Merge pull request #260 from Mosquito-Alert/api_photos_endpoint

epou · web-flow · commit b4a22d257494 · 2024-10-30T12:18:20.000+01:00
Added API endpoint for photos
diff --git a/api/serializers.py b/api/serializers.py
@@ -553,4 +553,22 @@ def create(self, validated_data):
         instance.save()
         return instance
     class Meta(UserSerializer.Meta):
-        fields = UserSerializer.Meta.fields + ("password",)
+        fields = UserSerializer.Meta.fields + ("password",)
+
+class PhotoSerializer(serializers.ModelSerializer):
+
+    image_path = serializers.SerializerMethodField()
+
+    def get_image_path(self, obj) -> str:
+        return obj.photo.path
+
+    class Meta:
+        model = Photo
+        fields = (
+            "uuid",
+            "image_url",
+            "image_path"
+        )
+        extra_kwargs = {
+            "image_url": {"source": "photo"},
+        }
diff --git a/api/tests/conftest.py b/api/tests/conftest.py
@@ -3,11 +3,12 @@
 
 from rest_framework.authtoken.models import Token
 
+from django.core.files.uploadedfile import SimpleUploadedFile
 from django.contrib.auth import get_user_model
 from django.utils import timezone
 
 from api.tests.utils import grant_permission_to_user
-from tigaserver_app.models import EuropeCountry, TigaUser, Report
+from tigaserver_app.models import EuropeCountry, TigaUser, Report, Photo
 
 User = get_user_model()
 
@@ -23,10 +24,17 @@ def app_user(user_password):
     user.save(0)
     return user
 
+@pytest.fixture
+def dummy_image():
+    # Prepare a fake image file
+    image_content = b"fake image content"  # Replace with actual binary data if needed
+    test_image = SimpleUploadedFile("test_image.jpg", image_content, content_type="image/jpeg")
+
+    return test_image
 
 @pytest.fixture
-def adult_report(app_user):
-    return Report.objects.create(
+def adult_report(app_user, dummy_image):
+    r = Report.objects.create(
         user=app_user,
         report_id=1234,  # TODO: change
         phone_upload_time=timezone.now(),
@@ -38,6 +46,16 @@ def adult_report(app_user):
         current_location_lat=2,
     )
 
+    _ = Photo.objects.create(
+        photo=dummy_image,
+        report=r,
+    )
+
+    return r
+
+@pytest.fixture
+def report_photo(adult_report):
+    return adult_report.photos.first()
 
 @pytest.fixture
 def django_live_url(live_server):
@@ -80,7 +98,6 @@ def user():
         password=User.objects.make_random_password(),
     )
 
-
 @pytest.fixture
 def token_instance_user(user):
     token, _ = Token.objects.get_or_create(user=user)
diff --git a/api/tests/integration/photos/conftest.py b/api/tests/integration/photos/conftest.py
@@ -0,0 +1,9 @@
+import pytest
+
+from tigaserver_app.models import Photo
+
+
+# NOTE: needed for token with perms fixture
+@pytest.fixture
+def model_class():
+    return Photo
diff --git a/api/tests/integration/photos/create.tavern.yml b/api/tests/integration/photos/create.tavern.yml
@@ -0,0 +1,39 @@
+---
+
+test_name: Create is disabled for all users
+
+includes:
+  - !include schema.yml
+
+marks:
+  - usefixtures:
+    - api_live_url
+    - token_user_can_add
+
+stages:
+  - id: signup
+    type: ref
+  - id: login
+    type: ref
+  - name: Create method not exist for mobile users
+    request:
+      url: "{api_live_url}/{endpoint}/"
+      headers:
+        Authorization: "Bearer {token}"
+      method: "POST"
+    response:
+      status_code: 404
+  - name: Create method non authenticated users
+    request:
+      url: "{api_live_url}/{endpoint}/"
+      method: "POST"
+    response:
+      status_code: 404
+  - name: Create method users even with permissions
+    request:
+      url: "{api_live_url}/{endpoint}/"
+      headers:
+        Authorization: "Token {token_user_can_add}"
+      method: "POST"
+    response:
+      status_code: 404
diff --git a/api/tests/integration/photos/delete.tavern.yml b/api/tests/integration/photos/delete.tavern.yml
@@ -0,0 +1,38 @@
+test_name: Delete is disabled
+
+includes:
+  - !include schema.yml
+
+marks:
+  - usefixtures:
+    - api_live_url
+    - report_photo
+    - token_user_can_delete
+
+stages:
+  - id: signup
+    type: ref
+  - id: login
+    type: ref
+  - name: Delete is disabeld for mobile users
+    request:
+      url: "{api_live_url}/{endpoint}/{report_photo.uuid}/"
+      headers:
+        Authorization: "Bearer {token}"
+      method: "DELETE"
+    response:
+      status_code: 403
+  - name: Delete method non authenticated users
+    request:
+      url: "{api_live_url}/{endpoint}/{report_photo.uuid}/"
+      method: "DELETE"
+    response:
+      status_code: 403
+  - name: Delete method authenticated even users with permissions
+    request:
+      url: "{api_live_url}/{endpoint}/{report_photo.uuid}/"
+      headers:
+        Authorization: "Token {token_user_can_delete}"
+      method: "DELETE"
+    response:
+      status_code: 405
diff --git a/api/tests/integration/photos/get.tavern.yml b/api/tests/integration/photos/get.tavern.yml
@@ -0,0 +1,41 @@
+---
+
+test_name: Photos can be read only by authenticated users.
+
+includes:
+  - !include schema.yml
+
+marks:
+  - usefixtures:
+    - api_live_url
+    - report_photo
+    - token_user
+
+stages:
+  - id: signup
+    type: ref
+  - id: login
+    type: ref
+  - name: Retrieve is not allowed for mobile users
+    request:
+      url: "{api_live_url}/{endpoint}/{report_photo.uuid}/"
+      headers:
+        Authorization: "Bearer {token}"
+      method: "GET"
+    response:
+      status_code: 403
+  - name: Non auth user can not retrieve
+    request:
+      url: "{api_live_url}/{endpoint}/{report_photo.uuid}/"
+      method: "GET"
+    response:
+      status_code: 403
+  - name: User without perm view can retrieve
+    request:
+      url: "{api_live_url}/{endpoint}/{report_photo.uuid}/"
+      method: "GET"
+      headers:
+        Authorization: "Token {token_user:s}"
+    response:
+      status_code: 200
+      json: !force_format_include "{response_data_validation}"
diff --git a/api/tests/integration/photos/list.tavern.yml b/api/tests/integration/photos/list.tavern.yml
@@ -0,0 +1,37 @@
+test_name: Photos can not be listed.
+
+includes:
+  - !include schema.yml
+
+marks:
+  - usefixtures:
+    - api_live_url
+    - token_user_can_view
+
+stages:
+  - id: signup
+    type: ref
+  - id: login
+    type: ref
+  - name: List method returns not exist for mobile users
+    request:
+      url: "{api_live_url}/{endpoint}/"
+      headers:
+        Authorization: "Bearer {token}"
+      method: "GET"
+    response:
+      status_code: 404
+  - name: Non auth user can not list
+    request:
+      url: "{api_live_url}/{endpoint}/"
+      method: "GET"
+    response:
+      status_code: 404
+  - name: Auth user can not list even with permission
+    request:
+      url: "{api_live_url}/{endpoint}/"
+      method: "GET"
+      headers:
+        Authorization: "Token {token_user_can_view:s}"
+    response:
+      status_code: 404
diff --git a/api/tests/integration/photos/schema.yml b/api/tests/integration/photos/schema.yml
@@ -0,0 +1,11 @@
+---
+
+name: Common test information
+description: Login information for test server
+
+variables:
+  endpoint: "photos"
+  response_data_validation:
+    uuid: !anystr
+    image_url: !anystr
+    image_path: !anystr
diff --git a/api/tests/integration/photos/update.tavern.yml b/api/tests/integration/photos/update.tavern.yml
@@ -0,0 +1,43 @@
+test_name: Update is disabled
+
+includes:
+  - !include schema.yml
+
+marks:
+  - usefixtures:
+    - api_live_url
+    - report_photo
+    - token_user_can_change
+  - parametrize:
+      key: method
+      vals:
+        - PUT
+        - PATCH
+
+stages:
+  - id: signup
+    type: ref
+  - id: login
+    type: ref
+  - name: Update is disabeld for mobile users
+    request:
+      url: "{api_live_url}/{endpoint}/{report_photo.uuid}/"
+      headers:
+        Authorization: "Bearer {token}"
+      method: "{method}"
+    response:
+      status_code: 403
+  - name: Update is disabeld for non auth users
+    request:
+      url: "{api_live_url}/{endpoint}/{report_photo.uuid}/"
+      method: "{method}"
+    response:
+      status_code: 403
+  - name: Update is disabeld users even with permissions
+    request:
+      url: "{api_live_url}/{endpoint}/{report_photo.uuid}/"
+      headers:
+        Authorization: "Token {token_user_can_change}"
+      method: "{method}"
+    response:
+      status_code: 405
diff --git a/api/tests/integration/reports/list.tavern.yml b/api/tests/integration/reports/list.tavern.yml
@@ -218,7 +218,7 @@ stages:
       strict:
         - json:off
       json:
-        count: 0
+        count: 1
   - name: Filter by has_photos False
     request:
       url: "{api_live_url}/{endpoint}/?has_photos=false"
@@ -228,4 +228,4 @@ stages:
       strict:
         - json:off
       json:
-        count: 1
+        count: 0
diff --git a/api/urls.py b/api/urls.py
@@ -15,6 +15,7 @@
     PartnersViewSet,
     CountriesViewSet,
     NotificationViewSet,
+    PhotoViewSet,
 )
 
 
@@ -37,6 +38,7 @@ def get(self, request, *args, **kwargs):
 router.register(r"fixes", FixViewSet)
 router.register(r"notifications", NotificationViewSet)
 router.register(r"partners", PartnersViewSet)
+router.register(r"photos", PhotoViewSet)
 router.register(r"reports", ReportViewSet)
 router.register(r"users", UserViewSet)
 
diff --git a/api/views.py b/api/views.py
@@ -40,14 +40,15 @@
     ReportSerializer,
     FixSerializer,
     CountrySerializer,
+    PhotoSerializer,
 )
 from .serializers import (
     DetailNotificationSerializer,
     TopicNotificationCreateSerializer,
     UserNotificationCreateSerializer,
 )
 from .permissions import NotificationObjectPermissions, ReportPermissions
-from .viewsets import GenericViewSet
+from .viewsets import GenericViewSet, GenericNoMobileViewSet
 
 User = get_user_model()
 
@@ -194,4 +195,13 @@ def get_serializer_class(self):
         if self.request.method == "POST":
             return CreateUserSerializer
         else:
-            return UserSerializer
+            return UserSerializer
+
+class PhotoViewSet(
+    RetrieveModelMixin, GenericNoMobileViewSet
+):
+    queryset = Photo.objects.filter(hide=False)
+    serializer_class = PhotoSerializer
+
+    lookup_field = 'uuid'
+    lookup_url_kwarg = 'uuid'
diff --git a/api/viewsets.py b/api/viewsets.py
@@ -2,6 +2,7 @@
 from rest_framework.viewsets import GenericViewSet as DRFGenericViewSet
 from rest_framework.pagination import PageNumberPagination
 from rest_framework.parsers import JSONParser, FormParser, MultiPartParser
+from rest_framework import permissions
 from rest_framework.renderers import JSONRenderer
 
 from .auth.authentication import AppUserJWTAuthentication
@@ -24,3 +25,10 @@ class GenericViewSet(DRFGenericViewSet):
     permission_classes = (UserObjectPermissions,)
     parser_classes = (JSONParser, FormParser, MultiPartParser)
     renderer_classes = (JSONRenderer,)
+
+class GenericNoMobileViewSet(GenericViewSet):
+    authentication_classes = (
+        SessionAuthentication,
+        TokenAuthentication,
+    )
+    permission_classes = (permissions.DjangoModelPermissions,)
diff --git a/tigaserver_app/urls.py b/tigaserver_app/urls.py
