diff --git a/openslides/assignments/models.py b/openslides/assignments/models.py index a3638bcee..95435f593 100644 --- a/openslides/assignments/models.py +++ b/openslides/assignments/models.py @@ -56,9 +56,9 @@ class AssignmentRelatedUser(RESTModelMixin, models.Model): class Assignment(RESTModelMixin, SlideMixin, AbsoluteUrlMixin, models.Model): slide_callback_name = 'assignment' - PHASE_SEARCH = 1 - PHASE_VOTING = 2 - PHASE_FINISHED = 3 + PHASE_SEARCH = 0 + PHASE_VOTING = 1 + PHASE_FINISHED = 2 PHASES = ( (PHASE_SEARCH, ugettext_lazy('Searching for candidates')), diff --git a/openslides/assignments/serializers.py b/openslides/assignments/serializers.py index e18569b3e..dcb5ce7fd 100644 --- a/openslides/assignments/serializers.py +++ b/openslides/assignments/serializers.py @@ -102,7 +102,7 @@ class AssignmentFullSerializer(ModelSerializer): """ Serializer for assignment.models.Assignment objects. With all polls. """ - related_users = AssignmentRelatedUserSerializer(many=True, read_only=True) + assignment_related_users = AssignmentRelatedUserSerializer(many=True, read_only=True) polls = AssignmentAllPollSerializer(many=True, read_only=True) class Meta: @@ -113,7 +113,7 @@ class AssignmentFullSerializer(ModelSerializer): 'description', 'open_posts', 'phase', - 'related_users', + 'assignment_related_users', 'poll_description_default', 'polls', 'tags',) @@ -123,7 +123,7 @@ class AssignmentShortSerializer(AssignmentFullSerializer): """ Serializer for assignment.models.Assignment objects. Without unpublished poll. """ - related_users = AssignmentRelatedUserSerializer(many=True, read_only=True) + assignment_related_users = AssignmentRelatedUserSerializer(many=True, read_only=True) polls = AssignmentShortPollSerializer(many=True, read_only=True) class Meta: @@ -134,7 +134,7 @@ class AssignmentShortSerializer(AssignmentFullSerializer): 'description', 'open_posts', 'phase', - 'related_users', + 'assignment_related_users', 'poll_description_default', 'polls', 'tags',) diff --git a/openslides/assignments/views.py b/openslides/assignments/views.py index 915f6d96c..5c4d3eafe 100644 --- a/openslides/assignments/views.py +++ b/openslides/assignments/views.py @@ -14,7 +14,7 @@ from openslides.config.api import config from openslides.users.models import Group, User # TODO: remove this from openslides.poll.views import PollFormView from openslides.utils.pdf import stylesheet -from openslides.utils.rest_api import ModelViewSet +from openslides.utils.rest_api import ModelViewSet, Response, ValidationError, detail_route from openslides.utils.utils import html_strong from openslides.utils.views import (CreateView, DeleteView, DetailView, ListView, PDFView, @@ -217,7 +217,8 @@ class AssignmentDeleteCandidateshipOtherView(SingleObjectMixin, QuestionView): class AssignmentViewSet(ModelViewSet): """ - API endpoint to list, retrieve, create, update and destroy assignments. + API endpoint to list, retrieve, create, update and destroy assignments and + to manage candidatures. """ queryset = Assignment.objects.all() @@ -242,6 +243,139 @@ class AssignmentViewSet(ModelViewSet): serializer_class = AssignmentShortSerializer return serializer_class + @detail_route(methods=['post', 'delete']) + def candidature_self(self, request, pk=None): + """ + View to nominate self as candidate (POST) or withdraw own candidature + (DELETE). + """ + if not request.user.has_perm('assignments.can_nominate_self'): + self.permission_denied(request) + assignment = self.get_object() + if assignment.is_elected(request.user): + raise ValidationError({'detail': _('You are already elected.')}) + if request.method == 'POST': + message = self.nominate_self(request, assignment) + else: + # request.method == 'DELETE' + message = self.withdraw_self(request, assignment) + return Response({'detail': message}) + + def nominate_self(self, request, assignment): + if assignment.phase == assignment.PHASE_FINISHED: + raise ValidationError({'detail': _('You can not candidate to this election because it is finished.')}) + if assignment.phase == assignment.PHASE_VOTING and not request.user.has_perm('assignments.can_manage'): + # To nominate self during voting you have to be a manager. + self.permission_denied(request) + # If the request.user is already a candidate he can nominate himself nevertheless. + assignment.set_candidate(request.user) + return _('You were nominated successfully.') + + def withdraw_self(self, request, assignment): + # Withdraw candidature and set self blocked. + if assignment.phase == assignment.PHASE_FINISHED: + raise ValidationError({'detail': _('You can not withdraw your candidature to this election because it is finished.')}) + if assignment.phase == assignment.PHASE_VOTING and not request.user.has_perm('assignments.can_manage'): + # To withdraw self during voting you have to be a manager. + self.permission_denied(request) + if not assignment.is_candidate(request.user): + raise ValidationError({'detail': _('You are not a candidate of this election.')}) + assignment.set_blocked(request.user) + return _( + 'You have withdrawn your candidature successfully. ' + 'You can not be nominated by other participants anymore.') + + def get_user_from_request_data(self, request): + """ + Helper method to get a specific user from request data (not the + request.user) so that the views self.candidature_other or + self.mark_elected can play with him. + """ + if not isinstance(request.data, dict): + detail = _('Invalid data. Expected dictionary, got %s.') % type(request.data) + raise ValidationError({'detail': detail}) + user_str = request.data.get('user', '') + try: + user_pk = int(user_str) + except ValueError: + raise ValidationError({'detail': _('Invalid data. Expected something like {"user": }.')}) + try: + user = User.objects.get(pk=user_pk) + except User.DoesNotExist: + raise ValidationError({'detail': _('Invalid data. User %d does not exist.') % user_pk}) + return user + + @detail_route(methods=['post', 'delete']) + def candidature_other(self, request, pk=None): + """ + View to nominate other users (POST) or delete their candidature + status (DELETE). The client has to send {'user': }. + """ + if not request.user.has_perm('assignments.can_nominate_other'): + self.permission_denied(request) + user = self.get_user_from_request_data(request) + assignment = self.get_object() + if assignment.is_elected(user): + raise ValidationError({'detail': _('User %s is already elected.') % user}) + if request.method == 'POST': + message = self.nominate_other(request, user, assignment) + else: + # request.method == 'DELETE' + message = self.delete_other(request, user, assignment) + return Response({'detail': message}) + + def nominate_other(self, request, user, assignment): + if assignment.phase == assignment.PHASE_FINISHED: + detail = _('You can not nominate someone to this election because it is finished.') + raise ValidationError({'detail': detail}) + if assignment.phase == assignment.PHASE_VOTING and not request.user.has_perm('assignments.can_manage'): + # To nominate other during voting you have to be a manager. + self.permission_denied(request) + if not request.user.has_perm('assignments.can_manage'): + if assignment.is_blocked(user): + raise ValidationError({'detail': _('User %s does not want to be an candidate.') % user}) + if assignment.is_elected(user): + raise ValidationError({'detail': _('User %s is already elected.') % user}) + # If the user is already a candidate he can be nominated nevertheless. + assignment.set_candidate(user) + return _('User %s was nominated successfully.') % user + + def delete_other(self, request, user, assignment): + # To delete candidature status you have to be a manager. + if not request.user.has_perm('assignments.can_manage'): + self.permission_denied(request) + if assignment.phase == assignment.PHASE_FINISHED: + detail = _('You can not delete someones candidature to this election because it is finished.') + raise ValidationError({'detail': detail}) + if not assignment.is_candidate(user) and not assignment.is_blocked(user): + raise ValidationError({'detail': _('User %s has no status in this election.') % user}) + assignment.delete_related_user(user) + return _('Candidate %s was withdrawn/unblocked successfully.') % user + + @detail_route(methods=['post', 'delete']) + def mark_elected(self, request, pk=None): + """ + View to mark other users as elected (POST) undo this (DELETE). The + client has to send {'user': }. + """ + if not request.user.has_perm('assignments.can_manage'): + self.permission_denied(request) + user = self.get_user_from_request_data(request) + assignment = self.get_object() + if request.method == 'POST': + if not assignment.is_candidate(user): + raise ValidationError({'detail': _('User %s is not a candidate of this election.') % user}) + assignment.set_elected(user) + message = _('User %s was successfully elected.') % user + else: + # request.method == 'DELETE' + if not assignment.is_elected(user): + detail = _('User %s is not an elected candidate of this election.') % user + raise ValidationError({'detail': detail}) + assignment.set_candidate(user) + message = _('User %s was successfully unelected.') % user + return Response({'detail': message}) + class PollCreateView(SingleObjectMixin, RedirectView): required_permission = 'assignments.can_manage' diff --git a/openslides/utils/rest_api.py b/openslides/utils/rest_api.py index e5663da14..958d7981a 100644 --- a/openslides/utils/rest_api.py +++ b/openslides/utils/rest_api.py @@ -3,6 +3,7 @@ import re from urllib.parse import urlparse from django.core.urlresolvers import reverse +from rest_framework.decorators import detail_route # noqa from rest_framework.serializers import ( # noqa CharField, ListSerializer, diff --git a/tests/integration/assignments/__init__.py b/tests/integration/assignments/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/tests/integration/assignments/test_viewset.py b/tests/integration/assignments/test_viewset.py new file mode 100644 index 000000000..4ab6abd4b --- /dev/null +++ b/tests/integration/assignments/test_viewset.py @@ -0,0 +1,277 @@ +from django.contrib.auth import get_user_model +from django.core.urlresolvers import reverse +from rest_framework.test import APIClient + +from openslides.assignments.models import Assignment +from openslides.utils.test import TestCase + + +class CanidatureSelf(TestCase): + """ + Tests self candidation view. + """ + def setUp(self): + self.client.login(username='admin', password='admin') + self.assignment = Assignment.objects.create(title='test_assignment_oikaengeijieh3ughiX7', open_posts=1) + + def test_nominate_self(self): + response = self.client.post(reverse('assignment-candidature-self', args=[self.assignment.pk])) + + self.assertEqual(response.status_code, 200) + self.assertTrue(Assignment.objects.get(pk=self.assignment.pk).candidates.filter(username='admin').exists()) + + def test_nominate_self_twice(self): + self.assignment.set_candidate(get_user_model().objects.get(username='admin')) + + response = self.client.post(reverse('assignment-candidature-self', args=[self.assignment.pk])) + + self.assertEqual(response.status_code, 200) + self.assertTrue(Assignment.objects.get(pk=self.assignment.pk).candidates.filter(username='admin').exists()) + + def test_nominate_self_when_finished(self): + self.assignment.set_phase(Assignment.PHASE_FINISHED) + self.assignment.save() + + response = self.client.post(reverse('assignment-candidature-self', args=[self.assignment.pk])) + + self.assertEqual(response.status_code, 400) + + def test_nominate_self_during_voting(self): + self.assignment.set_phase(Assignment.PHASE_VOTING) + self.assignment.save() + + response = self.client.post(reverse('assignment-candidature-self', args=[self.assignment.pk])) + + self.assertEqual(response.status_code, 200) + self.assertTrue(Assignment.objects.get(pk=self.assignment.pk).candidates.exists()) + + def test_nominate_self_during_voting_non_admin(self): + self.assignment.set_phase(Assignment.PHASE_VOTING) + self.assignment.save() + admin = get_user_model().objects.get(username='admin') + group_staff = admin.groups.get(name='Staff') + group_delegates = type(group_staff).objects.get(name='Delegates') + admin.groups.add(group_delegates) + admin.groups.remove(group_staff) + + response = self.client.post(reverse('assignment-candidature-self', args=[self.assignment.pk])) + + self.assertEqual(response.status_code, 403) + + def test_withdraw_self(self): + self.assignment.set_candidate(get_user_model().objects.get(username='admin')) + + response = self.client.delete(reverse('assignment-candidature-self', args=[self.assignment.pk])) + + self.assertEqual(response.status_code, 200) + self.assertFalse(Assignment.objects.get(pk=self.assignment.pk).candidates.filter(username='admin').exists()) + self.assertTrue(Assignment.objects.get(pk=self.assignment.pk).blocked.filter(username='admin').exists()) + + def test_withdraw_self_twice(self): + response = self.client.delete(reverse('assignment-candidature-self', args=[self.assignment.pk])) + + self.assertEqual(response.status_code, 400) + + def test_withdraw_self_when_finished(self): + self.assignment.set_candidate(get_user_model().objects.get(username='admin')) + self.assignment.set_phase(Assignment.PHASE_FINISHED) + self.assignment.save() + + response = self.client.delete(reverse('assignment-candidature-self', args=[self.assignment.pk])) + + self.assertEqual(response.status_code, 400) + + def test_withdraw_self_during_voting(self): + self.assignment.set_candidate(get_user_model().objects.get(username='admin')) + self.assignment.set_phase(Assignment.PHASE_VOTING) + self.assignment.save() + + response = self.client.delete(reverse('assignment-candidature-self', args=[self.assignment.pk])) + + self.assertEqual(response.status_code, 200) + self.assertFalse(Assignment.objects.get(pk=self.assignment.pk).candidates.exists()) + self.assertTrue(Assignment.objects.get(pk=self.assignment.pk).blocked.filter(username='admin').exists()) + + def test_withdraw_self_during_voting_non_admin(self): + self.assignment.set_candidate(get_user_model().objects.get(username='admin')) + self.assignment.set_phase(Assignment.PHASE_VOTING) + self.assignment.save() + admin = get_user_model().objects.get(username='admin') + group_staff = admin.groups.get(name='Staff') + group_delegates = type(group_staff).objects.get(name='Delegates') + admin.groups.add(group_delegates) + admin.groups.remove(group_staff) + + response = self.client.delete(reverse('assignment-candidature-self', args=[self.assignment.pk])) + + self.assertEqual(response.status_code, 403) + + +class CandidatureOther(TestCase): + def setUp(self): + self.client = APIClient() + self.client.login(username='admin', password='admin') + self.assignment = Assignment.objects.create(title='test_assignment_leiD6tiojigh1vei1ait', open_posts=1) + self.user = get_user_model().objects.create_user( + username='test_user_eeheekai4Phue6cahtho', + password='test_password_ThahXazeiV8veipeePh6') + + def test_invalid_data_empty_dict(self): + response = self.client.post( + reverse('assignment-candidature-other', args=[self.assignment.pk]), {}) + + self.assertEqual(response.status_code, 400) + + def test_invalid_data_string_instead_of_integer(self): + response = self.client.post( + reverse('assignment-candidature-other', args=[self.assignment.pk]), {'user': 'string_instead_of_integer'}) + + self.assertEqual(response.status_code, 400) + + def test_invalid_data_user_does_not_exist(self): + # ID of a user that does not exist. + # Be careful: Here we do not test that the user does not exist. + inexistent_user_pk = self.user.pk + 1000 + response = self.client.post( + reverse('assignment-candidature-other', args=[self.assignment.pk]), {'user': inexistent_user_pk}) + + self.assertEqual(response.status_code, 400) + + def test_nominate_other(self): + response = self.client.post( + reverse('assignment-candidature-other', args=[self.assignment.pk]), + {'user': self.user.pk}) + + self.assertEqual(response.status_code, 200) + self.assertTrue(Assignment.objects.get(pk=self.assignment.pk).candidates.filter(username='test_user_eeheekai4Phue6cahtho').exists()) + + def test_nominate_other_twice(self): + self.assignment.set_candidate(get_user_model().objects.get(username='test_user_eeheekai4Phue6cahtho')) + response = self.client.post( + reverse('assignment-candidature-other', args=[self.assignment.pk]), + {'user': self.user.pk}) + + self.assertEqual(response.status_code, 200) + self.assertTrue(Assignment.objects.get(pk=self.assignment.pk).candidates.filter(username='test_user_eeheekai4Phue6cahtho').exists()) + + def test_nominate_other_when_finished(self): + self.assignment.set_phase(Assignment.PHASE_FINISHED) + self.assignment.save() + + response = self.client.post( + reverse('assignment-candidature-other', args=[self.assignment.pk]), + {'user': self.user.pk}) + + self.assertEqual(response.status_code, 400) + + def test_nominate_other_during_voting(self): + self.assignment.set_phase(Assignment.PHASE_VOTING) + self.assignment.save() + + response = self.client.post( + reverse('assignment-candidature-other', args=[self.assignment.pk]), + {'user': self.user.pk}) + self.assertEqual(response.status_code, 200) + self.assertTrue(Assignment.objects.get(pk=self.assignment.pk).candidates.filter(username='test_user_eeheekai4Phue6cahtho').exists()) + + def test_nominate_other_during_voting_non_admin(self): + self.assignment.set_phase(Assignment.PHASE_VOTING) + self.assignment.save() + admin = get_user_model().objects.get(username='admin') + group_staff = admin.groups.get(name='Staff') + group_delegates = type(group_staff).objects.get(name='Delegates') + admin.groups.add(group_delegates) + admin.groups.remove(group_staff) + + response = self.client.post( + reverse('assignment-candidature-other', args=[self.assignment.pk]), + {'user': self.user.pk}) + + self.assertEqual(response.status_code, 403) + + def test_delete_other(self): + self.assignment.set_candidate(self.user) + response = self.client.delete( + reverse('assignment-candidature-other', args=[self.assignment.pk]), + {'user': self.user.pk}) + + self.assertEqual(response.status_code, 200) + self.assertFalse(Assignment.objects.get(pk=self.assignment.pk).candidates.filter(username='test_user_eeheekai4Phue6cahtho').exists()) + + def test_delete_other_twice(self): + response = self.client.delete( + reverse('assignment-candidature-other', args=[self.assignment.pk]), + {'user': self.user.pk}) + + self.assertEqual(response.status_code, 400) + + def test_delete_other_when_finished(self): + self.assignment.set_candidate(self.user) + self.assignment.set_phase(Assignment.PHASE_FINISHED) + self.assignment.save() + + response = self.client.delete( + reverse('assignment-candidature-other', args=[self.assignment.pk]), + {'user': self.user.pk}) + + self.assertEqual(response.status_code, 400) + + def test_delete_other_during_voting(self): + self.assignment.set_candidate(self.user) + self.assignment.set_phase(Assignment.PHASE_VOTING) + self.assignment.save() + + response = self.client.delete( + reverse('assignment-candidature-other', args=[self.assignment.pk]), + {'user': self.user.pk}) + + self.assertEqual(response.status_code, 200) + self.assertFalse(Assignment.objects.get(pk=self.assignment.pk).candidates.filter(username='test_user_eeheekai4Phue6cahtho').exists()) + + def test_delete_other_during_voting_non_admin(self): + self.assignment.set_candidate(self.user) + self.assignment.set_phase(Assignment.PHASE_VOTING) + self.assignment.save() + admin = get_user_model().objects.get(username='admin') + group_staff = admin.groups.get(name='Staff') + group_delegates = type(group_staff).objects.get(name='Delegates') + admin.groups.add(group_delegates) + admin.groups.remove(group_staff) + + response = self.client.delete( + reverse('assignment-candidature-other', args=[self.assignment.pk]), + {'user': self.user.pk}) + + self.assertEqual(response.status_code, 403) + + +class MarkElectedOtherUser(TestCase): + """ + Tests marking an elected user. We use an extra user here to show that + admin can not only mark himself but also other users. + """ + def setUp(self): + self.client = APIClient() + self.client.login(username='admin', password='admin') + self.assignment = Assignment.objects.create(title='test_assignment_Ierohsh8rahshofiejai', open_posts=1) + self.user = get_user_model().objects.create_user( + username='test_user_Oonei3rahji5jugh1eev', + password='test_password_aiphahb5Nah0cie4iP7o') + + def test_mark_elected(self): + self.assignment.set_candidate(get_user_model().objects.get(username='test_user_Oonei3rahji5jugh1eev')) + response = self.client.post( + reverse('assignment-mark-elected', args=[self.assignment.pk]), + {'user': self.user.pk}) + + self.assertEqual(response.status_code, 200) + self.assertTrue(Assignment.objects.get(pk=self.assignment.pk).elected.filter(username='test_user_Oonei3rahji5jugh1eev').exists()) + + def test_mark_unelected(self): + self.assignment.set_elected(get_user_model().objects.get(username='test_user_Oonei3rahji5jugh1eev')) + response = self.client.delete( + reverse('assignment-mark-elected', args=[self.assignment.pk]), + {'user': self.user.pk}) + + self.assertEqual(response.status_code, 200) + self.assertFalse(Assignment.objects.get(pk=self.assignment.pk).elected.filter(username='test_user_Oonei3rahji5jugh1eev').exists())