Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Creating crud endpoint for user and facility flag #2585

Open
wants to merge 16 commits into
base: develop
Choose a base branch
from
Open

Creating crud endpoint for user and facility flag #2585

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
d812351
added user/facility flag crud endpoint and their tests
DraKen0009 Nov 6, 2024
1e07d95
moved test to correct folder
DraKen0009 Nov 6, 2024
34c97d0
excluded create at field
DraKen0009 Nov 6, 2024
bf7a237
added filter and improved tests
DraKen0009 Nov 6, 2024
d274955
updated isSuperUser permission class
DraKen0009 Nov 6, 2024
31c1d4e
Merge branch 'develop' into createing-crud-endpoint-for-user-and-faci…
DraKen0009 Nov 6, 2024
068d1a9
resolved merge conflicts
DraKen0009 Nov 23, 2024
ad8df9b
resolved merge conflicts
DraKen0009 Nov 23, 2024
01a63e4
Merge branch 'develop' into createing-crud-endpoint-for-user-and-faci…
DraKen0009 Nov 26, 2024
1791548
added test and url for listing available flags
DraKen0009 Nov 26, 2024
4a9b990
add try catch for error handling of falg endpoints
DraKen0009 Nov 27, 2024
9de3e43
Merge branch 'develop' into createing-crud-endpoint-for-user-and-faci…
DraKen0009 Dec 2, 2024
f7fbea1
fixed changes in comments
DraKen0009 Dec 3, 2024
0427391
Merge branch 'develop' into createing-crud-endpoint-for-user-and-faci…
DraKen0009 Dec 3, 2024
e49b72b
Merge branch 'develop' into createing-crud-endpoint-for-user-and-faci…
DraKen0009 Dec 13, 2024
486d2fa
Merge branch 'develop' into createing-crud-endpoint-for-user-and-faci…
DraKen0009 Dec 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions care/facility/api/serializers/facility_flag.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
from rest_framework import serializers

from care.facility.models import Facility, FacilityFlag
from care.utils.serializers.fields import ExternalIdSerializerField


class FacilityFlagSerializer(serializers.ModelSerializer):
id = serializers.UUIDField(source="external_id", read_only=True)
facility = ExternalIdSerializerField(queryset=Facility.objects.all(), required=True)

vigneshhari marked this conversation as resolved.
Show resolved Hide resolved
class Meta:
model = FacilityFlag
exclude = ["external_id", "deleted", "modified_date", "created_date"]
12 changes: 12 additions & 0 deletions care/facility/api/viewsets/facility_flag.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
from rest_framework import viewsets

from care.facility.api.serializers.facility_flag import FacilityFlagSerializer
from care.facility.models import FacilityFlag
from care.utils.custom_permissions import IsSuperUser


class FacilityFlagViewSet(viewsets.ModelViewSet):
DraKen0009 marked this conversation as resolved.
Show resolved Hide resolved
queryset = FacilityFlag.objects.all()
serializer_class = FacilityFlagSerializer
permission_classes = [IsSuperUser]
lookup_field = "external_id"
127 changes: 127 additions & 0 deletions care/facility/tests/test_facility_flags_api.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,127 @@
from rest_framework import status
from rest_framework.test import APITestCase

from care.utils.registries.feature_flag import FlagRegistry, FlagType
from care.utils.tests.test_utils import TestUtils


class FacilityFlagsViewSetTestCase(TestUtils, APITestCase):
@classmethod
def setUpTestData(cls):
FlagRegistry.register(FlagType.FACILITY, "TEST_FLAG")
FlagRegistry.register(FlagType.FACILITY, "TEST_FLAG_2")

cls.state = cls.create_state()
cls.district = cls.create_district(cls.state)
cls.local_body = cls.create_local_body(cls.district)
cls.super_user = cls.create_super_user("su", cls.district)
cls.facility = cls.create_facility(cls.super_user, cls.district, cls.local_body)
cls.facility2 = cls.create_facility(
cls.super_user, cls.district, cls.local_body
)
cls.user = cls.create_user("staff", cls.district, home_facility=cls.facility)
cls.facility_flag_2 = cls.create_facility_flag("TEST_FLAG_2", cls.facility)

def setUp(self):
self.facility_flag_1 = self.create_facility_flag("TEST_FLAG", self.facility)

def get_url(self, facility_flag_id=None):
base_url = "/api/v1/facility_flags/"
if facility_flag_id is not None:
base_url += f"{facility_flag_id}/"
return base_url

def test_access_with_non_super_user(self):
self.client.force_authenticate(user=self.user)
response = self.client.get(self.get_url())
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)

def test_access_with_super_user(self):
self.client.force_authenticate(user=self.super_user)
response = self.client.get(self.get_url())
self.assertEqual(response.status_code, status.HTTP_200_OK)

def test_list_facility_flags(self):
self.client.force_authenticate(user=self.super_user)
response = self.client.get(self.get_url())
self.assertEqual(response.status_code, status.HTTP_200_OK)
data = response.json()
self.assertEqual(data["count"], 2)

def test_create_facility_flag(self):
self.client.force_authenticate(user=self.super_user)

# Attempting to create a duplicate flag
response = self.client.post(
self.get_url(), {"flag": "TEST_FLAG", "facility": self.facility.external_id}
)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)

# Creating a new facility flag
response = self.client.post(
self.get_url(),
{"flag": "TEST_FLAG", "facility": self.facility2.external_id},
)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Your error messages are as vague as my grandmother's cooking instructions

In your create test, you're checking for a 400 status code but not verifying the actual error message. I mean, who needs to know why something failed, right?

Add assertion for the error message:

     response = self.client.post(
         self.get_url(), {"flag": "TEST_FLAG", "facility": self.facility.external_id}
     )
     self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+    self.assertEqual(response.json()["detail"], "Facility flag already exists")
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
def test_create_facility_flag(self):
self.client.force_authenticate(user=self.super_user)
# Attempting to create a duplicate flag
response = self.client.post(
self.get_url(), {"flag": "TEST_FLAG", "facility": self.facility.external_id}
)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
# Creating a new facility flag
response = self.client.post(
self.get_url(),
{"flag": "TEST_FLAG", "facility": self.facility2.external_id},
)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
def test_create_facility_flag(self):
self.client.force_authenticate(user=self.super_user)
# Attempting to create a duplicate flag
response = self.client.post(
self.get_url(), {"flag": "TEST_FLAG", "facility": self.facility.external_id}
)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(response.json()["detail"], "Facility flag already exists")
# Creating a new facility flag
response = self.client.post(
self.get_url(),
{"flag": "TEST_FLAG", "facility": self.facility2.external_id},
)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)

def test_retrieve_facility_flag(self):
self.client.force_authenticate(user=self.super_user)
response = self.client.get(self.get_url(self.facility_flag_1.external_id))
self.assertEqual(response.status_code, status.HTTP_200_OK)
data = response.json()
self.assertEqual(data["flag"], "TEST_FLAG")
self.assertEqual(data["facility"], str(self.facility.external_id))

def test_update_facility_flag(self):
self.client.force_authenticate(user=self.super_user)

# Confirming original values
response = self.client.get(self.get_url(self.facility_flag_1.external_id))
self.assertEqual(response.status_code, status.HTTP_200_OK)
data = response.json()
self.assertEqual(data["flag"], "TEST_FLAG")
self.assertEqual(data["facility"], str(self.facility.external_id))

# Update the facility flag
response = self.client.put(
self.get_url(self.facility_flag_1.external_id),
{"flag": "TEST_FLAG", "facility": self.facility2.external_id},
)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.facility_flag_1.refresh_from_db()
self.assertEqual(self.facility_flag_1.flag, "TEST_FLAG")
self.assertEqual(
self.facility_flag_1.facility.external_id, self.facility2.external_id
)

def test_patch_facility_flag(self):
self.client.force_authenticate(user=self.super_user)

# Confirming original values
response = self.client.get(self.get_url(self.facility_flag_1.external_id))
self.assertEqual(response.status_code, status.HTTP_200_OK)
data = response.json()
self.assertEqual(data["flag"], "TEST_FLAG")
self.assertEqual(data["facility"], str(self.facility.external_id))

# Patch the facility flag
response = self.client.patch(
self.get_url(self.facility_flag_1.external_id),
{"facility": self.facility2.external_id},
)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.facility_flag_1.refresh_from_db()
self.assertEqual(self.facility_flag_1.flag, "TEST_FLAG")
self.assertEqual(
self.facility_flag_1.facility.external_id, self.facility2.external_id
)

def test_creating_facility_flag_with_non_existing_flag(self):
self.client.force_authenticate(user=self.super_user)

response = self.client.post(
self.get_url(),
{"flag": "TEST_FLAG_NON_EXISTING", "facility": self.facility2.external_id},
)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(response.json()["detail"], "Flag not registered")
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Well, well, well... someone forgot about the 'D' in CRUD

Your test coverage is almost complete, but I couldn't help but notice you conveniently forgot to test the delete operation. I mean, it's not like data deletion is important or anything... 🙄

Add a test for delete operation:

def test_delete_facility_flag(self):
    self.client.force_authenticate(user=self.super_user)
    
    # Verify the flag exists
    response = self.client.get(self.get_url(self.facility_flag_1.external_id))
    self.assertEqual(response.status_code, status.HTTP_200_OK)
    
    # Delete the flag
    response = self.client.delete(self.get_url(self.facility_flag_1.external_id))
    self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
    
    # Verify it's gone
    response = self.client.get(self.get_url(self.facility_flag_1.external_id))
    self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)

13 changes: 13 additions & 0 deletions care/users/api/serializers/user_flag.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
from rest_framework import serializers

from care.users.models import User, UserFlag
from care.utils.serializers.fields import ExternalIdSerializerField


class UserFlagSerializer(serializers.ModelSerializer):
id = serializers.UUIDField(source="external_id", read_only=True)
user = ExternalIdSerializerField(queryset=User.objects.all(), required=True)
sainak marked this conversation as resolved.
Show resolved Hide resolved

class Meta:
model = UserFlag
exclude = ["external_id", "deleted", "modified_date", "created_date"]
12 changes: 12 additions & 0 deletions care/users/api/viewsets/user_flag.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
from rest_framework import viewsets

from care.users.api.serializers.user_flag import UserFlagSerializer
from care.users.models import UserFlag
from care.utils.custom_permissions import IsSuperUser


class UserFlagViewSet(viewsets.ModelViewSet):
queryset = UserFlag.objects.all()
serializer_class = UserFlagSerializer
permission_classes = [IsSuperUser]
lookup_field = "external_id"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Oh sweetie, I see we're going for that minimalist approach! 🎨

While I absolutely adore how concise this is, there are just a teeny-tiny few things that might make this more... shall we say, production-ready?

  1. Documentation is apparently optional now? A docstring would be lovely to have, especially since this is a superuser-only endpoint.
  2. Pagination? I guess we're assuming the data will stay small forever! How optimistic!
  3. No filtering or search fields? I'm sure scrolling through ALL the flags is someone's idea of fun.
  4. Rate limiting? Error handling? I suppose we're living life on the edge!

Here's what a slightly more robust implementation might look like:

 class UserFlagViewSet(viewsets.ModelViewSet):
+    """
+    CRUD operations for UserFlag model.
+    
+    This viewset is restricted to superusers only and provides endpoints to manage user flags.
+    """
     queryset = UserFlag.objects.all()
     serializer_class = UserFlagSerializer
     permission_classes = [IsSuperUser]
     lookup_field = "external_id"
+    pagination_class = StandardResultsSetPagination
+    filterset_fields = ['user', 'flag_type', 'created_date']
+    search_fields = ['user__username', 'flag_type']
+    throttle_classes = [UserRateThrottle]

Committable suggestion skipped: line range outside the PR's diff.

120 changes: 120 additions & 0 deletions care/users/tests/test_user_flags_api.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,120 @@
from rest_framework import status
from rest_framework.test import APITestCase

from care.utils.registries.feature_flag import FlagRegistry, FlagType
from care.utils.tests.test_utils import TestUtils


class UserFlagsViewSetTestCase(TestUtils, APITestCase):
@classmethod
def setUpTestData(cls):
FlagRegistry.register(FlagType.USER, "TEST_FLAG")
FlagRegistry.register(FlagType.USER, "TEST_FLAG_2")

cls.state = cls.create_state()
cls.district = cls.create_district(cls.state)
cls.local_body = cls.create_local_body(cls.district)
cls.super_user = cls.create_super_user("su", cls.district)
cls.facility = cls.create_facility(cls.super_user, cls.district, cls.local_body)
cls.user = cls.create_user("staff", cls.district, home_facility=cls.facility)
cls.user_2 = cls.create_user("user2", cls.district, home_facility=cls.facility)
cls.user_flag_2 = cls.create_user_flag("TEST_FLAG_2", cls.user_2)

def setUp(self):
self.user_flag_1 = self.create_user_flag("TEST_FLAG", self.user)

def get_url(self, user_flag_id=None):
base_url = "/api/v1/user_flags/"
if user_flag_id is not None:
base_url += f"{user_flag_id}/"
return base_url

def test_access_with_non_super_user(self):
self.client.force_authenticate(user=self.user)
response = self.client.get(self.get_url())
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)

def test_access_with_super_user(self):
self.client.force_authenticate(user=self.super_user)
response = self.client.get(self.get_url())
self.assertEqual(response.status_code, status.HTTP_200_OK)

Comment on lines +35 to +44
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

How thoughtful of you to test the bare minimum access controls...

While you've covered the basic super user and non-super user cases (slow clap), you might want to consider adding tests for:

  • Unauthenticated access
  • Validation of error messages in the response body
  • Token-based authentication scenarios

But I guess that would be asking for too much... 🤷‍♂️

def test_list_user_flags(self):
self.client.force_authenticate(user=self.super_user)
response = self.client.get(self.get_url())
self.assertEqual(response.status_code, status.HTTP_200_OK)
data = response.json()
self.assertEqual(data["count"], 2)

def test_create_user_flag(self):
self.client.force_authenticate(user=self.super_user)

# Attempting to create a duplicate flag
response = self.client.post(
self.get_url(), {"flag": "TEST_FLAG", "user": self.user.external_id}
)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)

# Creating a new user flag
response = self.client.post(
self.get_url(), {"flag": "TEST_FLAG", "user": self.user_2.external_id}
)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)

def test_retrieve_user_flag(self):
self.client.force_authenticate(user=self.super_user)
response = self.client.get(self.get_url(self.user_flag_1.external_id))
self.assertEqual(response.status_code, status.HTTP_200_OK)
data = response.json()
self.assertEqual(data["flag"], "TEST_FLAG")
self.assertEqual(data["user"], str(self.user.external_id))

def test_update_user_flag(self):
self.client.force_authenticate(user=self.super_user)

# Confirm original values
response = self.client.get(self.get_url(self.user_flag_1.external_id))
data = response.json()
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(data["flag"], "TEST_FLAG")
self.assertEqual(data["user"], str(self.user.external_id))

# Update the user flag
response = self.client.put(
self.get_url(self.user_flag_1.external_id),
{"flag": "TEST_FLAG", "user": self.user_2.external_id},
)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.user_flag_1.refresh_from_db()
self.assertEqual(self.user_flag_1.flag, "TEST_FLAG")
self.assertEqual(self.user_flag_1.user.external_id, self.user_2.external_id)

def test_patch_user_flag(self):
self.client.force_authenticate(user=self.super_user)

# Confirm original values
response = self.client.get(self.get_url(self.user_flag_1.external_id))
self.assertEqual(response.status_code, status.HTTP_200_OK)
data = response.json()
self.assertEqual(data["flag"], "TEST_FLAG")
self.assertEqual(data["user"], str(self.user.external_id))

# Patch the user flag
response = self.client.patch(
self.get_url(self.user_flag_1.external_id),
{"user": self.user_2.external_id},
)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.user_flag_1.refresh_from_db()
self.assertEqual(self.user_flag_1.flag, "TEST_FLAG")
self.assertEqual(self.user_flag_1.user.external_id, self.user_2.external_id)

def test_creating_user_flag_with_non_existing_flag(self):
self.client.force_authenticate(user=self.super_user)

response = self.client.post(
self.get_url(),
{"flag": "TEST_FLAG_NON_EXISTING", "user": self.user.external_id},
)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(response.json()["detail"], "Flag not registered")
6 changes: 6 additions & 0 deletions care/utils/custom_permissions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
from rest_framework.permissions import BasePermission


class IsSuperUser(BasePermission):
def has_permission(self, request, view):
return request.user and request.user.is_superuser
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

I see we're being very trusting with our superuser checks.

While the implementation is functionally correct for the happy path, it's worth noting (not that anyone asked) that this doesn't protect against inactive superusers. I mean, who needs that level of security anyway? 🙃

Here's a slightly more thorough version, if you're interested in actual security:

class IsSuperUser(BasePermission):
    def has_permission(self, request, view):
-        return request.user and request.user.is_superuser
+        return bool(
+            request.user and
+            request.user.is_authenticated and
+            request.user.is_active and
+            request.user.is_superuser
+        )
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
class IsSuperUser(BasePermission):
def has_permission(self, request, view):
return request.user and request.user.is_superuser
class IsSuperUser(BasePermission):
def has_permission(self, request, view):
return bool(
request.user and
request.user.is_authenticated and
request.user.is_active and
request.user.is_superuser
)

23 changes: 22 additions & 1 deletion care/utils/tests/test_utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
DiseaseStatusEnum,
EncounterSymptom,
Facility,
FacilityFlag,
InvestigationSession,
InvestigationValue,
LocalBody,
Expand Down Expand Up @@ -51,7 +52,7 @@
PatientCodeStatusType,
PatientConsent,
)
from care.users.models import District, State
from care.users.models import District, State, UserFlag

fake = Faker()

Expand Down Expand Up @@ -728,6 +729,26 @@ def create_prescription(
data.update(**kwargs)
return Prescription.objects.create(**data)

@classmethod
def create_facility_flag(
cls, flag: str, facility: Facility, **kwargs
) -> FacilityFlag:
data = {
"facility": facility,
"flag": flag,
}
data.update(**kwargs)
return FacilityFlag.objects.create(**data)

@classmethod
def create_user_flag(cls, flag: str, user: User, **kwargs) -> UserFlag:
data = {
"user": user,
"flag": flag,
}
data.update(**kwargs)
return UserFlag.objects.create(**data)

def get_list_representation(self, obj) -> dict:
"""
Returns the dict representation of the obj in list API
Expand Down
5 changes: 5 additions & 0 deletions config/api_router.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@
FacilityViewSet,
)
from care.facility.api.viewsets.facility_capacity import FacilityCapacityViewSet
from care.facility.api.viewsets.facility_flag import FacilityFlagViewSet
from care.facility.api.viewsets.facility_users import FacilityUserViewSet
from care.facility.api.viewsets.file_upload import FileUploadViewSet
from care.facility.api.viewsets.hospital_doctor import HospitalDoctorViewSet
Expand Down Expand Up @@ -101,6 +102,7 @@
)
from care.users.api.viewsets.plug_config import PlugConfigViewset
from care.users.api.viewsets.skill import SkillViewSet
from care.users.api.viewsets.user_flag import UserFlagViewSet
from care.users.api.viewsets.users import UserViewSet
from care.users.api.viewsets.userskill import UserSkillViewSet

Expand Down Expand Up @@ -315,6 +317,9 @@

router.register("medibase", MedibaseViewSet, basename="medibase")

router.register(r"facility_flags", FacilityFlagViewSet, basename="facility-flags")
router.register(r"user_flags", UserFlagViewSet, basename="user-flags")

# Public endpoints
router.register("public/asset", AssetPublicViewSet, basename="public-asset")
router.register("public/asset_qr", AssetPublicQRViewSet, basename="public-asset-qr")
Expand Down