fix: Disallow attendee editing if order status not initializing #7085
Conversation
app/api/attendees.py
Outdated
| @@ -206,6 +206,12 @@ def before_update_object(self, obj, data, kwargs): | |||
| :param kwargs: | |||
| :return: | |||
| """ | |||
| order = safe_query(Order, 'id', obj.order_id, 'id') | |||
There was a problem hiding this comment.
Use new method, safe_query_by_id
app/api/attendees.py
Outdated
| order = safe_query(Order, 'id', obj.order_id, 'id') | ||
| if order.status != 'initializing': | ||
| raise UnprocessableEntityError( | ||
| {'pointer': '/data/id'}, "Order status is not initializing", |
There was a problem hiding this comment.
This is not proper error. You should say that attendee can't be updated and why
|
Add a test for the appropriate cases, like places, completed, pending. Also, attendee should not be able to be deleted as well once it is created |
| if order.status != 'initializing': | ||
| raise UnprocessableEntityError( | ||
| {'pointer': '/data/id'}, | ||
| "Attendee can't be updated because the corresponding order is not in initializing state", |
There was a problem hiding this comment.
line too long (105 > 90 characters)
@iamareebjamal Yes, right now we can't delete attendee if order status is initializing, but the error message is same as that of edit attendee. |
|
OK. Please fix dredd tests and add new tests |
| { | ||
| 'data': { | ||
| 'type': 'attendee', | ||
| 'id': str(attendee.id), |
There was a problem hiding this comment.
You should modify some attributes here and
|
|
||
| # Attendee should not be updated | ||
| assert response.status_code == 422 | ||
| assert attendee.order.id == attendee_order.id |
There was a problem hiding this comment.
Check here that those attributes aren't modified. You copied a test which was testing that order was not modified. That isn't needed here
|
|
||
| # Attendee should not be updated | ||
| assert response.status_code == 422 | ||
| assert attendee.order.id == attendee_order.id |
| @@ -46,7 +46,7 @@ | |||
| from tests.factories.session import SessionFactory | |||
| from tests.factories.speaker import SpeakerFactory | |||
| from tests.factories.ticket import TicketFactory | |||
| from tests.factories.attendee import AttendeeFactory | |||
| from tests.factories.attendee import AttendeeFactory, AttendeeOrderSubFactory | |||
There was a problem hiding this comment.
module level import not at top of file
|
Great, now let's just hope dredd works |
|
It will work |
|
Complexity increasing per file
==============================
- app/api/attendees.py 1
Clones added
============
- tests/all/integration/api/attendee/test_attendee_api.py 2
See the complete overview on Codacy |
Codecov Report
@@ Coverage Diff @@
## development #7085 +/- ##
============================================
Coverage 62.00% 62.01%
============================================
Files 262 262
Lines 12992 12995 +3
============================================
+ Hits 8056 8059 +3
Misses 4936 4936
Continue to review full report at Codecov.
|
|
Working. Saw old status |
Fixes #7066
Short description of what this resolves:
Attendee details can be edited even if the status of the corresponding order is not
initializing.Changes proposed in this pull request:
Attendee can no longer be edited if the order status is not
initializing.Checklist
developmentbranch.