From fdd20042c1c98f1f740d01d83002f787688c413b Mon Sep 17 00:00:00 2001 From: Hafiyyan Date: Mon, 30 Sep 2019 14:36:11 +0700 Subject: [PATCH 1/4] Login sso fix --- core/tests/test_accounts.py | 7 ++++-- core/tests/test_vacancies.py | 12 ++++++--- core/views/accounts.py | 19 ++++++-------- core/views/sso_login.py | 48 ++++++++++++++++++++++++++++++++++++ 4 files changed, 69 insertions(+), 17 deletions(-) create mode 100644 core/views/sso_login.py diff --git a/core/tests/test_accounts.py b/core/tests/test_accounts.py index 35458de..25281a7 100644 --- a/core/tests/test_accounts.py +++ b/core/tests/test_accounts.py @@ -8,6 +8,7 @@ from core.models.accounts import Company, Supervisor, Student class LoginTests(APITestCase): @requests_mock.Mocker() def test_succesful_student_login_relogin(self, m): + m.get('https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={"username": 'dummy.mahasiswa', "role": 'mahasiswa', "identity_number": '1234567890'}, status_code=200) m.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', json={ "username": "dummy.mahasiswa", "nama": "Dummy Mahasiswa", @@ -16,7 +17,7 @@ class LoginTests(APITestCase): "kodeidentitas": "1234567890", "nama_role": "mahasiswa" }, status_code=200) - m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={ + m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={ "kota_lahir": "kota_kota", "tgl_lahir": "2017-12-31", "program": [{ @@ -35,6 +36,7 @@ class LoginTests(APITestCase): @requests_mock.Mocker() def test_successful_supervisor_login_relogin(self, m): + m.get('https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={"username": 'dummy.mahasiswa', "role": 'mahasiswa', "identity_number": '1234567890'}, status_code=200) m.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', json={ "username": "dummy.dosen", "nama": "Dummy Dosen", @@ -106,6 +108,7 @@ class ProfileUpdateTests(APITestCase): @requests_mock.Mocker() def test_student_profile_update(self, m): + m.get('https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={"username": 'dummy.mahasiswa', "role": 'mahasiswa', "identity_number": '1234567890'}, status_code=200) m.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', json={ "username": "dummy.mahasiswa", "nama": "Dummy Mahasiswa", @@ -114,7 +117,7 @@ class ProfileUpdateTests(APITestCase): "kodeidentitas": "1234567890", "nama_role": "mahasiswa" }, status_code=200) - m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={ + m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={ "kota_lahir": "kota_kota", "tgl_lahir": "2017-12-31", "program": [{ diff --git a/core/tests/test_vacancies.py b/core/tests/test_vacancies.py index 78cdc5a..1667ac1 100644 --- a/core/tests/test_vacancies.py +++ b/core/tests/test_vacancies.py @@ -12,6 +12,7 @@ from core.models.vacancies import Vacancy, Application class ApplicationTests(APITestCase): @requests_mock.Mocker() def test_application_list(self, m): + m.get('https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={"username": 'dummy.mahasiswa', "role": 'mahasiswa', "identity_number": '1234567890'}, status_code=200) m.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', json={ "username": "dummy.mahasiswa", "nama": "Dummy Mahasiswa", @@ -20,7 +21,7 @@ class ApplicationTests(APITestCase): "kodeidentitas": "1234567890", "nama_role": "mahasiswa" }, status_code=200) - m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={ + m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={ "kota_lahir": "kota_kota", "tgl_lahir": "2017-12-31", "program": [{ @@ -42,6 +43,7 @@ class ApplicationTests(APITestCase): @requests_mock.Mocker() def test_application_create_and_delete(self, m): + m.get('https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={"username": 'dummy.mahasiswa', "role": 'mahasiswa', "identity_number": '1234567890'}, status_code=200) m.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', json={ "username": "dummy.mahasiswa", "nama": "Dummy Mahasiswa", @@ -50,7 +52,7 @@ class ApplicationTests(APITestCase): "kodeidentitas": "1234567890", "nama_role": "mahasiswa" }, status_code=200) - m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={ + m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={ "kota_lahir": "kota_kota", "tgl_lahir": "2017-12-31", "program": [{ @@ -84,6 +86,7 @@ class ApplicationTests(APITestCase): class BookmarkApplicationTests(APITestCase): @requests_mock.Mocker() def test_application_list(self, m): + m.get('https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={"username": 'dummy.mahasiswa', "role": 'mahasiswa', "identity_number": '1234567890'}, status_code=200) m.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', json={ "username": "dummy.mahasiswa", "nama": "Dummy Mahasiswa", @@ -92,7 +95,7 @@ class BookmarkApplicationTests(APITestCase): "kodeidentitas": "1234567890", "nama_role": "mahasiswa" }, status_code=200) - m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={ + m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={ "kota_lahir": "kota_kota", "tgl_lahir": "2017-12-31", "program": [{ @@ -114,6 +117,7 @@ class BookmarkApplicationTests(APITestCase): @requests_mock.Mocker() def test_application_create_and_delete(self, m): + m.get('https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={"username": 'dummy.mahasiswa', "role": 'mahasiswa', "identity_number": '1234567890'}, status_code=200) m.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', json={ "username": "dummy.mahasiswa", "nama": "Dummy Mahasiswa", @@ -122,7 +126,7 @@ class BookmarkApplicationTests(APITestCase): "kodeidentitas": "1234567890", "nama_role": "mahasiswa" }, status_code=200) - m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={ + m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={ "kota_lahir": "kota_kota", "tgl_lahir": "2017-12-31", "program": [{ diff --git a/core/views/accounts.py b/core/views/accounts.py index 0b74350..9ea10d8 100644 --- a/core/views/accounts.py +++ b/core/views/accounts.py @@ -9,6 +9,7 @@ from rest_framework.parsers import FormParser,MultiPartParser from rest_framework.permissions import AllowAny from rest_framework.permissions import IsAdminUser, IsAuthenticated from rest_framework.response import Response +from .sso_login import get_access_token, verify_user, get_riwayat_user, get_summary_user from core.lib.permissions import IsAdminOrStudent, IsAdminOrSelfOrReadOnly, IsAdminOrCompany, IsAdminOrSupervisor, \ IsAdminOrSupervisorOrCompanyOrSelf @@ -81,14 +82,9 @@ class StudentViewSet(viewsets.ModelViewSet): raise PermissionDenied("You are not allowed to see other student's transcript") if student.show_transcript: - s = requests.Session() - credentials = settings.API_CS_CREDENTIALS - s.get('https://api.cs.ui.ac.id/api-auth/login/') - csrf = s.cookies['csrftoken'] - resp = s.post('https://api.cs.ui.ac.id/api-auth/login/', - data={'username': credentials["user"], 'password': credentials["password"], - 'csrfmiddlewaretoken': csrf}) - response = s.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/' + str(student.npm) + '/riwayat/') + access_token = get_access_token(credentials["user"], credentials["password"]) + ver_user = verify_user(access_token) + response = get_riwayat_user(access_token, ver_user['identity_number']) return Response({'name': student.full_name, 'transcript': response.json()}, status=status.HTTP_200_OK) else: return Response({'name': student.full_name, 'error': 'student does not allow transcript to be shown'}, @@ -146,7 +142,7 @@ class LoginViewSet(viewsets.GenericViewSet): return Response(status=status.HTTP_400_BAD_REQUEST) if login_type == "sso-ui": r = requests.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', - json={"username": username, "password": password}) + data={"username": username, "password": password}) resp = r.json() if resp.get('state') != 0: # create user @@ -167,8 +163,9 @@ class LoginViewSet(viewsets.GenericViewSet): login(request, user) if created: if resp.get('nama_role') == "mahasiswa": - student_detail = requests.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/{}/'.format(resp.get("kodeidentitas"))) - resp_student_detail = student_detail.json() + access_token = get_access_token(username, password) + ver_user = verify_user(access_token) + resp_student_detail = get_summary_user(access_token, ver_user['identity_number']) student = Student.objects.create( user=user, npm=resp.get("kodeidentitas"), diff --git a/core/views/sso_login.py b/core/views/sso_login.py new file mode 100644 index 0000000..669bf2b --- /dev/null +++ b/core/views/sso_login.py @@ -0,0 +1,48 @@ +import requests + +API_MAHASISWA = "https://api.cs.ui.ac.id/siakngcs/mahasiswa/" +API_RIWAYAT_MAHASISWA = API_MAHASISWA+'{npm}/riwayat/' +API_VERIFY_USER = "https://akun.cs.ui.ac.id/oauth/token/verify/" +def get_access_token(username, password): + try: + url = "https://akun.cs.ui.ac.id/oauth/token/" + + payload = "username=" + username + "&password=" + password + "&grant_type=password" + headers = { + 'authorization': "Basic WDN6TmtGbWVwa2RBNDdBU05NRFpSWDNaOWdxU1UxTHd5d3U1V2VwRzpCRVFXQW43RDl6a2k3NEZ0bkNpWVhIRk50Ymg3eXlNWmFuNnlvMU1uaUdSVWNGWnhkQnBobUU5TUxuVHZiTTEzM1dsUnBwTHJoTXBkYktqTjBxcU9OaHlTNGl2Z0doczB0OVhlQ3M0Ym1JeUJLMldwbnZYTXE4VU5yTEFEMDNZeA==", + 'cache-control': "no-cache", + 'content-type': "application/x-www-form-urlencoded" + } + response = requests.request("POST", url, data=payload, headers=headers) + + return response.json()["access_token"] + except Exception as e: + return None + # raise Exception("username atau password sso salah, input : [{}, {}]".format(username, password,)) + +def get_client_id(): + client_id = 'X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG' + return client_id + +def verify_user(access_token): + print ("#get identity number") + parameters = {"access_token": access_token, "client_id": get_client_id()} + response = requests.get(API_VERIFY_USER, params=parameters) + print ("response => ", response.json()) + return response.json() + +def get_summary_user(access_token, npm): + print ("#get summary user => ", npm) + parameters = {"access_token": access_token, "client_id": get_client_id()} + response = requests.get(API_MAHASISWA+str(npm), params=parameters) + print ("response => ", response.text) + print ("response => ", response.json()) + return response.json() + +def get_riwayat_user(access_token, npm): + print ("#get riwayat user => ", npm) + parameters = {"access_token": access_token, "client_id": get_client_id()} + response = requests.get(API_RIWAYAT_MAHASISWA.format(npm=npm), params=parameters) + print ("response => ", response.text) + print ("response => ", response.json()) + return response.json() -- GitLab From 8b61b8c051204c4d83afe0c1847fbdd9c221a97d Mon Sep 17 00:00:00 2001 From: Daya Adianto Date: Thu, 3 Oct 2019 18:41:22 +0700 Subject: [PATCH 2/4] Fix SonarScanner CI job and add project badges --- .gitlab/CODEOWNERS | 4 ++++ README.md | 7 +++++++ sonar-project.properties | 1 + 3 files changed, 12 insertions(+) create mode 100644 .gitlab/CODEOWNERS diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS new file mode 100644 index 0000000..a690232 --- /dev/null +++ b/.gitlab/CODEOWNERS @@ -0,0 +1,4 @@ +# Code owners file + +## Changes to these file(s) require approval from the teaching team +sonar-project.properties @addianto @hafiyyan94 \ No newline at end of file diff --git a/README.md b/README.md index 3020546..3734ba0 100755 --- a/README.md +++ b/README.md @@ -2,6 +2,13 @@ > Internship matchmaking platform for students and companies. +[![pipeline status](https://gitlab.cs.ui.ac.id/pmpl/class-project/kape/badges/master/pipeline.svg)](https://gitlab.cs.ui.ac.id/pmpl/class-project/kape/commits/master) +[![coverage report](https://gitlab.cs.ui.ac.id/pmpl/class-project/kape/badges/master/coverage.svg)](https://gitlab.cs.ui.ac.id/pmpl/class-project/kape/commits/master) + +[![Quality Gate Status](https://pmpl.cs.ui.ac.id/sonarqube/api/project_badges/measure?project=id.ac.ui.cs.foss%3Akape&metric=alert_status)](https://pmpl.cs.ui.ac.id/sonarqube/dashboard?id=id.ac.ui.cs.foss%3Akape) +[![Bugs](https://pmpl.cs.ui.ac.id/sonarqube/api/project_badges/measure?project=id.ac.ui.cs.foss%3Akape&metric=bugs)](https://pmpl.cs.ui.ac.id/sonarqube/dashboard?id=id.ac.ui.cs.foss%3Akape) +[![Code Smells](https://pmpl.cs.ui.ac.id/sonarqube/api/project_badges/measure?project=id.ac.ui.cs.foss%3Akape&metric=code_smells)](https://pmpl.cs.ui.ac.id/sonarqube/dashboard?id=id.ac.ui.cs.foss%3Akape) + ## Table of Contents - [Install](#install) diff --git a/sonar-project.properties b/sonar-project.properties index 48a6c49..c3db74c 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -7,6 +7,7 @@ sonar.projectKey=id.ac.ui.cs.foss:kape sonar.exclusions=/.devcontainer/,/.gitlab/,*.config.js,/.tmp/, sonar.scm.provider=git +sonar.projectVersion=1.0.0 ## Authentication ### sonar.login=[pass token via CLI/CI] -- GitLab From a5cdfb6a300644506668b9fbf64dc59f631f4fcc Mon Sep 17 00:00:00 2001 From: Muhammad Ilham Peruzzi Date: Sat, 5 Oct 2019 20:29:13 +0700 Subject: [PATCH 3/4] change open_time value because there is bug in newer python and change closed_time value to use timezone module instead --- core/tests/test_vacancies.py | 45 ++++++++++++++++++------------------ 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/core/tests/test_vacancies.py b/core/tests/test_vacancies.py index 1667ac1..d8c654f 100644 --- a/core/tests/test_vacancies.py +++ b/core/tests/test_vacancies.py @@ -1,4 +1,5 @@ from datetime import datetime +from django.utils import timezone import requests_mock from django.contrib.auth.models import User @@ -70,8 +71,8 @@ class ApplicationTests(APITestCase): new_user = User.objects.create_user('dummy.company', 'dummy.company@company.com', 'lalala123') new_company = Company.objects.create(user=new_user, description="lalala", status=Company.VERIFIED, logo=None, address=None) - new_vacancy = Vacancy.objects.create(company=new_company, verified=True, open_time=datetime.fromtimestamp(0), - description="lalala", close_time=datetime.today()) + new_vacancy = Vacancy.objects.create(company=new_company, verified=True, open_time=datetime.fromtimestamp(1541319300.0), + description="lalala", close_time=timezone.now()) url = '/api/students/' + str(student_id) + '/applied-vacancies/' response = self.client.post(url, {'vacancy_id': new_vacancy.pk, 'cover_letter': 'this is a cover letter.'}, @@ -144,8 +145,8 @@ class BookmarkApplicationTests(APITestCase): new_user = User.objects.create_user('dummy.company2', 'dummy.compan2y@company.com', 'lalala123') new_company = Company.objects.create(user=new_user, description="lalala", status=Company.VERIFIED, logo=None, address=None) - new_vacancy = Vacancy.objects.create(company=new_company, verified=True, open_time=datetime.fromtimestamp(0), - description="lalala", close_time=datetime.today()) + new_vacancy = Vacancy.objects.create(company=new_company, verified=True, open_time=datetime.fromtimestamp(1541319300.0), + description="lalala", close_time=timezone.now()) url = '/api/students/' + str(student_id) + '/bookmarked-vacancies/' response = self.client.post(url, {'vacancy_id': new_vacancy.pk}, format='json') @@ -253,8 +254,8 @@ class CompanyListsTests(APITestCase): new_user2 = User.objects.create_user('dummy.company4', 'dummy.company4@company.com', 'lalala123') new_student = Student.objects.create(user=new_user2, npm=1234123412) - new_vacancy = Vacancy.objects.create(company=new_company, verified=True, open_time=datetime.fromtimestamp(0), - description="lalala", close_time=datetime.today()) + new_vacancy = Vacancy.objects.create(company=new_company, verified=True, open_time=datetime.fromtimestamp(1541319300.0), + description="lalala", close_time=timezone.now()) new_app = Application.objects.create(student=new_student, vacancy=new_vacancy, cover_letter="asdasdasd") self.client.force_authenticate(new_user) @@ -271,8 +272,8 @@ class CompanyListsTests(APITestCase): new_user2 = User.objects.create_user('dummy.student', 'dummy.company3@company.com', 'lalala123') new_student = Student.objects.create(user=new_user2, npm=1234123412) - new_vacancy = Vacancy.objects.create(company=new_company, verified=True, open_time=datetime.fromtimestamp(0), - description="lalala", close_time=datetime.today()) + new_vacancy = Vacancy.objects.create(company=new_company, verified=True, open_time=datetime.fromtimestamp(1541319300.0), + description="lalala", close_time=timezone.now()) new_app = Application.objects.create(student=new_student, vacancy=new_vacancy, cover_letter="asdasdasd") new_user3 = User.objects.create_user('dummy.company4', 'dummy.company4@company.com', 'lalala123') @@ -293,8 +294,8 @@ class CompanyListsTests(APITestCase): new_user2 = User.objects.create_user('dummy.student', 'dummy.company3@company.com', 'lalala123') new_student = Student.objects.create(user=new_user2, npm=1234123412) - new_vacancy = Vacancy.objects.create(company=new_company, verified=True, open_time=datetime.fromtimestamp(0), - description="lalala", close_time=datetime.today()) + new_vacancy = Vacancy.objects.create(company=new_company, verified=True, open_time=datetime.fromtimestamp(1541319300.0), + description="lalala", close_time=timezone.now()) new_app = Application.objects.create(student=new_student, vacancy=new_vacancy, cover_letter="asdasdasd") new_user3 = User.objects.create_user('dummy.company4', 'dummy.company4@company.com', 'lalala123') @@ -315,8 +316,8 @@ class CompanyListsTests(APITestCase): new_user2 = User.objects.create_user('dummy.company4', 'dummy.company4@company.com', 'lalala123') new_student = Student.objects.create(user=new_user2, npm=1234123412) - new_vacancy = Vacancy.objects.create(company=new_company, verified=True, open_time=datetime.fromtimestamp(0), - description="lalala", close_time=datetime.today()) + new_vacancy = Vacancy.objects.create(company=new_company, verified=True, open_time=datetime.fromtimestamp(1541319300.0), + description="lalala", close_time=timezone.now()) new_app = Application.objects.create(student=new_student, vacancy=new_vacancy, cover_letter="asdasdasd") self.client.force_authenticate(new_user) @@ -333,8 +334,8 @@ class CompanyListsTests(APITestCase): new_user2 = User.objects.create_user('dummy.company4', 'dummy.company4@company.com', 'lalala123') new_student = Student.objects.create(user=new_user2, npm=1234123412) - new_vacancy = Vacancy.objects.create(company=new_company, verified=True, open_time=datetime.fromtimestamp(0), - description="lalala", close_time=datetime.today()) + new_vacancy = Vacancy.objects.create(company=new_company, verified=True, open_time=datetime.fromtimestamp(1541319300.0), + description="lalala", close_time=timezone.now()) new_app = Application.objects.create(student=new_student, vacancy=new_vacancy, cover_letter="asdasdasd") self.client.force_authenticate(new_user) @@ -352,8 +353,8 @@ class CompanyListsTests(APITestCase): new_user2 = User.objects.create_user('dummy.company4', 'dummy.company4@company.com', 'lalala123') new_student = Student.objects.create(user=new_user2, npm=1234123412) - new_vacancy = Vacancy.objects.create(company=new_company, verified=True, open_time=datetime.fromtimestamp(0), - description="lalala", close_time=datetime.today()) + new_vacancy = Vacancy.objects.create(company=new_company, verified=True, open_time=datetime.fromtimestamp(1541319300.0), + description="lalala", close_time=timezone.now()) new_app = Application.objects.create(student=new_student, vacancy=new_vacancy, cover_letter="asdasdasd") self.client.force_authenticate(new_user) @@ -371,8 +372,8 @@ class CompanyListsTests(APITestCase): new_user2 = User.objects.create_user('dummy.company4', 'dummy.company4@company.com', 'lalala123') new_student = Student.objects.create(user=new_user2, npm=1234123412) - new_vacancy = Vacancy.objects.create(company=new_company, verified=True, open_time=datetime.fromtimestamp(0), - description="lalala", close_time=datetime.today()) + new_vacancy = Vacancy.objects.create(company=new_company, verified=True, open_time=datetime.fromtimestamp(1541319300.0), + description="lalala", close_time=timezone.now()) new_app = Application.objects.create(student=new_student, vacancy=new_vacancy, cover_letter="asdasdasd") self.client.force_authenticate(new_user) @@ -410,8 +411,8 @@ class SupervisorApprovalTests(APITestCase): new_user2 = User.objects.create_user('dummy.company2', 'dummy.compan2y@company.com', 'lalala123') new_company2 = Company.objects.create(user=new_user2, description="lalala", status=Company.VERIFIED, logo=None, address=None) - new_vacancy2 = Vacancy.objects.create(company=new_company2, verified=False, open_time=datetime.fromtimestamp(0), - description="lalala", close_time=datetime.today()) + new_vacancy2 = Vacancy.objects.create(company=new_company2, verified=False, open_time=datetime.fromtimestamp(1541319300.0), + description="lalala", close_time=timezone.now()) url = '/api/vacancies/' + str(new_vacancy2.pk) + '/verify/' response = self.client.patch(url, {'verified': True}, format='json') @@ -426,8 +427,8 @@ class SupervisorApprovalTests(APITestCase): address=None) self.client.force_authenticate(user=new_user) - new_vacancy = Vacancy.objects.create(company=new_company, verified=False, open_time=datetime.fromtimestamp(0), - description="lalala", close_time=datetime.today()) + new_vacancy = Vacancy.objects.create(company=new_company, verified=False, open_time=datetime.fromtimestamp(1541319300.0), + description="lalala", close_time=timezone.now()) url = '/api/vacancies/' + str(new_vacancy.pk) + '/verify/' response = self.client.patch(url, format='json') -- GitLab From 7458388449cb47ae5a65a50ac741cd508d368347 Mon Sep 17 00:00:00 2001 From: Muhammad Ilham Peruzzi Date: Sat, 5 Oct 2019 20:31:11 +0700 Subject: [PATCH 4/4] extract method in CompanyApplicationViewSet class --- core/views/vacancies.py | 111 ++++++++++++++++++++++++++++------------ 1 file changed, 77 insertions(+), 34 deletions(-) diff --git a/core/views/vacancies.py b/core/views/vacancies.py index e4b8b98..7d3aa04 100644 --- a/core/views/vacancies.py +++ b/core/views/vacancies.py @@ -155,6 +155,11 @@ class StudentApplicationViewSet(viewsets.GenericViewSet): application.delete() return Response(ApplicationSerializer(application, context={'request': request}).data) +class StatusError(Exception): + pass + +class UnauthorizeError(Exception): + pass class CompanyApplicationViewSet(viewsets.GenericViewSet): queryset = Application.objects.all() @@ -166,18 +171,25 @@ class CompanyApplicationViewSet(viewsets.GenericViewSet): Get list of company {company_id}'s applications --- """ - company = get_object_or_404(Company.objects.all(), pk=company_id) - if not request.user.is_superuser and request.user != company.user: + try: + company = self.__get_company_list_by_company_id(request, company_id) + vacancies = self.__get_vacancy_list_filter_by_company(company) + applications = self.__get_application_list_filter_by_vacancies(vacancies) + st = self.__get_status_from_request_param(request) + if st is not None: + st = int(st) + self.__validating_application_status(st) + applications = applications.filter(status=st) + page = self.paginate_queryset(applications) + if page is not None: + return self.get_paginated_response( + ApplicationSerializer(page, many=True, context={'request': request}).data) + return Response(ApplicationSerializer(applications, many=True, context={'request': request}).data) + except UnauthorizeError: return Response({"error": "forbidden"}, status=status.HTTP_403_FORBIDDEN) - vacancies = Vacancy.objects.filter(company=company) - applications = Application.objects.filter(vacancy__in=vacancies) - if 'status' in request.query_params: - applications = applications.filter(status=request.query_params['status']) - page = self.paginate_queryset(applications) - if page is not None: - return self.get_paginated_response( - ApplicationSerializer(page, many=True, context={'request': request}).data) - return Response(ApplicationSerializer(applications, many=True, context={'request': request}).data) + except (StatusError, ValueError): + return Response({"error": "status must be an integer between 0 and 4"}, \ + status=status.HTTP_400_BAD_REQUEST) @detail_route(methods=["get"]) def by_vacancy(self, request, company_id, pk=None): @@ -185,32 +197,63 @@ class CompanyApplicationViewSet(viewsets.GenericViewSet): Get list of company {company_id}'s applications by vacancy {id} --- """ - if pk is None: - return list(self, request, company_id) - company = get_object_or_404(Company.objects.all().order_by('-updated'), pk=company_id) - if not request.user.is_superuser and request.user != company.user: - return Response({"error": "forbidden"}, status=status.HTTP_403_FORBIDDEN) - vacancy = get_object_or_404(Vacancy.objects.all(), pk=pk) - if vacancy.company != company: - return Response({"error": "forbidden"}, status=status.HTTP_403_FORBIDDEN) - applications = Application.objects.filter(vacancy=vacancy) - st = request.query_params.get('status', None) - if st is not None: - try: + try: + if pk is None: + return list(self, request, company_id) + company = self.__get_company_list_by_company_id(request, company_id) + vacancy = self.__get_vacancy_list_by_pk(pk, company) + applications = self.__get_aplication_by_vacancy(vacancy) + st = self.__get_status_from_request_param(request) + if st is not None: st = int(st) - if st < 0 or st > 4: - return Response({"error": "status must be an integer between 0 and 4"}, - status=status.HTTP_400_BAD_REQUEST) + self.__validating_application_status(st) applications = applications.filter(status=st) - except: - return Response({"error": "status must be an integer between 0 and 4"}, \ - status=status.HTTP_400_BAD_REQUEST) - page = self.paginate_queryset(applications) - if page is not None: - return self.get_paginated_response( - ApplicationSerializer(page, many=True, context={'request': request}).data) - return Response(ApplicationSerializer(applications, many=True, context={'request': request}).data) + page = self.paginate_queryset(applications) + if page is not None: + return self.get_paginated_response( + ApplicationSerializer(page, many=True, context={'request': request}).data) + return Response(ApplicationSerializer(applications, many=True, context={'request': request}).data) + except UnauthorizeError: + return Response({"error": "forbidden"}, status=status.HTTP_403_FORBIDDEN) + except (StatusError, ValueError): + return Response({"error": "status must be an integer between 0 and 4"}, \ + status=status.HTTP_400_BAD_REQUEST) + + def __get_company_list_by_company_id(self, request, company_id): + company = get_object_or_404(Company.objects.all().order_by('-updated'), pk=company_id) + if not self.__validating_user(request, company): + raise UnauthorizeError + return company + + def __validating_user(self, request, company): + return request.user.is_superuser or request.user == company.user + + def __get_vacancy_list_by_pk(self, pk, company): + vacancy = get_object_or_404(Vacancy.objects.all(), pk=pk) + if not self.__validating_vacancy(vacancy, company): + raise UnauthorizeError + return vacancy + + def __validating_vacancy(self, vacancy, company): + return vacancy.company == company + + def __get_vacancy_list_filter_by_company(self, company): + return Vacancy.objects.filter(company=company) + + def __get_application_list_filter_by_vacancies(self, vacancies): + return Application.objects.filter(vacancy__in=vacancies) + + def __get_aplication_by_vacancy(self, vacancy): + return Application.objects.filter(vacancy=vacancy) + def __get_status_from_request_param(self, request): + return request.query_params.get('status', None) + + def __validating_application_status(self, status): + list_status = {0 : "NEW", 1 : "READ", 2 : "BOOKMARKED", 3 : "REJECTED", 4: "ACCEPTED"} + if status not in list_status: + raise StatusError + return True class CompanyVacanciesViewSet(viewsets.GenericViewSet): queryset = Vacancy.objects.all() -- GitLab