sysadmin reconstruct terms-and-conditions api (#4226)

* sysadmin reconstruct term and conditions api

* fix settings check in sysadmin terms and conditions api

seahub/api2/endpoints/admin/terms_and_conditions.py

@@ -0,0 +1,209 @@
+import logging
+from decimal import Decimal
+from constance import config
+
+from rest_framework.authentication import SessionAuthentication
+from rest_framework.permissions import IsAdminUser
+from rest_framework.response import Response
+from rest_framework.views import APIView
+from rest_framework import status
+
+from django.utils import timezone
+
+from seahub.api2.authentication import TokenAuthentication
+from seahub.api2.throttling import UserRateThrottle
+
+from seahub.utils.timeutils import datetime_to_isoformat_timestr
+from seahub.api2.utils import api_error
+from termsandconditions.models import TermsAndConditions, UserTermsAndConditions
+
+logger = logging.getLogger(__name__)
+
+
+def check_enable_terms_and_conditions(func):
+    def _decorated(view, request, *args, **kwargs):
+        if not config.ENABLE_TERMS_AND_CONDITIONS:
+            error_msg = 'terms and conditions not enabled.'
+            return api_error(status.HTTP_404_NOT_FOUND, error_msg)
+        return func(view, request, *args, **kwargs)
+    return _decorated
+
+
+class AdminTermsAndConditions(APIView):
+    authentication_classes = (TokenAuthentication, SessionAuthentication)
+    permission_classes = (IsAdminUser, )
+    throttle_classes = (UserRateThrottle,)
+
+    @check_enable_terms_and_conditions
+    def get(self, request):
+        """
+        list Terms and Conditions
+
+        Permission checking:
+        1.login and is admin user.
+        """
+
+        terms_and_conditions = TermsAndConditions.objects.all().order_by('-date_created')
+
+        info_list = []
+        for term in terms_and_conditions:
+            info = {}
+            info['id'] = term.pk
+            info['name'] = term.name
+            info['version_number'] = term.version_number
+            info['text'] = term.text
+            info['ctime'] = datetime_to_isoformat_timestr(term.date_created)
+            info['activate_time'] = datetime_to_isoformat_timestr(term.date_active)
+            info_list.append(info)
+
+        return Response({'term_and_condition_list': info_list})
+
+    @check_enable_terms_and_conditions
+    def post(self, request):
+        """
+        Create a term and condition
+
+        Permission checking:
+        1.login and is admin user.
+        """
+
+        name = request.data.get('name')
+        if not name:
+            error_msg = 'name invalid'
+            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
+
+        version_number = request.data.get('version_number')
+        if not version_number:
+            error_msg = 'version_number invalid'
+            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
+        try:
+            version_number = Decimal(version_number)
+        except Exception as e:
+            logger.error(e)
+            error_msg = 'version_number %s invalid' % version_number
+            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
+
+        text = request.data.get('text')
+        if not text:
+            error_msg = 'text invalid'
+            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
+
+        is_active = request.data.get('is_active')
+        if not is_active:
+            error_msg = 'is_active invalid'
+            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
+
+        is_active = is_active.lower()
+        if is_active not in ('true', 'false'):
+            error_msg = 'is_active %s invalid' % is_active
+            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
+
+        date_active = timezone.now() if is_active == 'true' else None
+        term = TermsAndConditions.objects.create(
+            name=name, version_number=version_number, text=text,
+            date_active=date_active)
+
+        info = {}
+        info['id'] = term.pk
+        info['name'] = term.name
+        info['version_number'] = term.version_number
+        info['text'] = term.text
+        info['ctime'] = datetime_to_isoformat_timestr(term.date_created)
+        info['activate_time'] = datetime_to_isoformat_timestr(term.date_active)
+
+        return Response(info)
+
+
+class AdminTermAndCondition(APIView):
+    authentication_classes = (TokenAuthentication, SessionAuthentication)
+    permission_classes = (IsAdminUser, )
+    throttle_classes = (UserRateThrottle,)
+
+    @check_enable_terms_and_conditions
+    def put(self, request, term_id):
+        """
+        Update Term and Condition
+
+        Permission checking:
+        1.login and is admin user.
+        """
+
+        name = request.data.get('name')
+
+        version_number = request.data.get('version_number')
+        if version_number:
+            try:
+                version_number = Decimal(version_number)
+            except Exception as e:
+                logger.error(e)
+                error_msg = 'version_number %s invalid' % version_number
+                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
+
+        text = request.data.get('text')
+
+        is_active = request.data.get('is_active')
+        if is_active:
+            is_active = is_active.lower()
+            if is_active not in ('true', 'false'):
+                error_msg = 'is_active %s invalid' % is_active
+                return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
+
+        try:
+            term = TermsAndConditions.objects.get(pk=term_id)
+        except TermsAndConditions.DoesNotExist:
+            error_msg = 'term %s not found' % term_id
+            return api_error(status.HTTP_404_NOT_FOUND, error_msg)
+
+        if text:
+            term.text = text
+
+        if name:
+            term.name = name
+
+        if version_number and version_number != term.version_number:
+            term.version_number = version_number
+            if is_active == 'true':
+                term.date_active = timezone.now()
+
+        if is_active == 'true' and not term.date_active:
+            term.date_active = timezone.now()
+
+        if is_active == 'false':
+            term.date_active = None
+
+        term.save()
+
+        info = {}
+        info['id'] = term.pk
+        info['name'] = term.name
+        info['version_number'] = term.version_number
+        info['text'] = term.text
+        info['ctime'] = datetime_to_isoformat_timestr(term.date_created)
+        info['activate_time'] = datetime_to_isoformat_timestr(term.date_active)
+
+        return Response(info)
+
+    @check_enable_terms_and_conditions
+    def delete(self, request, term_id):
+        """
+        Delete Term and Condition
+
+        Permission checking:
+        1.login and is admin user.
+        """
+
+        try:
+            term = TermsAndConditions.objects.get(pk=term_id)
+        except TermsAndConditions.DoesNotExist:
+            error_msg = 'term %s not found' % term_id
+            return api_error(status.HTTP_404_NOT_FOUND, error_msg)
+
+        try:
+            term.delete()
+            UserTermsAndConditions.objects.filter(terms_id=term_id).delete()
+        except Exception as e:
+            logger.error(e)
+            error_msg = 'Internal Server Error'
+            return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
+
+        return Response({'success': True})

seahub/urls.py

@@ -156,6 +156,7 @@ from seahub.api2.endpoints.admin.notifications import AdminNotificationsView
 from seahub.api2.endpoints.admin.sys_notifications import AdminSysNotificationsView, AdminSysNotificationView
 from seahub.api2.endpoints.admin.logs import AdminLogsLoginLogs, AdminLogsFileAccessLogs, AdminLogsFileUpdateLogs, \
     AdminLogsSharePermissionLogs
+from seahub.api2.endpoints.admin.terms_and_conditions import AdminTermsAndConditions, AdminTermAndCondition
 from seahub.api2.endpoints.admin.work_weixin import AdminWorkWeixinDepartments, \
     AdminWorkWeixinDepartmentMembers, AdminWorkWeixinUsersBatch, AdminWorkWeixinDepartmentsImport
 from seahub.api2.endpoints.admin.virus_scan_records import AdminVirusScanRecords, AdminVirusScanRecord
@@ -623,6 +624,10 @@ urlpatterns = [
     url(r'^api/v2.1/admin/sys-notifications/$', AdminSysNotificationsView.as_view(), name='api-2.1-admin-sys-notifications'),
     url(r'^api/v2.1/admin/sys-notifications/(?P<nid>\d+)/$', AdminSysNotificationView.as_view(),name='api-2.1-admin-sys-notification'),
 
+    ## admin::terms and conditions
+    url(r'^api/v2.1/admin/terms-and-conditions/$', AdminTermsAndConditions.as_view(), name='api-v2.1-admin-terms-and-conditions'),
+    url(r'^api/v2.1/admin/terms-and-conditions/(?P<term_id>\d+)/$', AdminTermAndCondition.as_view(), name='api-v2.1-admin-term-and-condition'),
+
     ## admin::work weixin departments
     url(r'^api/v2.1/admin/work-weixin/departments/$', AdminWorkWeixinDepartments.as_view(), name='api-v2.1-admin-work-weixin-departments'),
     url(r'^api/v2.1/admin/work-weixin/departments/(?P<department_id>\d+)/members/$', AdminWorkWeixinDepartmentMembers.as_view(), name='api-v2.1-admin-work-weixin-department-members'),

tests/api/endpoints/admin/test_terms_and_conditions.py

@@ -0,0 +1,79 @@
+import time
+import json
+from mock import patch
+
+from django.utils import timezone
+from django.core.urlresolvers import reverse
+from django.test import override_settings
+
+from seahub.test_utils import BaseTestCase
+from seahub.invitations.models import Invitation
+from seahub.api2.permissions import CanInviteGuest
+from seahub.base.accounts import UserPermissions
+from seahub.invitations import models
+from termsandconditions.models import TermsAndConditions, UserTermsAndConditions
+
+
+@patch('seahub.api2.endpoints.admin.terms_and_conditions.ENABLE_TERMS_AND_CONDITIONS', True)
+class AdminTermsAndConditionsTest(BaseTestCase):
+    def setUp(self):
+        self.url = reverse('api-v2.1-admin-terms-and-conditions')
+
+    def _add_term(self, name, text, version_number):
+        return TermsAndConditions.objects.create(
+            name=name, version_number=version_number, text=text,
+            date_active=None)
+
+    def test_can_get(self):
+        self.login_as(self.admin)
+        term1 = self._add_term(name='term1', text='text1', version_number=1)
+        resp = self.client.get(self.url)
+        self.assertEqual(200, resp.status_code)
+        json_resp = json.loads(resp.content)
+
+        assert type(json_resp['term_and_condition_list']) is list
+        assert json_resp['term_and_condition_list'][0]['name'] == term1.name
+        assert json_resp['term_and_condition_list'][0]['text'] == term1.text
+        term1.delete()
+
+    def test_get_permission_denied(self):
+        self.login_as(self.user)
+        resp = self.client.get(self.url)
+        self.assertEqual(403, resp.status_code)
+
+    def test_can_create(self):
+        self.login_as(self.admin)
+        data = {
+            "name": "test_name",
+            "text": "test_text",
+            "version_number": 1,
+            "is_active": False,
+        }
+
+        resp = self.client.post(self.url, data)
+        self.assertEqual(200, resp.status_code)
+
+
+@patch('seahub.api2.endpoints.admin.terms_and_conditions.ENABLE_TERMS_AND_CONDITIONS', True)
+class AdminTermAndConditionTest(BaseTestCase):
+
+    def _add_term(self, name, text, version_number):
+        return TermsAndConditions.objects.create(
+            name=name, version_number=version_number, text=text,
+            date_active=None)
+
+    def test_can_delete(self):
+        self.login_as(self.admin)
+        term = self._add_term('name', 'text', 1)
+        url = reverse('api-v2.1-admin-term-and-condition', args=[term.id])
+
+        resp = self.client.delete(url)
+        self.assertEqual(200, resp.status_code)
+
+    def test_delete_permission_denied(self):
+        self.login_as(self.user)
+        term = self._add_term('name', 'text', 1)
+        url = reverse('api-v2.1-admin-term-and-condition', args=[term.id])
+
+        resp = self.client.delete(url)
+        self.assertEqual(403, resp.status_code)