Add an API for teams (#1562)

* Add Team resource to API * Add team memer endpoints * Add team invites endpoint * Add token endpoints
2026-05-03 14:54:04 +00:00 · 2020-01-25 15:22:50 +01:00
parent 57453a5b00
commit 5e61342ff5
8 changed files with 1257 additions and 7 deletions
--- a/src/tests/api/conftest.py
+++ b/src/tests/api/conftest.py
@@ -71,6 +71,8 @@ def event3(organizer, meta_prop):
 def team(organizer):
    return Team.objects.create(
        organizer=organizer,
+        name="Test-Team",
+        can_change_teams=True,
        can_manage_gift_cards=True,
        can_change_items=True,
        can_create_events=True,
--- a/src/tests/api/test_permissions.py
+++ b/src/tests/api/test_permissions.py
@@ -142,6 +142,21 @@ org_permission_sub_urls = [
    ('get', 'can_manage_gift_cards', 'giftcards/1/', 404),
    ('put', 'can_manage_gift_cards', 'giftcards/1/', 404),
    ('patch', 'can_manage_gift_cards', 'giftcards/1/', 404),
+    ('get', 'can_change_teams', 'teams/', 200),
+    ('post', 'can_change_teams', 'teams/', 400),
+    ('get', 'can_change_teams', 'teams/{team_id}/', 200),
+    ('put', 'can_change_teams', 'teams/{team_id}/', 400),
+    ('patch', 'can_change_teams', 'teams/{team_id}/', 200),
+    ('get', 'can_change_teams', 'teams/{team_id}/members/', 200),
+    ('delete', 'can_change_teams', 'teams/{team_id}/members/2/', 404),
+    ('get', 'can_change_teams', 'teams/{team_id}/invites/', 200),
+    ('get', 'can_change_teams', 'teams/{team_id}/invites/2/', 404),
+    ('delete', 'can_change_teams', 'teams/{team_id}/invites/2/', 404),
+    ('post', 'can_change_teams', 'teams/{team_id}/invites/', 400),
+    ('get', 'can_change_teams', 'teams/{team_id}/tokens/', 200),
+    ('get', 'can_change_teams', 'teams/{team_id}/tokens/0/', 404),
+    ('delete', 'can_change_teams', 'teams/{team_id}/tokens/0/', 404),
+    ('post', 'can_change_teams', 'teams/{team_id}/tokens/', 400),
 ]


@@ -430,7 +445,7 @@ def test_token_org_subresources_permission_allowed(token_client, team, organizer
        setattr(team, urlset[1], True)
    team.save()
    resp = getattr(token_client, urlset[0])('/api/v1/organizers/{}/{}'.format(
-        organizer.slug, urlset[2]))
+        organizer.slug, urlset[2].format(team_id=team.pk)))
    assert resp.status_code == urlset[3]


@@ -444,7 +459,7 @@ def test_token_org_subresources_permission_not_allowed(token_client, team, organ
        setattr(team, urlset[1], False)
    team.save()
    resp = getattr(token_client, urlset[0])('/api/v1/organizers/{}/{}'.format(
-        organizer.slug, urlset[2]))
+        organizer.slug, urlset[2].format(team_id=team.pk)))
    if urlset[3] == 404:
        assert resp.status_code == 403
    else:
--- a/src/tests/api/test_teams.py
+++ b/src/tests/api/test_teams.py
@@ -0,0 +1,260 @@
+import pytest
+from django.core import mail
+from django_scopes import scopes_disabled
+
+from pretix.base.models import Team, User
+
+
+@pytest.fixture
+def second_team(organizer, event):
+    t = organizer.teams.create(
+        name='User team',
+        all_events=False,
+    )
+    t.limit_events.add(event)
+    return t
+
+
+TEST_TEAM_RES = {
+    'id': 1, 'name': 'Test-Team', 'all_events': True, 'limit_events': [], 'can_create_events': True,
+    'can_change_teams': True, 'can_change_organizer_settings': True, 'can_manage_gift_cards': True,
+    'can_change_event_settings': True, 'can_change_items': True, 'can_view_orders': True, 'can_change_orders': True,
+    'can_view_vouchers': True, 'can_change_vouchers': True
+}
+
+SECOND_TEAM_RES = {
+    'id': 1, 'name': 'User team', 'all_events': False, 'limit_events': ['dummy'],
+    'can_create_events': False,
+    'can_change_teams': False, 'can_change_organizer_settings': False, 'can_manage_gift_cards': False,
+    'can_change_event_settings': False, 'can_change_items': False, 'can_view_orders': False, 'can_change_orders': False,
+    'can_view_vouchers': False, 'can_change_vouchers': False
+}
+
+
+@pytest.mark.django_db
+def test_team_list(token_client, organizer, event, team):
+    res = dict(TEST_TEAM_RES)
+    res["id"] = team.pk
+
+    resp = token_client.get('/api/v1/organizers/{}/teams/'.format(organizer.slug))
+    assert resp.status_code == 200
+    assert [res] == resp.data['results']
+
+
+@pytest.mark.django_db
+def test_team_detail(token_client, organizer, event, second_team):
+    res = dict(SECOND_TEAM_RES)
+    res["id"] = second_team.pk
+    resp = token_client.get('/api/v1/organizers/{}/teams/{}/'.format(organizer.slug, second_team.pk))
+    assert resp.status_code == 200
+    assert res == resp.data
+
+
+TEST_TEAM_CREATE_PAYLOAD = {
+    "name": "Foobar",
+    "limit_events": ["dummy"],
+}
+
+
+@pytest.mark.django_db
+def test_team_create(token_client, organizer, event):
+    resp = token_client.post(
+        '/api/v1/organizers/{}/teams/'.format(organizer.slug),
+        TEST_TEAM_CREATE_PAYLOAD,
+        format='json'
+    )
+    assert resp.status_code == 201
+    with scopes_disabled():
+        team = Team.objects.get(pk=resp.data['id'])
+        assert list(team.limit_events.all()) == [event]
+
+
+@pytest.mark.django_db
+def test_team_update(token_client, organizer, event, second_team):
+    assert not second_team.can_change_event_settings
+    resp = token_client.patch(
+        '/api/v1/organizers/{}/teams/{}/'.format(organizer.slug, second_team.pk),
+        {
+            'can_change_event_settings': True,
+        },
+        format='json'
+    )
+    assert resp.status_code == 200
+    second_team.refresh_from_db()
+    assert second_team.can_change_event_settings
+
+    resp = token_client.patch(
+        '/api/v1/organizers/{}/teams/{}/'.format(organizer.slug, second_team.pk),
+        {
+            'all_events': True,
+        },
+        format='json'
+    )
+    print(resp.data)
+    assert resp.status_code == 400
+
+
+@pytest.mark.django_db
+def test_team_delete(token_client, organizer, event, second_team):
+    resp = token_client.delete(
+        '/api/v1/organizers/{}/teams/{}/'.format(organizer.slug, second_team.pk),
+        format='json'
+    )
+    assert resp.status_code == 204
+    assert organizer.teams.count() == 1
+
+
+TEST_TEAM_MEMBER_RES = {
+    'email': 'dummy@dummy.dummy',
+    'fullname': None,
+    'require_2fa': False
+}
+
+
+@pytest.mark.django_db
+def test_team_members_list(token_client, organizer, event, user, team):
+    team.members.add(user)
+    res = dict(TEST_TEAM_MEMBER_RES)
+    res["id"] = user.pk
+
+    resp = token_client.get('/api/v1/organizers/{}/teams/{}/members/'.format(organizer.slug, team.pk))
+    assert resp.status_code == 200
+    assert [res] == resp.data['results']
+
+
+@pytest.mark.django_db
+def test_team_members_detail(token_client, organizer, event, team, user):
+    team.members.add(user)
+    res = dict(TEST_TEAM_MEMBER_RES)
+    res["id"] = user.pk
+    resp = token_client.get('/api/v1/organizers/{}/teams/{}/members/{}/'.format(organizer.slug, team.pk, user.pk))
+    assert resp.status_code == 200
+    assert res == resp.data
+
+
+@pytest.mark.django_db
+def test_team_members_delete(token_client, organizer, event, team, user):
+    team.members.add(user)
+    resp = token_client.delete('/api/v1/organizers/{}/teams/{}/members/{}/'.format(organizer.slug, team.pk, user.pk))
+    assert resp.status_code == 204
+    assert team.members.count() == 0
+    assert User.objects.filter(pk=user.pk).exists()
+
+
+@pytest.fixture
+def invite(team):
+    return team.invites.create(email='foo@bar.com')
+
+
+TEST_TEAM_INVITE_RES = {
+    'email': 'foo@bar.com',
+}
+
+
+@pytest.mark.django_db
+def test_team_invites_list(token_client, organizer, event, user, team, invite):
+    res = dict(TEST_TEAM_INVITE_RES)
+    res["id"] = invite.pk
+
+    resp = token_client.get('/api/v1/organizers/{}/teams/{}/invites/'.format(organizer.slug, team.pk))
+    assert resp.status_code == 200
+    assert [res] == resp.data['results']
+
+
+@pytest.mark.django_db
+def test_team_invites_detail(token_client, organizer, event, team, user, invite):
+    res = dict(TEST_TEAM_INVITE_RES)
+    res["id"] = invite.pk
+    resp = token_client.get('/api/v1/organizers/{}/teams/{}/invites/{}/'.format(organizer.slug, team.pk, invite.pk))
+    assert resp.status_code == 200
+    assert res == resp.data
+
+
+@pytest.mark.django_db
+def test_team_invites_delete(token_client, organizer, event, team, user, invite):
+    resp = token_client.delete('/api/v1/organizers/{}/teams/{}/invites/{}/'.format(organizer.slug, team.pk, invite.pk))
+    assert resp.status_code == 204
+    assert team.invites.count() == 0
+
+
+@pytest.mark.django_db
+def test_team_invites_create(token_client, organizer, event, team, user):
+    resp = token_client.post('/api/v1/organizers/{}/teams/{}/invites/'.format(organizer.slug, team.pk), {
+        'email': 'newmail@dummy.dummy'
+    })
+    assert resp.status_code == 201
+    assert team.invites.get().email == 'newmail@dummy.dummy'
+    assert len(mail.outbox) == 1
+
+    resp = token_client.post('/api/v1/organizers/{}/teams/{}/invites/'.format(organizer.slug, team.pk), {
+        'email': 'newmail@dummy.dummy'
+    })
+    assert resp.status_code == 400
+    assert resp.content.decode() == '["This user already has been invited for this team."]'
+
+    resp = token_client.post('/api/v1/organizers/{}/teams/{}/invites/'.format(organizer.slug, team.pk), {
+        'email': user.email
+    })
+    assert resp.status_code == 201
+    assert not resp.data.get('id')
+    assert team.invites.count() == 1
+    assert user in team.members.all()
+
+    resp = token_client.post('/api/v1/organizers/{}/teams/{}/invites/'.format(organizer.slug, team.pk), {
+        'email': user.email
+    })
+    assert resp.status_code == 400
+    assert resp.content.decode() == '["This user already has permissions for this team."]'
+
+
+TEST_TEAM_TOKEN_RES = {
+    'name': 'Testtoken',
+    'active': True,
+}
+
+
+@pytest.fixture
+def token(second_team):
+    t = second_team.tokens.create(name='Testtoken')
+    return t
+
+
+@pytest.mark.django_db
+def test_team_tokens_list(token_client, organizer, event, user, second_team, token):
+    res = dict(TEST_TEAM_TOKEN_RES)
+    res["id"] = token.pk
+
+    resp = token_client.get('/api/v1/organizers/{}/teams/{}/tokens/'.format(organizer.slug, second_team.pk))
+    assert resp.status_code == 200
+    assert [res] == resp.data['results']
+
+
+@pytest.mark.django_db
+def test_team_tokens_detail(token_client, organizer, event, second_team, token):
+    res = dict(TEST_TEAM_TOKEN_RES)
+    res["id"] = token.pk
+    resp = token_client.get(
+        '/api/v1/organizers/{}/teams/{}/tokens/{}/'.format(organizer.slug, second_team.pk, token.pk))
+    assert resp.status_code == 200
+    assert res == resp.data
+
+
+@pytest.mark.django_db
+def test_team_tokens_delete(token_client, organizer, event, second_team, token):
+    resp = token_client.delete(
+        '/api/v1/organizers/{}/teams/{}/tokens/{}/'.format(organizer.slug, second_team.pk, token.pk))
+    assert resp.status_code == 200
+    token.refresh_from_db()
+    assert not token.active
+
+
+@pytest.mark.django_db
+def test_team_token_create(token_client, organizer, event, second_team):
+    resp = token_client.post('/api/v1/organizers/{}/teams/{}/tokens/'.format(organizer.slug, second_team.pk), {
+        'name': 'New token'
+    })
+    assert resp.status_code == 201
+    t = second_team.tokens.get()
+    assert t.name == 'New token'
+    assert t.active
+    assert resp.data['token'] == t.token