group details api (#111)

* Added group detail API and tests

* Added group detail tests

* Renamed Tests

* Tests docstring added

* Rectified docstring

* Modified id for respective tests

Author: priyanshisharma

org/responses.py

@@ -23,14 +23,14 @@
     "message": "Already a member of organization"
 }
 
-user_unauthorized_401 = {
-    "detail": "Authentication credentials were not provided."
-}
-
 user_already_present_409 = {
     "message": "Already a member of organization"
 }
 
+user_not_present_401 = {
+    "detail":"You are not a member of this organisation"
+}
+
 update_org_200 = {
     "message": "Organization details updated successfully"
 }
@@ -60,3 +60,43 @@
         "memberCount": 1
     }
 ]
+
+org_not_present_404 = {
+    "message":"This organisation does not exist"
+}
+
+group_not_present_400 = {
+    "message":"This group does not exist"
+}
+
+user_unauthorized_403 = {
+    "message":"You do not have the required permissions."
+}
+
+group_details_200 = {
+    "id": 1,
+    "name": "head coordinator",
+    "role": "Managing the sub-ordinates. Supervising and inteeractiong the respective domains.",
+    "permissions": {
+        "Is Admin":{
+            'value':  False,
+            'perm_int': 1,
+        },
+        "Is Staff":{
+            'value': True,
+            'perm_int': 4,
+        },
+        "Can create tasks":{
+            'value': True,
+            'perm_int': 3,
+        },
+        "Can create groups":{
+            'value': True,
+            'perm_int': 6,
+        },
+        "Can reply to queries":{
+            'value':  False,
+            'perm_int': 5,
+        }
+    }
+}

org/urls.py

@@ -7,4 +7,9 @@
     path('<int:org_id>/', EditOrg, name='edit_org'),
     path('<int:org_id>/volunteer/', AddVolunteer, name='add_volunteer'),
     path('<int:org_id>/group/', GetGroup, name='get_group'),
+    path(
+        '<int:org_id>/group/<int:group_id>/',
+        GroupDetailsView.as_view(),
+        name='get_group_details'
+    ),
 ]

org/views.py

@@ -1,18 +1,17 @@
 from django.shortcuts import render
 from rest_framework import status
 from rest_framework.response import Response
-from rest_framework import status
 from rest_framework.views import APIView
 from rest_framework.parsers import MultiPartParser
 from rest_framework.permissions import IsAuthenticated
-from .serializers import *
-from .models import *
-from . import responses
 from rest_framework.decorators import api_view, permission_classes
 from drf_yasg.utils import swagger_auto_schema
 from drf_yasg import openapi
 from utils.swagger import set_example
 from org.custom_model_field import Permissions
+from .serializers import *
+from .models import *
+from . import responses
 
 
 class OrgView(APIView):
@@ -29,11 +28,11 @@ class OrgView(APIView):
     )
     def post(self, request):
         """
-        1. when a Organisation is created Admin and Volunteer 
+        1. when a Organisation is created Admin and Volunteer
             groups are also automatically created for that org.
         2. Admin group has all the permissions available.
-        3. Volunteer group has no permissions but when a user  
-            joins that org without invite link he/she will be 
+        3. Volunteer group has no permissions but when a user
+            joins that org without invite link he/she will be
             put into volunteer group.
         4. The creator of the org will be automatically put into Admin group.
         """
@@ -173,3 +172,95 @@ def GetGroup(request, org_id):
         return Response(response_object, status.HTTP_200_OK)
     else:
         return Response({"detail": "You are not authorised to view this."}, status.HTTP_403_FORBIDDEN)
+
+
+class GroupDetailsView(APIView):
+    '''
+    This is to provide details of a particular
+    group of an organisation to authorised
+    members.
+    '''
+
+    permission_classes = [IsAuthenticated]
+
+    @swagger_auto_schema(
+        operation_id='group_details',
+        operation_description="Authenticated and permitted users receive\
+         desired group details here",
+        responses={
+            '200': set_example(responses.group_details_200),
+            '404': set_example(responses.org_not_present_404),
+            '401': set_example(responses.user_not_present_401),
+            '403': set_example(responses.user_unauthorized_403),
+            '400': set_example(responses.group_not_present_400),
+        },
+    )
+
+    def get(self, request, org_id, group_id):
+
+        try:
+            org = Org.objects.get(id=org_id)
+        except Org.DoesNotExist:
+            return Response(
+                {"message":"This organisation does not exist"},
+                status.HTTP_404_NOT_FOUND
+            )
+
+        try:
+            group = Group.objects.get(
+                id=group_id,
+                org=org
+            )
+        except Group.DoesNotExist:
+            return Response(
+                {"message":"This group does not exist"},
+                status.HTTP_400_BAD_REQUEST
+            )
+
+        try:
+            member = Member.objects.get(
+                user=request.user,
+                org=org
+            )
+        except Member.DoesNotExist:
+            return Response(
+                {"detail":"You are not a member of this organisation"},
+                status.HTTP_401_UNAUTHORIZED
+            )
+        
+        if member.group.perm_obj.permissions[Permissions.IS_STAFF]:
+            return Response(
+                {
+                    "id" : group_id,
+                    "name" : group.name,
+                    "role" : group.role,
+                    "permissions" : {
+
+                        "Is Admin":{
+                            'value':  group.perm_obj.permissions[Permissions.IS_ADMIN],
+                            'perm_int': Permissions.IS_ADMIN,
+                        },
+                        "Is Staff":{
+                            'value': group.perm_obj.permissions[Permissions.IS_STAFF],
+                            'perm_int': Permissions.IS_STAFF,
+                        },
+                        "Can create tasks":{
+                            'value': group.perm_obj.permissions[Permissions.CAN_CREATE_TASKS],
+                            'perm_int': Permissions.CAN_CREATE_TASKS,
+                        },
+                        "Can reply to queries":{
+                            'value': group.perm_obj.permissions[Permissions.CAN_REPLY_TO_QUERIES],
+                            'perm_int': Permissions.CAN_REPLY_TO_QUERIES,
+                        },
+                        "Can review proofs":{
+                            'value':  group.perm_obj.permissions[Permissions.CAN_CREATE_TASKS],
+                            'perm_int': Permissions.CAN_REVIEW_PROOFS,
+                        }
+                    }
+                },
+                status.HTTP_200_OK
+            )
+        return Response(
+                    {"message":"You do not have the required permissions."},
+                    status.HTTP_403_FORBIDDEN
+                )

tests/org/tests_view_group_api.py

@@ -0,0 +1,83 @@
+'''This module is to test group_details operation of the org app'''
+from tests.AuthAPITestCase import AuthAPITestCase
+from rest_framework.test import APIClient
+from rest_framework import status
+from users.models import User
+from org.models import *
+from org.serializers import CreateOrgSerializer
+from org.custom_model_field import Permissions
+
+class ViewGroupAPITestCase(AuthAPITestCase):
+    """
+    This class is to test the API [get] /api/org/(org-id)/group/(group-id)/
+    present in the class based view Org.views.GroupDetailsView
+    """
+
+    def setUp(self):
+        """
+            Create an organization in the test database
+        """
+        #Inheriting the base class functionality
+        super(ViewGroupAPITestCase, self).setUp()
+        # Create the org using serializer
+        data_org = {
+            "name":'test',
+            "tagline":'test'
+        }
+        serializer = CreateOrgSerializer(data=data_org)
+        if serializer.is_valid():
+            self.org = serializer.save()[0]
+
+    def test_fail_without_auth_header(self):
+        group_detail_api = "/api/org/1/group/1/"
+        un_auth_client = APIClient()
+        response = un_auth_client.get(group_detail_api)
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+
+    def test_fail_invalid_org(self):
+        group_detail_api = "/api/org/12345/group/1/"
+        auth_client = self.create_auth_client()
+        response = auth_client.get(group_detail_api)
+        self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
+
+    def test_fail_invalid_group(self):
+        group_detail_api = "/api/org/1/group/12345/"
+        auth_client = self.create_auth_client()
+        response = auth_client.get(group_detail_api)
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+    def test_fail_not_a_member(self):
+        group_detail_api = "/api/org/1/group/1/"
+        auth_client = self.create_auth_client()
+        response = auth_client.get(group_detail_api)
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+
+    def test_fail_unauthorised_member(self):
+        group_detail_api = "/api/org/1/group/1/"
+        auth_client = self.create_auth_client()
+        volunteer_group = Group.objects.get(
+            name='Volunteer',
+            org=self.org,
+        )
+        member = Member.objects.create(
+            user=self.auth_user,
+            org=self.org,
+            group=volunteer_group
+        )
+        response = auth_client.get(group_detail_api)
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+    def test_success_authorized_user(self):
+        group_detail_api = "/api/org/1/group/1/"
+        auth_client = self.create_auth_client()
+        admin_group = Group.objects.get(
+            name='Admin',
+            org=self.org,
+        )
+        member = Member.objects.create(
+            user=self.auth_user,
+            org=self.org,
+            group=admin_group,
+        )
+        response = auth_client.get(group_detail_api)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)