summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--cvp/3rd_party/static/testapi-ui/components/results/results.html12
-rw-r--r--cvp/opnfv_testapi/resources/test_handlers.py38
2 files changed, 39 insertions, 11 deletions
diff --git a/cvp/3rd_party/static/testapi-ui/components/results/results.html b/cvp/3rd_party/static/testapi-ui/components/results/results.html
index a16ac30b..1f816ea7 100644
--- a/cvp/3rd_party/static/testapi-ui/components/results/results.html
+++ b/cvp/3rd_party/static/testapi-ui/components/results/results.html
@@ -15,6 +15,7 @@
<div class="row" style="margin-bottom:24px;"></div>
<div cg-busy="{promise:ctrl.authRequest,message:'Loading'}"></div>
<div cg-busy="{promise:ctrl.resultsRequest,message:'Loading'}"></div>
+
<div ng-show="ctrl.data" class="results-table">
<table ng-data="ctrl.data.result" ng-show="ctrl.data" class="table table-striped table-hover">
<thead>
@@ -48,12 +49,10 @@
Operation<span class="caret"></span>
</a>
<ul class="dropdown-menu" uib-dropdown-menu role="menu" aria-labelledby="single-button">
- <li role="menuitem" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-class="{'hide': result.status != 'review' || auth.currentUser.openid != result.owner}" ng-click="ctrl.toPrivate(result, 'private')">withdraw submit</a></li>
- <li role="menuitem" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-class="{'hide': result.status != 'private' || auth.currentUser.openid != result.owner}" ng-click="ctrl.toReview(result, 'review')">submit to review</a></li>
- <!--
- <li role="menuitem" ng-if="auth.currentUser.role.indexOf('reviewer') != -1" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-class="{'hide': result.status == 'approved'}" ng-click="ctrl.toggleCheck(result, 'status', 'approve')">approve</a></li>
- <li role="menuitem" ng-if="auth.currentUser.role.indexOf('reviewer') != -1" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-class="{'hide': result.status == 'not approved'}" ng-click="ctrl.toggleCheck(result, 'status', 'not approve')">not approve</a></li>
- -->
+ <li role="menuitem" ng-if="auth.currentUser.openid == result.owner" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-class="{'hide': result.status == 'private'}" ng-click="ctrl.toPrivate(result, 'private')">withdraw submit</a></li>
+ <li role="menuitem" ng-if="auth.currentUser.openid == result.owner" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-class="{'hide': result.status != 'private'}" ng-click="ctrl.toReview(result, 'review')">submit to review</a></li>
+ <li role="menuitem" ng-if="auth.currentUser.role.indexOf('administrator') != -1" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-class="{'hide': result.status == 'approved' || result.status == 'private'}" ng-click="ctrl.toggleCheck(result, 'status', 'approved')">approve</a></li>
+ <li role="menuitem" ng-if="auth.currentUser.role.indexOf('administrator') != -1" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-class="{'hide': result.status == 'not approved' || result.status == 'private'}" ng-click="ctrl.toggleCheck(result, 'status', 'not approved')">not approve</a></li>
<li role="menuitem" ng-if="auth.currentUser.openid == result.owner" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-click="ctrl.openSharedModal(result)">share with</a></li>
<li role="menuitem" ng-if="auth.currentUser.openid == result.owner" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-click="ctrl.deleteTest(result._id)">delete</a></li>
</ul>
@@ -88,6 +87,7 @@
</uib-pagination>
</div>
</div>
+
</div>
<div ng-show="ctrl.showError" class="alert alert-danger" role="alert">
<span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span>
diff --git a/cvp/opnfv_testapi/resources/test_handlers.py b/cvp/opnfv_testapi/resources/test_handlers.py
index 2baa2943..161585ef 100644
--- a/cvp/opnfv_testapi/resources/test_handlers.py
+++ b/cvp/opnfv_testapi/resources/test_handlers.py
@@ -188,21 +188,49 @@ class TestsGURHandler(GenericTestHandler):
query = {'_id': objectid.ObjectId(_id)}
db_keys = ['_id', ]
+
+ test = yield dbapi.db_find_one("tests", query)
+ if not test:
+ msg = 'Record does not exist'
+ self.finish_request({'code': 404, 'msg': msg})
+ return
+
curr_user = self.get_secure_cookie(auth_const.OPENID)
- if item in {"shared", "label", "status"}:
+ if item in {"shared", "label"}:
query['owner'] = curr_user
db_keys.append('owner')
- if item == "status" and value == "review":
- test = yield dbapi.db_find_one("tests", query)
- if test:
+ if item == "status":
+ if value in {'approved', 'not approved'}:
+ if test['status'] == 'private':
+ msg = 'Not allowed to approve/not approve'
+ self.finish_request({'code': 403, 'msg': msg})
+ return
+
+ user = yield dbapi.db_find_one("users", {'openid': curr_user})
+ if 'administrator' not in user['role']:
+ msg = 'No permission to operate'
+ self.finish_request({'code': 403, 'msg': msg})
+ return
+ elif value == 'review':
+ if test['status'] != 'private':
+ msg = 'Not allowed to submit to review'
+ self.finish_request({'code': 403, 'msg': msg})
+ return
+
+ query['owner'] = curr_user
+ db_keys.append('owner')
+
test_query = {'id': test['id'], 'status': 'review'}
record = yield dbapi.db_find_one("tests", test_query)
if record:
- msg = ('{} has already submitted one record with the same'
+ msg = ('{} has already submitted one record with the same '
'Test ID: {}'.format(record['owner'], test['id']))
self.finish_request({'code': 403, 'msg': msg})
return
+ else:
+ query['owner'] = curr_user
+ db_keys.append('owner')
logging.debug("before _update 2")
self._update(query=query, db_keys=db_keys)