Merge pull request #400 from nofusscomputing/development

README.md

@@ -32,9 +32,14 @@ This project is hosted on [Github](https://github.com/NofussComputing/centurion_
 
 **Stable Branch**
 
-![GitHub Actions Workflow Status](https://img.shields.io/github/actions/workflow/status/nofusscomputing/centurion_erp/ci.yaml?branch=master&style=plastic&logo=github&label=Build&color=%23000) ![GitHub Release](https://img.shields.io/github/v/release/nofusscomputing/centurion_erp?sort=date&style=plastic&logo=github&label=Release&color=000) ![Endpoint Badge](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fnofusscomputing%2F.github%2Fmaster%2Frepositories%2Fnofusscomputing%2Fcenturion_erp%2Fmaster%2Fbadge_endpoint_coverage.json&style=plastic)
+![GitHub Actions Workflow Status](https://img.shields.io/github/actions/workflow/status/nofusscomputing/centurion_erp/ci.yaml?branch=master&style=plastic&logo=github&label=Build&color=%23000) ![GitHub Release](https://img.shields.io/github/v/release/nofusscomputing/centurion_erp?sort=date&style=plastic&logo=github&label=Release&color=000) 
+
+![Endpoint Badge](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fnofusscomputing%2F.github%2Fmaster%2Frepositories%2Fnofusscomputing%2Fcenturion_erp%2Fmaster%2Fbadge_endpoint_coverage.json&style=plastic)
  ![Endpoint Badge](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fnofusscomputing%2F.github%2Fmaster%2Frepositories%2Fnofusscomputing%2Fcenturion_erp%2Fmaster%2Fbadge_endpoint_unit_test.json)
 
+![Endpoint Badge](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fnofusscomputing%2F.github%2Fmaster%2Frepositories%2Fnofusscomputing%2Fcenturion_erp%2Fmaster%2Fbadge_endpoint_coverage_functional.json&style=plastic)
+ ![Endpoint Badge](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fnofusscomputing%2F.github%2Fmaster%2Frepositories%2Fnofusscomputing%2Fcenturion_erp%2Fmaster%2Fbadge_endpoint_functional_test.json)
+
 
 
 ----
@@ -43,9 +48,13 @@ This project is hosted on [Github](https://github.com/NofussComputing/centurion_
 
 
 
-![GitHub Actions Workflow Status](https://img.shields.io/github/actions/workflow/status/nofusscomputing/centurion_erp/ci.yaml?branch=development&style=plastic&logo=github&label=Build&color=%23000) ![GitHub Release](https://img.shields.io/github/v/release/nofusscomputing/centurion_erp?include_prereleases&sort=date&style=plastic&logo=github&label=Release&color=000) ![Endpoint Badge](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fnofusscomputing%2F.github%2Fmaster%2Frepositories%2Fnofusscomputing%2Fcenturion_erp%2Fdevelopment%2Fbadge_endpoint_coverage.json&style=plastic)
+![GitHub Actions Workflow Status](https://img.shields.io/github/actions/workflow/status/nofusscomputing/centurion_erp/ci.yaml?branch=development&style=plastic&logo=github&label=Build&color=%23000) ![GitHub Release](https://img.shields.io/github/v/release/nofusscomputing/centurion_erp?include_prereleases&sort=date&style=plastic&logo=github&label=Release&color=000) 
+
+![Endpoint Badge](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fnofusscomputing%2F.github%2Fmaster%2Frepositories%2Fnofusscomputing%2Fcenturion_erp%2Fdevelopment%2Fbadge_endpoint_coverage.json&style=plastic)
  ![Endpoint Badge](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fnofusscomputing%2F.github%2Fmaster%2Frepositories%2Fnofusscomputing%2Fcenturion_erp%2Fdevelopment%2Fbadge_endpoint_unit_test.json)
 
+![Endpoint Badge](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fnofusscomputing%2F.github%2Fmaster%2Frepositories%2Fnofusscomputing%2Fcenturion_erp%2Fdevelopment%2Fbadge_endpoint_coverage_functional.json&style=plastic)
+ ![Endpoint Badge](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fnofusscomputing%2F.github%2Fmaster%2Frepositories%2Fnofusscomputing%2Fcenturion_erp%2Fdevelopment%2Fbadge_endpoint_functional_test.json)
 
 ----
 <br>

app/access/models.py

@@ -126,9 +126,10 @@ class TenancyManager(models.Manager):
                         user_organizations += [ team_user.team.organization.id ]
 
 
-                if len(user_organizations) > 0 and not user.is_superuser and self.model.is_global is not None:
+                # if len(user_organizations) > 0 and not user.is_superuser and self.model.is_global is not None:
+                if len(user_organizations) > 0 and not user.is_superuser:
 
-                    if self.model.is_global:
+                    if getattr(self.model, 'is_global', False) is True:
 
                         return super().get_queryset().filter(
                             models.Q(organization__in=user_organizations)

app/access/tests/functional/organization/test_organization_serializer.py

@@ -0,0 +1,23 @@
+import pytest
+
+# from django.contrib.auth.models import User
+from django.test import TestCase
+
+# from rest_framework.exceptions import ValidationError
+
+# from access.serializers.organization import (
+#     Organization,
+#     OrganizationModelSerializer
+# )
+
+
+
+class OrganizationValidationAPI(
+    TestCase,
+):
+
+
+    @pytest.mark.skip( reason = 'tests to be written' )
+    def test_dummy(self):
+
+        pass

app/api/views/core/tickets.py

@@ -72,7 +72,10 @@ class View(OrganizationMixin, viewsets.ModelViewSet):
         return super().get_permission_required()
 
 
-    queryset = Ticket.objects.all()
+    # queryset = Ticket.objects.all()
+    queryset = None
+
+    model = Ticket
 
 
     def get_serializer(self, *args, **kwargs):
@@ -114,32 +117,48 @@ class View(OrganizationMixin, viewsets.ModelViewSet):
 
         if self._ticket_type == 'change':
 
-            ticket_type = self.queryset.model.TicketType.CHANGE.value
+            ticket_type = self.model.TicketType.CHANGE.value
 
         elif self._ticket_type == 'incident':
 
-            ticket_type = self.queryset.model.TicketType.INCIDENT.value
+            ticket_type = self.model.TicketType.INCIDENT.value
 
         elif self._ticket_type == 'problem':
 
-            ticket_type = self.queryset.model.TicketType.PROBLEM.value
+            ticket_type = self.model.TicketType.PROBLEM.value
 
         elif self._ticket_type == 'request':
 
-            ticket_type = self.queryset.model.TicketType.REQUEST.value
+            ticket_type = self.model.TicketType.REQUEST.value
 
         elif self._ticket_type == 'project_task':
 
-            ticket_type = self.queryset.model.TicketType.REQUEST.value
+            ticket_type = self.model.TicketType.REQUEST.value
 
-            return self.queryset.filter(
-                project = self.kwargs['project_id']
-            )
+            # return self.queryset.filter(
+            #     project = self.kwargs['project_id']
+            # )
 
         else:
 
             raise ValueError('Unknown ticket type. kwarg `ticket_type` must be set')
 
-        return self.queryset.filter(
-            ticket_type = ticket_type
-        )
+
+        if not self.queryset:
+
+            queryset = Ticket.objects.all()
+
+            queryset = queryset.filter(
+                ticket_type = ticket_type
+            )
+
+            if self._ticket_type == 'project_task':
+
+                queryset = queryset.filter(
+                    project = self.kwargs['project_id']
+                )
+
+            self.queryset = queryset
+
+
+        return self.queryset

app/api/views/mixin.py

@@ -1,4 +1,4 @@
-from django.core.exceptions import PermissionDenied
+from django.core.exceptions import ObjectDoesNotExist, PermissionDenied
 from django.forms import ValidationError
 
 from rest_framework import exceptions
@@ -35,7 +35,14 @@ class OrganizationPermissionAPI(DjangoObjectPermissions, OrganizationMixin):
 
             view.http_method_not_allowed(request._request)
 
-        if hasattr(view, 'queryset'):
+        if hasattr(view, 'get_queryset'):
+
+            queryset  = view.get_queryset()
+
+            self.obj = queryset.model
+
+        elif hasattr(view, 'queryset'):
+
             if view.queryset.model._meta:
                 self.obj = view.queryset.model
 
@@ -91,7 +98,13 @@ class OrganizationPermissionAPI(DjangoObjectPermissions, OrganizationMixin):
 
             if object_organization is None and 'pk' in view.kwargs:
 
-                self.obj = view.queryset.get(pk=view.kwargs['pk'])
+                try:
+
+                    self.obj = view.queryset.get(pk=view.kwargs['pk'])    # Here
+
+                except ObjectDoesNotExist:
+
+                    return False
 
 
         if obj:
@@ -115,7 +128,13 @@ class OrganizationPermissionAPI(DjangoObjectPermissions, OrganizationMixin):
 
                 if object_organization is None:
 
-                    self.obj = view.queryset.get()
+                    try:
+
+                        self.obj = view.queryset.get()
+
+                    except ObjectDoesNotExist:
+
+                        return False
 
 
         if hasattr(self, 'obj') and object_organization is None and 'pk' in view.kwargs:

app/core/views/ticket_comment.py

@@ -1,3 +1,5 @@
+from django.core.exceptions import ObjectDoesNotExist
+from django.http import Http404
 from django.urls import reverse
 from django.views import generic
 
@@ -30,11 +32,17 @@ class Add(AddView):
 
         if self.request.user.is_authenticated:
 
-            ticket = Ticket.objects.get(pk=int(self.kwargs['ticket_id']))
+            try:
 
-            if ticket.opened_by.id == self.request.user.id:
+                ticket = Ticket.objects.get(pk=int(self.kwargs['ticket_id']))
 
-                return []
+                if ticket.opened_by.id == self.request.user.id:
+
+                    return []
+            
+            except ObjectDoesNotExist:
+
+                pass
 
         return [
             str('core.add_ticketcomment'),
@@ -104,12 +112,18 @@ class Change(ChangeView):
 
     def get_dynamic_permissions(self):
 
-        if (
-            self.request.user.is_authenticated and
-            self.get_object().user.id == self.request.user.id
-        ):
+        try:
 
-            return []
+            if (
+                self.request.user.is_authenticated and
+                self.get_object().user.id == self.request.user.id
+            ):
+
+                return []
+
+        except Http404:    # Although the model not found, permissions must return HTTP/403 for authenticated user
+
+            pass
 
         return [
             str('core.change_ticketcomment'),

docs/projects/centurion_erp/index.md

@@ -16,6 +16,9 @@ about: https://gitlab.com/nofusscomputing/infrastructure/configuration-managemen
 
 ![Endpoint Badge](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fnofusscomputing%2F.github%2Fmaster%2Frepositories%2Fnofusscomputing%2Fcenturion_erp%2Fdevelopment%2Fbadge_endpoint_coverage.json&style=plastic) ![Endpoint Badge](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fnofusscomputing%2F.github%2Fmaster%2Frepositories%2Fnofusscomputing%2Fcenturion_erp%2Fdevelopment%2Fbadge_endpoint_unit_test.json)
 
+![Endpoint Badge](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fnofusscomputing%2F.github%2Fmaster%2Frepositories%2Fnofusscomputing%2Fcenturion_erp%2Fmaster%2Fbadge_endpoint_coverage_functional.json&style=plastic)
+ ![Endpoint Badge](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fnofusscomputing%2F.github%2Fmaster%2Frepositories%2Fnofusscomputing%2Fcenturion_erp%2Fmaster%2Fbadge_endpoint_functional_test.json)
+
 
 ![Docker Pulls](https://img.shields.io/docker/pulls/nofusscomputing/centurion-erp?style=plastic&logo=docker&color=0db7ed) [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/centurion-erp)](https://artifacthub.io/packages/container/centurion-erp/centurion-erp)