diff options
-rw-r--r-- | cvp/3rd_party/static/testapi-ui/components/results/results.html | 12 | ||||
-rw-r--r-- | cvp/opnfv_testapi/resources/test_handlers.py | 38 |
2 files changed, 39 insertions, 11 deletions
diff --git a/cvp/3rd_party/static/testapi-ui/components/results/results.html b/cvp/3rd_party/static/testapi-ui/components/results/results.html index a16ac30b..1f816ea7 100644 --- a/cvp/3rd_party/static/testapi-ui/components/results/results.html +++ b/cvp/3rd_party/static/testapi-ui/components/results/results.html @@ -15,6 +15,7 @@ <div class="row" style="margin-bottom:24px;"></div> <div cg-busy="{promise:ctrl.authRequest,message:'Loading'}"></div> <div cg-busy="{promise:ctrl.resultsRequest,message:'Loading'}"></div> + <div ng-show="ctrl.data" class="results-table"> <table ng-data="ctrl.data.result" ng-show="ctrl.data" class="table table-striped table-hover"> <thead> @@ -48,12 +49,10 @@ Operation<span class="caret"></span> </a> <ul class="dropdown-menu" uib-dropdown-menu role="menu" aria-labelledby="single-button"> - <li role="menuitem" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-class="{'hide': result.status != 'review' || auth.currentUser.openid != result.owner}" ng-click="ctrl.toPrivate(result, 'private')">withdraw submit</a></li> - <li role="menuitem" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-class="{'hide': result.status != 'private' || auth.currentUser.openid != result.owner}" ng-click="ctrl.toReview(result, 'review')">submit to review</a></li> - <!-- - <li role="menuitem" ng-if="auth.currentUser.role.indexOf('reviewer') != -1" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-class="{'hide': result.status == 'approved'}" ng-click="ctrl.toggleCheck(result, 'status', 'approve')">approve</a></li> - <li role="menuitem" ng-if="auth.currentUser.role.indexOf('reviewer') != -1" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-class="{'hide': result.status == 'not approved'}" ng-click="ctrl.toggleCheck(result, 'status', 'not approve')">not approve</a></li> - --> + <li role="menuitem" ng-if="auth.currentUser.openid == result.owner" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-class="{'hide': result.status == 'private'}" ng-click="ctrl.toPrivate(result, 'private')">withdraw submit</a></li> + <li role="menuitem" ng-if="auth.currentUser.openid == result.owner" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-class="{'hide': result.status != 'private'}" ng-click="ctrl.toReview(result, 'review')">submit to review</a></li> + <li role="menuitem" ng-if="auth.currentUser.role.indexOf('administrator') != -1" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-class="{'hide': result.status == 'approved' || result.status == 'private'}" ng-click="ctrl.toggleCheck(result, 'status', 'approved')">approve</a></li> + <li role="menuitem" ng-if="auth.currentUser.role.indexOf('administrator') != -1" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-class="{'hide': result.status == 'not approved' || result.status == 'private'}" ng-click="ctrl.toggleCheck(result, 'status', 'not approved')">not approve</a></li> <li role="menuitem" ng-if="auth.currentUser.openid == result.owner" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-click="ctrl.openSharedModal(result)">share with</a></li> <li role="menuitem" ng-if="auth.currentUser.openid == result.owner" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-click="ctrl.deleteTest(result._id)">delete</a></li> </ul> @@ -88,6 +87,7 @@ </uib-pagination> </div> </div> + </div> <div ng-show="ctrl.showError" class="alert alert-danger" role="alert"> <span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span> diff --git a/cvp/opnfv_testapi/resources/test_handlers.py b/cvp/opnfv_testapi/resources/test_handlers.py index 2baa2943..161585ef 100644 --- a/cvp/opnfv_testapi/resources/test_handlers.py +++ b/cvp/opnfv_testapi/resources/test_handlers.py @@ -188,21 +188,49 @@ class TestsGURHandler(GenericTestHandler): query = {'_id': objectid.ObjectId(_id)} db_keys = ['_id', ] + + test = yield dbapi.db_find_one("tests", query) + if not test: + msg = 'Record does not exist' + self.finish_request({'code': 404, 'msg': msg}) + return + curr_user = self.get_secure_cookie(auth_const.OPENID) - if item in {"shared", "label", "status"}: + if item in {"shared", "label"}: query['owner'] = curr_user db_keys.append('owner') - if item == "status" and value == "review": - test = yield dbapi.db_find_one("tests", query) - if test: + if item == "status": + if value in {'approved', 'not approved'}: + if test['status'] == 'private': + msg = 'Not allowed to approve/not approve' + self.finish_request({'code': 403, 'msg': msg}) + return + + user = yield dbapi.db_find_one("users", {'openid': curr_user}) + if 'administrator' not in user['role']: + msg = 'No permission to operate' + self.finish_request({'code': 403, 'msg': msg}) + return + elif value == 'review': + if test['status'] != 'private': + msg = 'Not allowed to submit to review' + self.finish_request({'code': 403, 'msg': msg}) + return + + query['owner'] = curr_user + db_keys.append('owner') + test_query = {'id': test['id'], 'status': 'review'} record = yield dbapi.db_find_one("tests", test_query) if record: - msg = ('{} has already submitted one record with the same' + msg = ('{} has already submitted one record with the same ' 'Test ID: {}'.format(record['owner'], test['id'])) self.finish_request({'code': 403, 'msg': msg}) return + else: + query['owner'] = curr_user + db_keys.append('owner') logging.debug("before _update 2") self._update(query=query, db_keys=db_keys) |