summaryrefslogtreecommitdiffstats
path: root/opnfv_testapi/resources/review_handlers.py
blob: 9731e0f44824bb82b30f81578282e15f86ff0097 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
##############################################################################
# Copyright (c) 2019 Intracom Telecom
# mokats@intracom-telecom.com
# All rights reserved. This program and the accompanying materials
# are made available under the terms of the Apache License, Version 2.0
# which accompanies this distribution, and is available at
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################
from datetime import datetime
import logging

from tornado import web, gen

from opnfv_testapi.common.config import CONF
from opnfv_testapi.common import message, raises
from opnfv_testapi.db import api as dbapi
from opnfv_testapi.resources import handlers, review_models
from opnfv_testapi.tornado_swagger import swagger
from opnfv_testapi.ui.auth import constants as auth_const


class GenericReviewHandler(handlers.GenericApiHandler):
    def __init__(self, review, request, **kwargs):
        super(GenericReviewHandler, self).__init__(review, request, **kwargs)
        self.table = 'reviews'
        self.table_cls = review_models.Review


class ReviewsCLHandler(GenericReviewHandler):
    @swagger.operation(nickname="queryReviews")
    @web.asynchronous
    @gen.coroutine
    def get(self):
        def descend_limit():
            descend = self.get_query_argument('descend', 'true')
            return -1 if descend.lower() == 'true' else 1

        def last_limit():
            return self.get_int('last', self.get_query_argument('last', 0))

        def page_limit():
            return self.get_int('page', self.get_query_argument('page', 0))

        limitations = {
            'sort': {'_id': descend_limit()},
            'last': last_limit(),
            'page': page_limit(),
            'per_page': CONF.api_results_per_page
        }

        query = yield self.set_query()
        yield self._list(query=query, **limitations)
        logging.debug('list end')

    @swagger.operation(nickname="createReview")
    @web.asynchronous
    def post(self):
        openid = self.get_secure_cookie(auth_const.OPENID)
        if openid:
            self.json_args['reviewer_openid'] = openid

        if self.json_args['outcome'] is None:
            self._del()
        else:
            self._post()

    @gen.coroutine
    def _post(self):
        query = {'openid': self.json_args['reviewer_openid']}
        user = yield dbapi.db_find_one('users', query)
        if not user:
            raises.Forbidden(message.unauthorized())
        role = self.get_secure_cookie(auth_const.ROLE)
        if 'reviewer' not in role.split(','):
            raises.Unauthorized(message.no_auth())
        test = yield dbapi.db_find_one(
            'tests', {'id': self.json_args['test_id']})
        if test['owner'] == self.json_args['reviewer_openid']:
            self.finish_request({'code': 403,
                                 'msg': 'No permision to review own results'})
            return
        query = {
            'reviewer_openid': self.json_args['reviewer_openid'],
            'test_id': self.json_args['test_id']
        }
        review = yield dbapi.db_find_one(self.table, query)
        if review:
            if review['outcome'] != self.json_args['outcome']:
                yield dbapi.db_update(self.table, query,
                                      {'$set': {
                                          'outcome': self.json_args['outcome'],
                                          'creation_date': datetime.now()}})
            self.finish_request()
        else:
            self.json_args['reviewer_name'] = user['fullname']
            self.json_args['reviewer_email'] = user['email']
            self._create(miss_fields=[], carriers=[])

    @gen.coroutine
    def _del(self):
        query = {'openid': self.json_args['reviewer_openid']}
        user = yield dbapi.db_find_one('users', query)
        if not user:
            raises.Forbidden(message.unauthorized())
        role = self.get_secure_cookie(auth_const.ROLE)
        if 'reviewer' not in role.split(','):
            raises.Unauthorized(message.no_auth())
        test = yield dbapi.db_find_one(
            'tests', {'id': self.json_args['test_id']})
        if test['owner'] == self.json_args['reviewer_openid']:
            self.finish_request({'code': 403,
                                 'msg': 'No permision to review own results'})
            return
        query = {
            'reviewer_openid': self.json_args['reviewer_openid'],
            'test_id': self.json_args['test_id']
        }
        yield dbapi.db_delete(self.table, query)
        self.finish_request()