pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

use existing Requests function for creator check

Browse Source
This commit is contained in:
dandds 2018-08-08 14:11:11 -04:00
parent 337dd2414b
commit 2b56ce6260
3 changed files with 12 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
atst/domain/requests.py
View File

@ -42,11 +42,14 @@ class Requests(object):
@classmethod @classmethod
def exists(cls, request_id, creator_id): def exists(cls, request_id, creator_id):
return db.session.query( try:
exists().where( return db.session.query(
and_(Request.id == request_id, Request.creator == creator_id) exists().where(
) and_(Request.id == request_id, Request.creator == creator_id)
).scalar() )
).scalar()
except exc.DataError:
return False
@classmethod @classmethod
def get(cls, request_id): def get(cls, request_id):
@ -143,11 +146,3 @@ class Requests(object):
return request.status == "incomplete" and all( return request.status == "incomplete" and all(
section in existing_request_sections for section in all_request_sections section in existing_request_sections for section in all_request_sections
) )
@classmethod
def is_creator(cls, request_id, user_id):
try:
db.session.query(Request).filter_by(id=request_id, creator=user_id).one()
return True
except (NoResultFound, exc.DataError):
return False

2
atst/routes/requests/requests_form.py
View File

@ -111,7 +111,7 @@ def requests_submit(request_id=None):
def _check_can_view_request(request_id): def _check_can_view_request(request_id):
if Permissions.REVIEW_AND_APPROVE_JEDI_WORKSPACE_REQUEST in g.current_user.atat_permissions: if Permissions.REVIEW_AND_APPROVE_JEDI_WORKSPACE_REQUEST in g.current_user.atat_permissions:
pass pass
elif Requests.is_creator(request_id, g.current_user.id): elif Requests.exists(request_id, g.current_user.id):
pass pass
else: else:
raise UnauthorizedError(g.current_user, "view request {}".format(request_id)) raise UnauthorizedError(g.current_user, "view request {}".format(request_id))

6
tests/domain/test_requests.py
View File

@ -50,9 +50,9 @@ def test_dont_auto_approve_if_no_dollar_value_specified(new_request):
assert request.status == RequestStatus.PENDING_CCPO_APPROVAL assert request.status == RequestStatus.PENDING_CCPO_APPROVAL
def test_can_check_if_user_created_request(session): def test_exists(session):
user_allowed = UserFactory.create() user_allowed = UserFactory.create()
user_denied = UserFactory.create() user_denied = UserFactory.create()
request = RequestFactory.create(creator=user_allowed.id) request = RequestFactory.create(creator=user_allowed.id)
assert Requests.is_creator(request.id, user_allowed.id) assert Requests.exists(request.id, user_allowed.id)
assert not Requests.is_creator(request.id, user_denied.id) assert not Requests.exists(request.id, user_denied.id)