diff --git a/back_latienda/urls.py b/back_latienda/urls.py index 99f4276..91431ad 100644 --- a/back_latienda/urls.py +++ b/back_latienda/urls.py @@ -39,9 +39,8 @@ urlpatterns = [ path('api/v1/search_products/', product_views.product_search, name='product-search'), path('api/v1/create_company_user/', core_views.create_company_user, name='create-company-user'), path('api/v1/my_user/', core_views.my_user, name='my-user'), - # path('api/v1/my_company/', company_views.my_company , name='my-company'), path('api/v1/companies/sample/', company_views.random_company_sample , name='company-sample'), - # path('api/v1/my_products/', product_views.my_products, name='my-products'), + path('api/v1/purchase_email/', product_views.purchase_email, name='purchase-email'), path('api/v1/stats/me/', stat_views.track_user, name='user-tracker'), path('api/v1/autocomplete/category-tag/', product_views.CategoryTagAutocomplete.as_view(), name='category-autocomplete'), path('api/v1/', include(router.urls)), diff --git a/companies/tests.py b/companies/tests.py index 1bd5c51..343ea7c 100644 --- a/companies/tests.py +++ b/companies/tests.py @@ -293,6 +293,7 @@ class CompanyViewSetTest(APITestCase): # check order self.assertTrue(response.data[0]['id'] > response.data[1]['id']) + # TODO: test email_manager action class MyCompanyViewTest(APITestCase): """CompanyViewset tests diff --git a/products/tests.py b/products/tests.py index cc5563e..622eb3f 100644 --- a/products/tests.py +++ b/products/tests.py @@ -6,6 +6,7 @@ from urllib.parse import quote from django.utils import timezone from django.test import TestCase +from django.core import mail from rest_framework.test import APITestCase from rest_framework import status @@ -1195,3 +1196,38 @@ class FindRelatedProductsTest(APITestCase): # assert result self.assertTrue(len(results) == len(expected_instances)) + +class PurchaseEmailTest(APITestCase): + + def setUp(self): + """Tests setup + """ + self.endpoint = '/api/v1/purchase_email/' + self.factory = ProductFactory + self.model = Product + # create user + self.email = f"user@mail.com" + self.password = ''.join(random.choices(string.ascii_uppercase, k = 10)) + self.user = CustomUserFactory(email=self.email, is_active=True) + self.user.set_password(self.password) + # self.user.role = 'SITE_ADMIN' + self.user.save() + + def test_anon_user_can_use(self): + + company = CompanyFactory() + product = ProductFactory(company=company) + + data = { + 'email': self.email, + 'telephone': '123123123', + 'company': company.id, + 'product': product.id, + 'comment': '', + } + response = self.client.post(self.endpoint, json=data) + import ipdb; ipdb.set_trace() + # assertions + self.assertEquals(response.status_code, 200) + self.assertEquals(2, len(mail.outbox)) + diff --git a/products/views.py b/products/views.py index 9d24ba2..8cf0fb3 100644 --- a/products/views.py +++ b/products/views.py @@ -11,7 +11,7 @@ from django.contrib.auth import get_user_model from rest_framework import status from rest_framework import viewsets from rest_framework.response import Response -from rest_framework.permissions import IsAuthenticatedOrReadOnly, IsAdminUser, IsAuthenticated +from rest_framework.permissions import IsAuthenticatedOrReadOnly, IsAdminUser, IsAuthenticated, AllowAny from rest_framework.decorators import api_view, permission_classes, action from rest_framework.filters import OrderingFilter @@ -247,6 +247,7 @@ class CategoryTagAutocomplete(autocomplete.Select2QuerySetView): return qs # [x.label for x in qs] +@permission_classes([AllowAny,]) @api_view(['POST']) def purchase_email(request): """Notify coop manager and user about item purchase @@ -275,7 +276,7 @@ def purchase_email(request): if not manager and manager.role != 'COOP_MANAGER': return Response({"error": "Company has no managing user"}, status=status.HTTP_406_NOT_ACCEPTABLE) # get product - product = Product.objects.filter(id=data['product']).first() + product = Product.objects.filter(id=data['product'], company=company).first() if not product: return Response({"error": "Invalid value for product"}, status=status.HTTP_406_NOT_ACCEPTABLE)