From dbb61e3c9417815d622898cffca15a04025cf308 Mon Sep 17 00:00:00 2001 From: Sushil Tiwari Date: Thu, 30 May 2024 17:12:47 +0545 Subject: [PATCH] fix pr changes --- apps/analysis_framework/mutation.py | 6 ++-- apps/analysis_framework/serializers.py | 28 ++++++++++--------- .../tests/test_mutations.py | 9 ++++-- schema.graphql | 2 +- 4 files changed, 26 insertions(+), 19 deletions(-) diff --git a/apps/analysis_framework/mutation.py b/apps/analysis_framework/mutation.py index b7a11b796d..2ff0a81598 100644 --- a/apps/analysis_framework/mutation.py +++ b/apps/analysis_framework/mutation.py @@ -17,7 +17,7 @@ AnalysisFrameworkMembership, ) from .serializers import ( - AnalysisFrameworkCloneGlSerializer, + AnalysisFrameworkCloneSerializer, AnalysisFrameworkGqlSerializer as AnalysisFrameworkSerializer, AnalysisFrameworkMembershipGqlSerializer as AnalysisFrameworkMembershipSerializer, ) @@ -39,7 +39,7 @@ AnalysisFrameworkCloneInputType = generate_input_type_for_serializer( 'AnalysisFrameworkCloneInputType', - serializer_class=AnalysisFrameworkCloneGlSerializer, + serializer_class=AnalysisFrameworkCloneSerializer, ) @@ -107,7 +107,7 @@ class Arguments: data = AnalysisFrameworkCloneInputType(required=True) result = graphene.Field(AnalysisFrameworkDetailType) - serializer_class = AnalysisFrameworkCloneGlSerializer + serializer_class = AnalysisFrameworkCloneSerializer permissions = [AfP.Permission.CAN_CLONE_FRAMEWORK] diff --git a/apps/analysis_framework/serializers.py b/apps/analysis_framework/serializers.py index 5334528d7d..5250ac2f96 100644 --- a/apps/analysis_framework/serializers.py +++ b/apps/analysis_framework/serializers.py @@ -710,26 +710,28 @@ def create(self, validated_data): return super().create(validated_data) -class AnalysisFrameworkCloneGlSerializer(serializers.Serializer): +class AnalysisFrameworkCloneSerializer(serializers.Serializer): title = serializers.CharField(required=True) description = serializers.CharField(required=False) - project = serializers.IntegerField(required=False) + project = serializers.PrimaryKeyRelatedField(queryset=Project.objects.all(), required=False) class Meta: model = AnalysisFramework fields = ('title', 'description', 'project') - def validate(self, validated_data): - project_id = validated_data.get('project') - # Check if project exists and user has access to it - if project_id is not None: - project = Project.objects.filter(id=project_id).first() - if project is None: - raise serializers.ValidationError('Invalid project ID') - if not project.can_modify(self.context['request'].user): - raise serializers.ValidationError('User does not have permission to modify the project') - validated_data['project'] = project - return validated_data + # def validate(self, validated_data): + # project = validated_data.get('project') + # # Check if project exists and user has access to it + # if project is not None: + # if not project.can_modify(self.context['request'].user): + # raise serializers.ValidationError('User does not have permission to modify the project') + # validated_data['project'] = project + # return validated_data + + def validate_project(self, project): + if not project.can_modify(self.context['request'].user): + raise serializers.ValidationError('User does not have permission to modify the project') + return project def create(self, validated_data): af = self.context['request'].active_af diff --git a/apps/analysis_framework/tests/test_mutations.py b/apps/analysis_framework/tests/test_mutations.py index 9e8d79c79b..cf19541550 100644 --- a/apps/analysis_framework/tests/test_mutations.py +++ b/apps/analysis_framework/tests/test_mutations.py @@ -795,11 +795,13 @@ def test_analysis_framework_clone(self): member_user = UserFactory.create() non_member_user = UserFactory.create() + low_permission_user = UserFactory.create() project = ProjectFactory.create() project.add_member(member_user) + project.add_member(low_permission_user) af = AnalysisFrameworkFactory.create(created_by=member_user, title='AF Orginal') - af.add_member(member_user) + af.add_member(member_user, role=self.af_owner) minput = dict( title='AF (TEST)', @@ -825,7 +827,6 @@ def _query_check(**kwargs): # ---------- With login (with access member) self.force_login(member_user) response = _query_check() - self.assertMatchSnapshot(response, 'success') self.assertEqual(response['data']['analysisFramework']['analysisFrameworkClone']['result']['clonedFrom'], str(af.id)) # adding project to the input @@ -835,6 +836,10 @@ def _query_check(**kwargs): self.force_login(non_member_user) _query_check(assert_for_error=True) + # with Login (project member with no permission on AF) + self.force_login(low_permission_user) + _query_check(assert_for_error=True) + # With Login (project member) self.force_login(member_user) response = _query_check()['data']['analysisFramework'] diff --git a/schema.graphql b/schema.graphql index 30f4cbf027..8527a6e46c 100644 --- a/schema.graphql +++ b/schema.graphql @@ -57,7 +57,7 @@ type AnalysisAutomaticSummaryType { input AnalysisFrameworkCloneInputType { title: String! description: String - project: Int + project: ID } type AnalysisFrameworkDetailType {