1 files changed, 119 insertions, 0 deletions

diff --git a/opnfv_testapi/resources/review_handlers.py b/opnfv_testapi/resources/review_handlers.py
new file mode 100644
index 0000000..9731e0f
--- /dev/null
+++ b/opnfv_testapi/resources/review_handlers.py
@@ -0,0 +1,119 @@
+##############################################################################
+# Copyright (c) 2019 Intracom Telecom
+# mokats@intracom-telecom.com
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+from datetime import datetime
+import logging
+
+from tornado import web, gen
+
+from opnfv_testapi.common.config import CONF
+from opnfv_testapi.common import message, raises
+from opnfv_testapi.db import api as dbapi
+from opnfv_testapi.resources import handlers, review_models
+from opnfv_testapi.tornado_swagger import swagger
+from opnfv_testapi.ui.auth import constants as auth_const
+
+
+class GenericReviewHandler(handlers.GenericApiHandler):
+    def __init__(self, review, request, **kwargs):
+        super(GenericReviewHandler, self).__init__(review, request, **kwargs)
+        self.table = 'reviews'
+        self.table_cls = review_models.Review
+
+
+class ReviewsCLHandler(GenericReviewHandler):
+    @swagger.operation(nickname="queryReviews")
+    @web.asynchronous
+    @gen.coroutine
+    def get(self):
+        def descend_limit():
+            descend = self.get_query_argument('descend', 'true')
+            return -1 if descend.lower() == 'true' else 1
+
+        def last_limit():
+            return self.get_int('last', self.get_query_argument('last', 0))
+
+        def page_limit():
+            return self.get_int('page', self.get_query_argument('page', 0))
+
+        limitations = {
+            'sort': {'_id': descend_limit()},
+            'last': last_limit(),
+            'page': page_limit(),
+            'per_page': CONF.api_results_per_page
+        }
+
+        query = yield self.set_query()
+        yield self._list(query=query, **limitations)
+        logging.debug('list end')
+
+    @swagger.operation(nickname="createReview")
+    @web.asynchronous
+    def post(self):
+        openid = self.get_secure_cookie(auth_const.OPENID)
+        if openid:
+            self.json_args['reviewer_openid'] = openid
+
+        if self.json_args['outcome'] is None:
+            self._del()
+        else:
+            self._post()
+
+    @gen.coroutine
+    def _post(self):
+        query = {'openid': self.json_args['reviewer_openid']}
+        user = yield dbapi.db_find_one('users', query)
+        if not user:
+            raises.Forbidden(message.unauthorized())
+        role = self.get_secure_cookie(auth_const.ROLE)
+        if 'reviewer' not in role.split(','):
+            raises.Unauthorized(message.no_auth())
+        test = yield dbapi.db_find_one(
+            'tests', {'id': self.json_args['test_id']})
+        if test['owner'] == self.json_args['reviewer_openid']:
+            self.finish_request({'code': 403,
+                                 'msg': 'No permision to review own results'})
+            return
+        query = {
+            'reviewer_openid': self.json_args['reviewer_openid'],
+            'test_id': self.json_args['test_id']
+        }
+        review = yield dbapi.db_find_one(self.table, query)
+        if review:
+            if review['outcome'] != self.json_args['outcome']:
+                yield dbapi.db_update(self.table, query,
+                                      {'$set': {
+                                          'outcome': self.json_args['outcome'],
+                                          'creation_date': datetime.now()}})
+            self.finish_request()
+        else:
+            self.json_args['reviewer_name'] = user['fullname']
+            self.json_args['reviewer_email'] = user['email']
+            self._create(miss_fields=[], carriers=[])
+
+    @gen.coroutine
+    def _del(self):
+        query = {'openid': self.json_args['reviewer_openid']}
+        user = yield dbapi.db_find_one('users', query)
+        if not user:
+            raises.Forbidden(message.unauthorized())
+        role = self.get_secure_cookie(auth_const.ROLE)
+        if 'reviewer' not in role.split(','):
+            raises.Unauthorized(message.no_auth())
+        test = yield dbapi.db_find_one(
+            'tests', {'id': self.json_args['test_id']})
+        if test['owner'] == self.json_args['reviewer_openid']:
+            self.finish_request({'code': 403,
+                                 'msg': 'No permision to review own results'})
+            return
+        query = {
+            'reviewer_openid': self.json_args['reviewer_openid'],
+            'test_id': self.json_args['test_id']
+        }
+        yield dbapi.db_delete(self.table, query)
+        self.finish_request()