Merge remote-tracking branch 'origin/a272280131163160_claim_unsuccess…

…ful'
openprocurement · Feb 14, 2017 · 5d48f83 · 5d48f83
2 parents 2512b3e + 18c014c
commit 5d48f83
Show file tree

Hide file tree

Showing 4 changed files with 67 additions and 3 deletions.
diff --git a/openprocurement/tender/openua/models.py b/openprocurement/tender/openua/models.py
@@ -305,8 +305,8 @@ class Options:
             'action': whitelist('tendererAction'),
             'pending': whitelist('decision', 'status', 'rejectReason', 'rejectReasonDescription'),
             'review': whitelist('decision', 'status', 'reviewDate', 'reviewPlace'),
-            'embedded': (blacklist('owner_token', 'owner') + schematics_embedded_role),
-            'view': (blacklist('owner_token', 'owner') + schematics_default_role),
+            'embedded': (blacklist('owner_token', 'owner', 'bid_id') + schematics_embedded_role),
+            'view': (blacklist('owner_token', 'owner', 'bid_id') + schematics_default_role),
         }
     status = StringType(choices=['draft', 'claim', 'answered', 'pending', 'accepted', 'invalid', 'resolved', 'declined', 'cancelled', 'satisfied', 'stopping', 'stopped', 'mistaken'], default='draft')
     acceptance = BooleanType()
@@ -315,6 +315,7 @@ class Options:
     rejectReasonDescription = StringType()
     reviewDate = IsoDateTimeType()
     reviewPlace = StringType()
+    bid_id = StringType()
 
     def __acl__(self):
         return [

diff --git a/openprocurement/tender/openua/tests/award.py b/openprocurement/tender/openua/tests/award.py
@@ -913,6 +913,50 @@ def test_create_tender_award_complaint_invalid(self):
             {u'description': {u'contactPoint': [u'This field is required.'], u'identifier': {u'scheme': [u'This field is required.'], u'id': [u'This field is required.'], u'uri': [u'Not a well formed URL.']}, u'address': [u'This field is required.']}, u'location': u'body', u'name': u'author'}
         ])
 
+    def test_create_tender_award_claim(self):
+        auth = self.app.authorization
+        self.app.authorization = ('Basic', ('token', ''))
+        self.app.patch_json('/tenders/{}/awards/{}'.format(self.tender_id, self.award_id), {'data': {'status': 'cancelled'}})
+
+        response = self.app.get('/tenders/{}/awards'.format(self.tender_id))
+        award_id = [i['id'] for i in response.json['data'] if i['status'] == 'pending'][-1]
+        self.app.patch_json('/tenders/{}/awards/{}'.format(self.tender_id, award_id), {'data': {'status': 'unsuccessful'}})
+        self.app.authorization = auth
+        bid_token = self.initial_bids_tokens[self.initial_bids[1]['id']]
+
+        response = self.app.post_json('/tenders/{}/awards/{}/complaints?acc_token={}'.format(self.tender_id, award_id, bid_token), {'data': {
+            'title': 'complaint title',
+            'description': 'complaint description',
+            'author': test_organization,
+            'status': 'claim'
+        }}, status=403)
+        self.assertEqual(response.status, '403 Forbidden')
+        self.assertEqual(response.content_type, 'application/json')
+        self.assertEqual(response.json['status'], 'error')
+        self.assertEqual(response.json['errors'], [
+            {u'description': u'Can add claim only on unsuccessful award of your bid', u'location': u'body', u'name': u'data'}
+        ])
+
+        response = self.app.post_json('/tenders/{}/awards/{}/complaints?acc_token={}'.format(self.tender_id, award_id, bid_token), {'data': {
+            'title': 'complaint title',
+            'description': 'complaint description',
+            'author': test_organization,
+            'status': 'draft'
+        }})
+        self.assertEqual(response.status, '201 Created')
+        complaint = response.json['data']
+        owner_token = response.json['access']['token']
+
+        response = self.app.patch_json('/tenders/{}/awards/{}/complaints/{}?acc_token={}'.format(self.tender_id, award_id, complaint['id'], owner_token), {"data": {
+            "status": "claim",
+        }}, status=403)
+        self.assertEqual(response.status, '403 Forbidden')
+        self.assertEqual(response.content_type, 'application/json')
+        self.assertEqual(response.json['status'], 'error')
+        self.assertEqual(response.json['errors'], [
+            {u'description': u'Can add claim only on unsuccessful award of your bid', u'location': u'body', u'name': u'data'}
+        ])
+
     def test_create_tender_award_complaint_not_active(self):
         auth = self.app.authorization
         self.app.authorization = ('Basic', ('token', ''))

diff --git a/openprocurement/tender/openua/views/award_complaint.py b/openprocurement/tender/openua/views/award_complaint.py
@@ -16,6 +16,16 @@
 )
 
 
+def get_bid_id(request):
+    if request.authenticated_role != 'bid_owner':
+        return
+    tender = request.validated['tender']
+    bids = {'{}_{}'.format(i.owner, i.owner_token): i.id for i in tender.bids}
+    common = set(request.effective_principals).intersection(set(bids))
+    if common:
+        return bids[common.pop()]
+
+
 @opresource(name='Tender UA Award Complaints',
             collection_path='/tenders/{tender_id}/awards/{award_id}/complaints',
             path='/tenders/{tender_id}/awards/{award_id}/complaints/{complaint_id}',
@@ -48,6 +58,7 @@ def collection_post(self):
         complaint = self.request.validated['complaint']
         complaint.date = get_now()
         complaint.relatedLot = self.context.lotID
+        complaint.bid_id = get_bid_id(self.request)
         if complaint.status == 'claim':
             complaint.dateSubmitted = get_now()
         elif complaint.status == 'pending':
@@ -59,6 +70,10 @@ def collection_post(self):
             complaint.dateSubmitted = get_now()
         else:
             complaint.status = 'draft'
+        if self.context.status == 'unsuccessful' and complaint.status == 'claim' and self.context.bid_id != complaint.bid_id:
+            self.request.errors.add('body', 'data', 'Can add claim only on unsuccessful award of your bid')
+            self.request.errors.status = 403
+            return
         complaint.complaintID = '{}.{}{}'.format(tender.tenderID, self.server_id, self.complaints_len(tender) + 1)
         set_ownership(complaint, self.request)
         self.context.complaints.append(complaint)
@@ -104,6 +119,10 @@ def patch(self):
         elif self.request.authenticated_role == 'complaint_owner' and is_complaintPeriod and self.context.status == 'draft' and data.get('status', self.context.status) == self.context.status:
             apply_patch(self.request, save=False, src=self.context.serialize())
         elif self.request.authenticated_role == 'complaint_owner' and is_complaintPeriod and self.context.status == 'draft' and data.get('status', self.context.status) == 'claim':
+            if self.request.validated['award'].status == 'unsuccessful' and self.request.validated['award'].bid_id != self.context.bid_id:
+                self.request.errors.add('body', 'data', 'Can add claim only on unsuccessful award of your bid')
+                self.request.errors.status = 403
+                return
             apply_patch(self.request, save=False, src=self.context.serialize())
             self.context.dateSubmitted = get_now()
         elif self.request.authenticated_role == 'complaint_owner' and is_complaintPeriod and self.context.status == 'draft' and data.get('status', self.context.status) == 'pending':

diff --git a/setup.py b/setup.py
@@ -1,7 +1,7 @@
 from setuptools import setup, find_packages
 import os
 
-version = '2.3.21'
+version = '2.3.22'
 
 requires = [
     'setuptools',