Requests domain module can determine if user can view request

2018-08-07 15:40:51 -04:00 · 2018-08-07 15:40:51 -04:00 · 1a5800cbc5
commit 1a5800cbc5
parent 2030b4d318
3 changed files with 23 additions and 4 deletions
--- a/atst/domain/requests.py
+++ b/atst/domain/requests.py
@ -143,3 +143,11 @@ class Requests(object):
        return request.status == "incomplete" and all(
            section in existing_request_sections for section in all_request_sections
        )
+
+    @classmethod
+    def is_creator(cls, request_id, user_id):
+        try:
+            db.session.query(Request).filter_by(id=request_id, creator=user_id).one()
+            return True
+        except NoResultFound:
+            return False
--- a/tests/domain/test_requests.py
+++ b/tests/domain/test_requests.py
@ -5,7 +5,7 @@ from atst.domain.exceptions import NotFoundError
 from atst.domain.requests import Requests
 from atst.models.request_status_event import RequestStatus

-from tests.factories import RequestFactory
+from tests.factories import RequestFactory, UserFactory


@pytest.fixture(scope="function")
@ -48,3 +48,11 @@ def test_dont_auto_approve_if_no_dollar_value_specified(new_request):
    request = Requests.submit(new_request)

    assert request.status == RequestStatus.PENDING_CCPO_APPROVAL
+
+
+def test_can_check_if_user_created_request(session):
+    user_allowed = UserFactory.create()
+    user_denied = UserFactory.create()
+    request = RequestFactory.create(creator=user_allowed.id)
+    assert Requests.is_creator(request.id, user_allowed.id)
+    assert not Requests.is_creator(request.id, user_denied.id)
--- a/tests/factories.py
+++ b/tests/factories.py
@ -1,3 +1,5 @@
+import random
+import string
 import factory
 from uuid import uuid4

@ -46,7 +48,8 @@ class UserFactory(factory.alchemy.SQLAlchemyModelFactory):
        model = User

    id = factory.Sequence(lambda x: uuid4())
-    email = "fake.user@mail.com"
-    first_name = "Fake"
-    last_name = "User"
+    email = factory.Faker("email")
+    first_name = factory.Faker("first_name")
+    last_name = factory.Faker("last_name")
    atat_role = factory.SubFactory(RoleFactory)
+    dod_id = factory.LazyFunction(lambda: "".join(random.choices(string.digits, k=10)))