Merge pull request #80 from dod-ccpo/158874759-validate-pe-number

Validate PE number
2018-07-20 14:11:21 -04:00
parent e7f1762fb4 7f972f8db0
commit ef1f2224e9
12 changed files with 243 additions and 44 deletions
--- a/atst/app.py
+++ b/atst/app.py
@@ -58,19 +58,31 @@ def make_app(config, deps, **kwargs):
        url(
            r"/requests/new",
            RequestNew,
-            {"page": "requests_new", "requests_client": deps["requests_client"]},
+            {
+                "page": "requests_new",
+                "requests_client": deps["requests_client"],
+                "fundz_client": deps["fundz_client"],
+            },
            name="request_new",
        ),
        url(
            r"/requests/new/([0-9])",
            RequestNew,
-            {"page": "requests_new", "requests_client": deps["requests_client"]},
+            {
+                "page": "requests_new",
+                "requests_client": deps["requests_client"],
+                "fundz_client": deps["fundz_client"],
+            },
            name="request_form_new",
        ),
        url(
            r"/requests/new/([0-9])/(\S+)",
            RequestNew,
-            {"page": "requests_new", "requests_client": deps["requests_client"]},
+            {
+                "page": "requests_new",
+                "requests_client": deps["requests_client"],
+                "fundz_client": deps["fundz_client"],
+            },
            name="request_form_update",
        ),
        url(
@@ -128,6 +140,10 @@ def make_deps(config):
            api_version="v1",
            validate_cert=validate_cert,
        ),
+        "fundz_client": ApiClient(
+            config["default"]["FUNDZ_BASE_URL"],
+            validate_cert=validate_cert,
+        ),
        "requests_client": ApiClient(
            config["default"]["REQUESTS_QUEUE_BASE_URL"],
            api_version="v1",
--- a/atst/forms/financial.py
+++ b/atst/forms/financial.py
@@ -1,12 +1,40 @@
+import tornado
+from tornado.gen import Return
 from wtforms.fields.html5 import EmailField
 from wtforms.fields import StringField, SelectField
+from wtforms.form import Form
 from wtforms.validators import Required, Email
-from wtforms_tornado import Form

 from .fields import NewlineListField
+from .forms import ValidatedForm


-class FinancialForm(Form):
+@tornado.gen.coroutine
+def validate_pe_id(field, existing_request, fundz_client):
+    response = yield fundz_client.get(
+        "/pe-number/{}".format(field.data),
+        raise_error=False,
+    )
+    if not response.ok:
+        field.errors.append(
+            "We couldn't find that PE number, but if you have double checked "
+            "it you can submit anyway. Your request will need to go through a "
+            "manual review."
+        )
+        return False
+
+    return True
+
+
+class FinancialForm(ValidatedForm):
+
+    @tornado.gen.coroutine
+    def perform_extra_validation(self, existing_request, fundz_client):
+        valid = True
+        if not existing_request or existing_request.get('pe_id') != self.pe_id.data:
+            valid = yield validate_pe_id(self.pe_id, existing_request, fundz_client)
+        raise Return(valid)
+
    task_order_id = StringField(
        "Task Order Number associated with this request.", validators=[Required()]
    )
--- a/atst/forms/forms.py
+++ b/atst/forms/forms.py
@@ -0,0 +1,12 @@
+import tornado
+from tornado.gen import Return
+from wtforms_tornado import Form
+
+
+class ValidatedForm(Form):
+
+    @tornado.gen.coroutine
+    def perform_extra_validation(self, *args, **kwargs):
+        """A coroutine that performs any applicable extra validation. Must
+        return True if the form is valid or False otherwise."""
+        raise Return(True)
--- a/atst/forms/org.py
+++ b/atst/forms/org.py
@@ -1,13 +1,13 @@
 from wtforms.fields.html5 import EmailField, TelField
 from wtforms.fields import RadioField, StringField
 from wtforms.validators import Required, Email
-from wtforms_tornado import Form
 import pendulum
 from .fields import DateField
+from .forms import ValidatedForm
 from .validators import DateRange, PhoneNumber, Alphabet


-class OrgForm(Form):
+class OrgForm(ValidatedForm):
    fname_request = StringField("First Name", validators=[Required(), Alphabet()])
    lname_request = StringField("Last Name", validators=[Required(), Alphabet()])

--- a/atst/forms/poc.py
+++ b/atst/forms/poc.py
@@ -1,10 +1,10 @@
 from wtforms.fields import StringField
 from wtforms.validators import Required, Email, Length
-from wtforms_tornado import Form
+from .forms import ValidatedForm
 from .validators import IsNumber, Alphabet


-class POCForm(Form):
+class POCForm(ValidatedForm):
    fname_poc = StringField("POC First Name", validators=[Required(), Alphabet()])
    lname_poc = StringField("POC Last Name", validators=[Required(), Alphabet()])

--- a/atst/forms/request.py
+++ b/atst/forms/request.py
@@ -1,13 +1,13 @@
 from wtforms.fields.html5 import IntegerField
 from wtforms.fields import RadioField, StringField, TextAreaField
 from wtforms.validators import NumberRange, InputRequired
-from wtforms_tornado import Form
 from .fields import DateField
+from .forms import ValidatedForm
 from .validators import DateRange
 import pendulum


-class RequestForm(Form):
+class RequestForm(ValidatedForm):

    # Details of Use: Overall Request Details
    dollar_value = IntegerField(
--- a/atst/forms/review.py
+++ b/atst/forms/review.py
@@ -1,6 +1,7 @@
 from wtforms.fields import BooleanField
-from wtforms_tornado import Form
+
+from .forms import ValidatedForm


-class ReviewForm(Form):
+class ReviewForm(ValidatedForm):
    reviewed = BooleanField("I have reviewed this data and it is correct.")
--- a/atst/handlers/request_new.py
+++ b/atst/handlers/request_new.py
@@ -10,9 +10,17 @@ from atst.forms.financial import FinancialForm


 class RequestNew(BaseHandler):
-    def initialize(self, page, requests_client):
+    def initialize(self, page, requests_client, fundz_client):
        self.page = page
        self.requests_client = requests_client
+        self.fundz_client = fundz_client
+
+    @tornado.gen.coroutine
+    def get_existing_request(self, request_id):
+        if request_id is None:
+            return {}
+        request = yield self.requests_client.get("/requests/{}".format(request_id))
+        return request.json

    @tornado.web.authenticated
    @tornado.gen.coroutine
@@ -20,29 +28,51 @@ class RequestNew(BaseHandler):
        self.check_xsrf_cookie()
        screen = int(screen)
        post_data = self.request.arguments
+        current_user = self.get_current_user()
+        existing_request = yield self.get_existing_request(request_id)
        jedi_flow = JEDIRequestFlow(
-            self.requests_client, screen, post_data=post_data, request_id=request_id
+            self.requests_client,
+            self.fundz_client,
+            screen,
+            post_data=post_data,
+            request_id=request_id,
+            current_user=current_user,
+            existing_request=existing_request,
+        )
+
+        rerender_args = dict(
+            f=jedi_flow.form,
+            data=post_data,
+            page=self.page,
+            screens=jedi_flow.screens,
+            current=screen,
+            next_screen=jedi_flow.next_screen,
+            request_id=jedi_flow.request_id,
        )

        if jedi_flow.validate():
-            response = yield jedi_flow.create_or_update_request(self.get_current_user())
+            response = yield jedi_flow.create_or_update_request()
            if response.ok:
-                where = self.application.default_router.reverse_url(
-                    "request_form_update", str(screen + 1), jedi_flow.request_id
-                )
-                self.redirect(where)
+                valid = yield jedi_flow.validate_warnings()
+                if valid:
+                    if jedi_flow.next_screen >= len(jedi_flow.screens):
+                        where = "/requests"
+                    else:
+                        where = self.application.default_router.reverse_url(
+                            "request_form_update", jedi_flow.next_screen, jedi_flow.request_id
+                        )
+                    self.redirect(where)
+                else:
+                    self.render(
+                        "requests/screen-%d.html.to" % int(screen),
+                        **rerender_args
+                    )
            else:
                self.set_status(response.code)
        else:
            self.render(
                "requests/screen-%d.html.to" % int(screen),
-                f=jedi_flow.form,
-                data=post_data,
-                page=self.page,
-                screens=jedi_flow.screens,
-                current=screen,
-                next_screen=jedi_flow.next_screen,
-                request_id=jedi_flow.request_id,
+                **rerender_args
            )

    @tornado.web.authenticated
@@ -60,7 +90,7 @@ class RequestNew(BaseHandler):
                request = response.json

        jedi_flow = JEDIRequestFlow(
-            self.requests_client, screen, request, request_id=request_id
+            self.requests_client, self.fundz_client, screen, request, request_id=request_id
        )

        self.render(
@@ -80,12 +110,16 @@ class JEDIRequestFlow(object):
    def __init__(
        self,
        requests_client,
+        fundz_client,
        current_step,
        request=None,
        post_data=None,
        request_id=None,
+        current_user=None,
+        existing_request=None,
    ):
        self.requests_client = requests_client
+        self.fundz_client = fundz_client

        self.current_step = current_step
        self.request = request
@@ -96,6 +130,9 @@ class JEDIRequestFlow(object):
        self.request_id = request_id
        self.form = self._form()

+        self.current_user = current_user
+        self.existing_request = existing_request
+
    def _form(self):
        if self.is_post:
            return self.form_class()(self.post_data)
@@ -107,6 +144,14 @@ class JEDIRequestFlow(object):
    def validate(self):
        return self.form.validate()

+    @tornado.gen.coroutine
+    def validate_warnings(self):
+        valid = yield self.form.perform_extra_validation(
+            self.existing_request.get('body', {}).get(self.form_section),
+            self.fundz_client,
+        )
+        return valid
+
    @property
    def current_screen(self):
        return self.screens[self.current_step - 1]
@@ -185,9 +230,9 @@ class JEDIRequestFlow(object):
        ]

    @tornado.gen.coroutine
-    def create_or_update_request(self, user):
+    def create_or_update_request(self):
        request_data = {
-            "creator_id": user["id"],
+            "creator_id": self.current_user["id"],
            "request": {self.form_section: self.form.data},
        }
        if self.request_id: