Added Administrator role for administrative changes

openprocurement · Feb 5, 2015 · c773c16 · c773c16
1 parent 4aff2f5
commit c773c16
Show file tree

Hide file tree

Showing 6 changed files with 49 additions and 13 deletions.
diff --git a/src/openprocurement/api/models.py b/src/openprocurement/api/models.py
@@ -416,6 +416,7 @@ class Options:
 enquiries_role = (blacklist('owner', 'owner_token', '_attachments', 'revisions', 'bids', 'numberOfBids') + schematics_embedded_role)
 auction_role = (blacklist('owner', 'owner_token', '_attachments', 'revisions', 'bids') + schematics_embedded_role)
 chronograph_role = whitelist('status', 'enquiryPeriod', 'tenderPeriod', 'auctionPeriod', 'awardPeriod')
+Administrator_role = whitelist('mode')
 
 
 class Tender(SchematicsDocument, Model):
@@ -447,6 +448,7 @@ class Options:
             'unsuccessful': view_role,
             'cancelled': view_role,
             'chronograph': chronograph_role,
+            'Administrator': Administrator_role,
         }
 
     def __local_roles__(self):

diff --git a/src/openprocurement/api/tests/auth.ini b/src/openprocurement/api/tests/auth.ini
@@ -4,6 +4,9 @@ auction = auction
 [chronograph]
 chronograph = chronograph
 
+[Administrator]
+administrator = administrator
+
 [tests]
 chrisr = chrisr
 

diff --git a/src/openprocurement/api/tests/document.py b/src/openprocurement/api/tests/document.py
@@ -196,7 +196,6 @@ def test_put_tender_document(self):
         response = self.app.get('/tenders/{}/documents'.format(self.tender_id))
         self.assertEqual(response.status, '200 OK')
         self.assertEqual(response.content_type, 'application/json')
-        print response.json["data"]
         self.assertEqual(dateModified2, response.json["data"][0]['dateModified'])
         self.assertEqual(dateModified, response.json["data"][1]['dateModified'])
 

diff --git a/src/openprocurement/api/tests/tender.py b/src/openprocurement/api/tests/tender.py
@@ -570,6 +570,30 @@ def test_tender_not_found(self):
             {u'description': u'Not Found', u'location': u'url', u'name': u'tender_id'}
         ])
 
+    def test_tender_Administrator_change(self):
+        response = self.app.post_json('/tenders', {'data': test_tender_data})
+        self.assertEqual(response.status, '201 Created')
+        tender = response.json['data']
+
+        response = self.app.post_json('/tenders/{}/questions'.format(tender['id']), {'data': {'title': 'question title', 'description': 'question description', 'author': test_tender_data["procuringEntity"]}})
+        self.assertEqual(response.status, '201 Created')
+        self.assertEqual(response.content_type, 'application/json')
+        question = response.json['data']
+
+        self.app.authorization = ('Basic', ('administrator', ''))
+
+        response = self.app.patch_json('/tenders/{}'.format(tender['id']), {'data': {'mode': u'test'}})
+        self.assertEqual(response.status, '200 OK')
+        self.assertEqual(response.content_type, 'application/json')
+        self.assertEqual(response.json['data']['mode'], u'test')
+
+        response = self.app.patch_json('/tenders/{}/questions/{}'.format(tender['id'], question['id']), {"data": {"answer": "answer"}}, status=403)
+        self.assertEqual(response.status, '403 Forbidden')
+        self.assertEqual(response.content_type, 'application/json')
+        self.assertEqual(response.json['errors'], [
+            {"location": "url", "name": "role", "description": "Forbidden"}
+        ])
+
 
 class TenderProcessTest(BaseTenderWebTest):
     setUp = BaseWebTest.setUp

diff --git a/src/openprocurement/api/traversal.py b/src/openprocurement/api/traversal.py
@@ -26,6 +26,7 @@ class Root(object):
         (Allow, 'g:brokers', 'create_tender'),
         (Allow, 'g:auction', 'auction'),
         (Allow, 'g:chronograph', 'edit_tender'),
+        (Allow, 'g:Administrator', 'edit_tender'),
         (Allow, 'g:admins', ALL_PERMISSIONS),
     ]
 

diff --git a/src/openprocurement/api/validation.py b/src/openprocurement/api/validation.py
@@ -28,28 +28,35 @@ def validate_data(request, model, partial=False):
             m = model(request.context.serialize())
             m.import_data(new_patch)
             m.validate()
-            if request.authenticated_role == 'chronograph':
-                data = m.to_patch('chronograph')
+            if request.authenticated_role == 'Administrator':
+                role = 'Administrator'
+            elif request.authenticated_role == 'chronograph':
+                role = 'chronograph'
             elif request.authenticated_role == 'auction':
-                data = m.to_patch('auction_{}'.format(request.method.lower()))
+                role = 'auction_{}'.format(request.method.lower())
             elif isinstance(request.context, Tender):
-                data = m.to_patch('edit_{}'.format(request.context.status))
+                role = 'edit_{}'.format(request.context.status)
             else:
-                data = m.to_patch('edit')
-        elif partial:
-            m = model(data)
-            m.validate(partial=partial)
-            data = m.serialize('edit')
+                role = 'edit'
+            method = m.to_patch
         else:
             m = model(data)
             m.validate()
-            data = m.serialize('create')
+            method = m.serialize
+            role = 'create'
     except (ModelValidationError, ModelConversionError), e:
         for i in e.message:
             request.errors.add('body', i, e.message[i])
         request.errors.status = 422
-        return
-    request.validated['data'] = data
+        data = None
+    else:
+        if hasattr(m.__class__, '_options') and role not in m.__class__._options.roles:
+            request.errors.add('url', 'role', 'Forbidden')
+            request.errors.status = 403
+            data = None
+        else:
+            data = method(role)
+            request.validated['data'] = data
     return data