len(tender.complaints)) + 1)
-        transfer = generate_id()
-        complaint.transfer_token = transfer
-        set_ownership(complaint, self.request)
+        acc = set_ownership(complaint, self.request)
         self.context.complaints.append(complaint)
         if save_tender(self.request):
             self.LOGGER.info('Created tender award complaint {}'.format(complaint.id),
                         extra=context_unpack(self.request, {'MESSAGE_ID': 'tender_award_complaint_create'}, {'complaint_id': complaint.id}))
             self.request.response.status = 201
             self.request.response.headers['Location'] = self.request.route_url('Tender Award Complaints', tender_id=tender.id, award_id=self.request.validated['award_id'], complaint_id=complaint['id'])
-            acc = {'token': complaint.owner_token}
-            if complaint.transfer_token:
-                acc['transfer'] = transfer
             return {'data': complaint.serialize("view"), 'access': acc}
 
     @json_view(permission='view_tender')

src/openprocurement/api/views/bid.py

@@ -115,19 +115,14 @@ def collection_post(self):
             self.request.errors.status = 403
             return
         bid = self.request.validated['bid']
-        transfer = generate_id()
-        bid.transfer_token = transfer
-        set_ownership(bid, self.request)
+        acc = set_ownership(bid, self.request)
         tender.bids.append(bid)
         tender.modified = False
         if save_tender(self.request):
             self.LOGGER.info('Created tender bid {}'.format(bid.id),
                         extra=context_unpack(self.request, {'MESSAGE_ID': 'tender_bid_create'}, {'bid_id': bid.id}))
             self.request.response.status = 201
             self.request.response.headers['Location'] = self.request.route_url('Tender Bids', tender_id=tender.id, bid_id=bid['id'])
-            acc = {'token': bid.owner_token}
-            if bid.transfer_token:
-                acc['transfer'] = transfer
             return {'data': bid.serialize('view'), 'access': acc}
 
     @json_view(permission='view_tender')

src/openprocurement/api/views/complaint.py

@@ -40,18 +40,13 @@ def collection_post(self):
         else:
             complaint.status = 'draft'
         complaint.complaintID = '{}.{}{}'.format(tender.tenderID, self.server_id, sum([len(i.complaints) for i in tender.awards], len(tender.complaints)) + 1)
-        transfer = generate_id()
-        complaint.transfer_token = transfer
-        set_ownership(complaint, self.request)
+        acc = set_ownership(complaint, self.request)
         tender.complaints.append(complaint)
         if save_tender(self.request):
             self.LOGGER.info('Created tender complaint {}'.format(complaint.id),
                         extra=context_unpack(self.request, {'MESSAGE_ID': 'tender_complaint_create'}, {'complaint_id': complaint.id}))
             self.request.response.status = 201
             self.request.response.headers['Location'] = self.request.route_url('Tender Complaints', tender_id=tender.id, complaint_id=complaint.id)
-            acc = {'token': complaint.owner_token}
-            if complaint.transfer_token:
-                acc['transfer'] = transfer
             return {'data': complaint.serialize(tender.status), 'access': acc}
 
     @json_view(permission='view_tender')

src/openprocurement/api/views/tender.py

@@ -352,9 +352,7 @@ def post(self):
             tender.initialize()
         if self.request.json_body['data'].get('status') == 'draft':
             tender.status = 'draft'
-        transfer = generate_id()
-        tender.transfer_token = transfer
-        set_ownership(tender, self.request)
+        acc = set_ownership(tender, self.request)
         self.request.validated['tender'] = tender
         self.request.validated['tender_src'] = {}
         if save_tender(self.request):
@@ -363,9 +361,6 @@ def post(self):
             self.request.response.status = 201
             self.request.response.headers[
                 'Location'] = self.request.route_url('Tender', tender_id=tender_id)
-            acc = {'token': tender.owner_token}
-            if tender.transfer_token:
-                acc['transfer'] = transfer
             return {'data': tender.serialize(tender.status), 'access': acc}