prevent the delete/update for projects

Prevent user from deleting or updating projects
which are associated with testcases

JIRA: RELENG-335
JIRA: RELENG-336

Change-Id: Ic0a8841a4632329f4b58aeb97cb93a91bacc2b06
Signed-off-by: thuva4 <tharma.thuva@gmail.com>

4 files changed, 37 insertions, 0 deletions

diff --git a/testapi/opnfv_testapi/common/check.py b/testapi/opnfv_testapi/common/check.py
index 1a66dd7..7f866dd 100644
--- a/testapi/opnfv_testapi/common/check.py
+++ b/testapi/opnfv_testapi/common/check.py
@@ -47,6 +47,20 @@ def is_authorized(method):
     return wrapper
 
 
+def is_allowed(method):
+    @functools.wraps(method)
+    def wrapper(self, *args, **kwargs):
+        if self.table == 'projects':
+            query_data = {}
+            query_data['project_name'] = kwargs.get('query')['name']
+            data = yield dbapi.db_find_one('testcases', query_data)
+            if data:
+                raises.Unauthorized(message.tied_with_resource())
+        ret = yield gen.coroutine(method)(self, *args, **kwargs)
+        raise gen.Return(ret)
+    return wrapper
+
+
 def valid_token(method):
     @functools.wraps(method)
     def wrapper(self, *args, **kwargs):
diff --git a/testapi/opnfv_testapi/common/message.py b/testapi/opnfv_testapi/common/message.py
index b92b7f0..7c62894 100644
--- a/testapi/opnfv_testapi/common/message.py
+++ b/testapi/opnfv_testapi/common/message.py
@@ -64,3 +64,7 @@ def must_int(name):
 
 def no_permission():
     return 'You do not have permission to perform this action'
+
+
+def tied_with_resource():
+    return 'Selected resource is associated with other resources'
diff --git a/testapi/opnfv_testapi/handlers/base_handlers.py b/testapi/opnfv_testapi/handlers/base_handlers.py
index 537077d..ed4aeb2 100644
--- a/testapi/opnfv_testapi/handlers/base_handlers.py
+++ b/testapi/opnfv_testapi/handlers/base_handlers.py
@@ -179,6 +179,7 @@ class GenericApiHandler(web.RequestHandler):
     @gen.coroutine
     @check.not_exist
     @check.is_authorized
+    @check.is_allowed
     def _delete(self, data, query=None):
         yield dbapi.db_delete(self.table, query)
         self.finish_request()
@@ -189,6 +190,7 @@ class GenericApiHandler(web.RequestHandler):
     @check.not_exist
     @check.updated_one_not_exist
     @check.is_authorized
+    @check.is_allowed
     def _update(self, data, query=None, **kwargs):
         data = self.table_cls.from_dict(data)
         update_req = self._update_requests(data)
diff --git a/testapi/opnfv_testapi/tests/unit/handlers/test_project.py b/testapi/opnfv_testapi/tests/unit/handlers/test_project.py
index cbd1a4e..884dd68 100644
--- a/testapi/opnfv_testapi/tests/unit/handlers/test_project.py
+++ b/testapi/opnfv_testapi/tests/unit/handlers/test_project.py
@@ -12,6 +12,7 @@ import urllib
 
 from opnfv_testapi.common import message
 from opnfv_testapi.models import project_models
+from opnfv_testapi.models import testcase_models as tcm
 from opnfv_testapi.tests.unit import executor
 from opnfv_testapi.tests.unit.handlers import test_base as base
 
@@ -23,6 +24,9 @@ class TestProjectBase(base.TestBase):
                                                          'qtip-ssh test')
         self.req_e = project_models.ProjectCreateRequest('functest',
                                                          'functest test')
+        self.testcase_d = tcm.TestcaseCreateRequest.from_dict(
+            self.load_json('testcase_d'))
+        self.project = 'qtip'
         self.get_res = project_models.Project
         self.list_res = project_models.Projects
         self.update_res = project_models.Project
@@ -150,6 +154,13 @@ class TestProjectUpdate(TestProjectBase):
         return self.req_d, self.req_d.name
 
     @executor.mock_valid_lfid()
+    @executor.update(httplib.UNAUTHORIZED, message.tied_with_resource())
+    def test_updateNotAllowed(self):
+        self.create_help('/api/v1/projects/%s/cases', self.testcase_d, self.req_d.name)
+        req = project_models.ProjectUpdateRequest('apex', 'apex test')
+        return req, self.req_d.name
+
+    @executor.mock_valid_lfid()
     @executor.update(httplib.OK, '_assert_update')
     def test_success(self):
         req = project_models.ProjectUpdateRequest('apex', 'apex test')
@@ -178,6 +189,12 @@ class TestProjectDelete(TestProjectBase):
         return 'notFound'
 
     @executor.mock_valid_lfid()
+    @executor.delete(httplib.UNAUTHORIZED, message.tied_with_resource())
+    def test_deleteNotAllowed(self):
+        self.create_help('/api/v1/projects/%s/cases', self.testcase_d, self.req_d.name)
+        return self.req_d.name
+
+    @executor.mock_valid_lfid()
     @executor.delete(httplib.OK, '_assert_delete')
     def test_success(self):
         return self.req_d.name