create file approve & reject urls

opensafely-core · Mar 22, 2024 · ecb3fb7 · ecb3fb7
1 parent 07b5d3b
commit ecb3fb7
Show file tree

Hide file tree

Showing 4 changed files with 152 additions and 7 deletions.
diff --git a/airlock/urls.py b/airlock/urls.py
@@ -76,6 +76,16 @@
         airlock.views.request_contents,
         name="request_contents",
     ),
+    path(
+        "requests/approve/<str:request_id>/<path:path>",
+        airlock.views.file_approve,
+        name="file_approve",
+    ),
+    path(
+        "requests/reject/<str:request_id>/<path:path>",
+        airlock.views.file_reject,
+        name="file_reject",
+    ),
     path(
         "requests/release/<str:request_id>",
         airlock.views.request_release_files,

diff --git a/airlock/views/__init__.py b/airlock/views/__init__.py
@@ -1,6 +1,8 @@
 from .auth import login, logout
 from .index import index
 from .request import (
+    file_approve,
+    file_reject,
     request_contents,
     request_index,
     request_reject,

diff --git a/airlock/views/request.py b/airlock/views/request.py
@@ -152,6 +152,47 @@ def request_reject(request, request_id):
     return redirect(release_request.get_url())
 
 
+@instrument(kwarg_attributes={"release_request": "request_id"})
+@require_http_methods(["POST"])
+def file_approve(request, request_id, path: str):
+    release_request = get_release_request_or_raise(request.user, request_id)
+
+    try:
+        relpath = release_request.get_request_file(path).relpath
+    except bll.FileNotFound:
+        raise Http404()
+
+    try:
+        bll.approve_file(release_request, relpath, request.user)
+    except bll.ApprovalPermissionDenied as exc:
+        raise PermissionDenied(str(exc))
+
+    messages.success(request, "File has been approved")
+    # TODO: this should go to the previous page (file view?)
+    return redirect(release_request.get_url())
+
+
+@instrument(kwarg_attributes={"release_request": "request_id"})
+@require_http_methods(["POST"])
+def file_reject(request, request_id, path: str):
+    release_request = get_release_request_or_raise(request.user, request_id)
+
+    try:
+        relpath = release_request.get_request_file(path).relpath
+    except bll.FileNotFound:
+        raise Http404()
+
+    try:
+        bll.reject_file(release_request, relpath, request.user)
+    except bll.ApprovalPermissionDenied as exc:
+        raise PermissionDenied(str(exc))
+
+    # TODO: should this be messages.error() ?
+    messages.success(request, "File has been rejected")
+    # TODO: this should go to the previous page (file view?)
+    return redirect(release_request.get_url())
+
+
 @instrument(kwarg_attributes={"release_request": "request_id"})
 @require_http_methods(["POST"])
 def request_release_files(request, request_id):

diff --git a/tests/integration/views/test_request.py b/tests/integration/views/test_request.py
@@ -1,9 +1,10 @@
 from io import BytesIO
+from pathlib import PurePosixPath as UrlPath
 
 import pytest
 import requests
 
-from airlock.business_logic import RequestFileType, RequestStatus
+from airlock.business_logic import FileReviewStatus, RequestFileType, RequestStatus
 from tests import factories
 from tests.conftest import get_trace
 
@@ -349,23 +350,114 @@ def test_request_submit_not_author(airlock_client):
     assert persisted_request.status == RequestStatus.PENDING
 
 
-def test_request_reject_output_checker(airlock_client):
+@pytest.mark.parametrize("review", [("approve"), ("reject")])
+def test_file_review_bad_user(airlock_client, review):
+    workspace = "test1"
+    airlock_client.login(workspaces=[workspace], output_checker=False)
+    author = factories.create_user("author", [workspace], False)
+    release_request = factories.create_release_request(
+        workspace,
+        user=author,
+        status=RequestStatus.SUBMITTED,
+    )
+    path = "path/test.txt"
+    factories.write_request_file(release_request, "group", path, contents="test")
+
+    response = airlock_client.post(
+        f"/requests/{review}/{release_request.id}/group/{path}"
+    )
+    assert response.status_code == 403
+    relpath = UrlPath(path)
+    assert (
+        len(
+            factories.bll.get_release_request(release_request.id, author)
+            .filegroups["group"]
+            .files[relpath]
+            .reviews
+        )
+        == 0
+    )
+
+
+@pytest.mark.parametrize("review", [("approve"), ("reject")])
+def test_file_review_bad_file(airlock_client, review):
     airlock_client.login(output_checker=True)
     author = factories.create_user("author", ["test1"], False)
     release_request = factories.create_release_request(
         "test1",
         user=author,
         status=RequestStatus.SUBMITTED,
     )
-    factories.write_request_file(release_request, "group", "path/test.txt")
+    path = "path/test.txt"
+    factories.write_request_file(release_request, "group", path, contents="test")
+
+    bad_path = "path/bad.txt"
+    response = airlock_client.post(
+        f"/requests/{review}/{release_request.id}/group/{bad_path}"
+    )
+    assert response.status_code == 404
+    relpath = UrlPath(path)
+    assert (
+        len(
+            factories.bll.get_release_request(release_request.id, author)
+            .filegroups["group"]
+            .files[relpath]
+            .reviews
+        )
+        == 0
+    )
 
-    response = airlock_client.post(f"/requests/reject/{release_request.id}")
 
+def test_file_approve(airlock_client):
+    airlock_client.login(output_checker=True)
+    author = factories.create_user("author", ["test1"], False)
+    release_request = factories.create_release_request(
+        "test1",
+        user=author,
+        status=RequestStatus.SUBMITTED,
+    )
+    path = "path/test.txt"
+    factories.write_request_file(release_request, "group", path, contents="test")
+
+    response = airlock_client.post(
+        f"/requests/approve/{release_request.id}/group/{path}"
+    )
     assert response.status_code == 302
-    persisted_request = factories.bll.get_release_request(
-        release_request.id, airlock_client.user
+    relpath = UrlPath(path)
+    review = (
+        factories.bll.get_release_request(release_request.id, author)
+        .filegroups["group"]
+        .files[relpath]
+        .reviews[0]
+    )
+    assert review.status == FileReviewStatus.APPROVED
+    assert review.reviewer == "testuser"
+
+
+def test_file_reject(airlock_client):
+    airlock_client.login(output_checker=True)
+    author = factories.create_user("author", ["test1"], False)
+    release_request = factories.create_release_request(
+        "test1",
+        user=author,
+        status=RequestStatus.SUBMITTED,
     )
-    assert persisted_request.status == RequestStatus.REJECTED
+    path = "path/test.txt"
+    factories.write_request_file(release_request, "group", path, contents="test")
+
+    response = airlock_client.post(
+        f"/requests/reject/{release_request.id}/group/{path}"
+    )
+    assert response.status_code == 302
+    relpath = UrlPath(path)
+    review = (
+        factories.bll.get_release_request(release_request.id, author)
+        .filegroups["group"]
+        .files[relpath]
+        .reviews[0]
+    )
+    assert review.status == FileReviewStatus.REJECTED
+    assert review.reviewer == "testuser"
 
 
 def test_request_reject_not_output_checker(airlock_client):