Merge pull request #316 in RMS/api-main-service from red-develop to RMSv2

* commit '7bc59974': added environment for statung cors, fixed current user code refactor on class rms at decorators

Merge pull request #316 in RMS/api-main-service from red-develop to RMSv2
* commit '7bc59974': added environment for statung cors, fixed current user code refactor on class rms at decorators
76797e6c · John Red Medrano · 745ac852 · 7bc59974 · 76797e6c · 76797e6c
Commit 76797e6c authored Oct 08, 2019 by John Red Medrano
11 changed files
--- a/app/applicationlayer/management/application/views.py
+++ b/app/applicationlayer/management/application/views.py
@@ -25,6 +25,8 @@ class ApplicationViewSet(viewsets.ModelViewSet):
    ordering_fields = '__all__'
    search_fields = ('name', 'code')
+    @decorators.rms.application_crate
    @transaction.atomic
    def create(self, request, *args, **kwargs):
@@ -79,6 +81,7 @@ class ApplicationViewSet(viewsets.ModelViewSet):
        return Response(status=status.HTTP_204_NO_CONTENT)
+    @decorators.rms.application_crate
    @transaction.atomic
    def update(self, request, *args, **kwargs):

--- a/app/applicationlayer/management/company/views.py
+++ b/app/applicationlayer/management/company/views.py
@@ -79,6 +79,7 @@ class CompanyViewSet(viewsets.ModelViewSet):
        return Response(status=status.HTTP_204_NO_CONTENT)
+    @decorators.rms.company_crate
    @transaction.atomic
    def update(self, request, *args, **kwargs):

--- a/app/applicationlayer/management/module/views.py
+++ b/app/applicationlayer/management/module/views.py
@@ -33,6 +33,7 @@ class ModuleViewSet(viewsets.ModelViewSet):
        'code', 'component', 'sort_id'
    )
+    @decorators.rms.module_crate
    @transaction.atomic
    def create(self, request, *args, **kwargs):
@@ -84,7 +85,7 @@ class ModuleViewSet(viewsets.ModelViewSet):
        serializer = self.get_serializer(queryset, many=True)
        return Response(serializer.data)
+    @decorators.rms.application_crate
    @transaction.atomic
    def update(self, request, *args, **kwargs):
        partial = kwargs.pop('partial', False)

--- a/app/applicationlayer/management/user/serializers.py
+++ b/app/applicationlayer/management/user/serializers.py
@@ -115,17 +115,23 @@ class UserManagementRetreiveSerializer(serializers.ModelSerializer):
        if user.user_type.upper() == enums.UserTypeEnum.USER.value:
            app = user.application.exclude(id=1)
        else:
+            rms = models.Application.objects.filter(id=1)
            app = user.application.all()
+            app = app.union(app, rms)
        list_app = []
-        for data in app:
+        for data in app.order_by('id'):
-            mod = data.modules.all()
+            if data.id != 1:
+                mod = data.modules.all()
            if user.user_type.upper() != enums.UserTypeEnum.USER.value:
                if user.user_type.upper() != enums.UserTypeEnum.USER.value:
                    user_module = models.Module.objects.filter(
                        name__icontains="user"
                    )
-                    mod = mod.union(mod, user_module)
+                    if data.id != 1:
+                        mod = mod.union(mod, user_module)
+                    else:
+                        mod = user_module
            mod = mod.order_by("parent", "sort_id")
            mod = ModuleSerializer(data=mod, many=True)

--- a/app/helper/decorators.py
+++ b/app/helper/decorators.py
@@ -51,22 +51,11 @@ class rms:
    def user_type(self):
        return rms.user(self).user_type
-    # @staticmethod
+    def superuser_create(self):
-    # def user_delete(function):
+        if rms.user_type(self) != rms.enums_super:
-    #     @wraps(function)
+            raise ParseError(rms.access_error)
-    #     def wrapper(self, request, *args, **kwargs):
+        else:
+            return True
-    #         return function(self, request, *args, **kwargs)
-    #     return wrapper
-    @staticmethod
-    def admin_permission(function):
-        @wraps(function)
-        def wrapper(self, request, *args, **kwargs):
-            if rms.user_type(self) == rms.enums_user:
-                raise ParseError(access_error)
-            return function(self, request, *args, **kwargs)
-        return wrapper
    @staticmethod
    def user_create(function):
@@ -102,7 +91,8 @@ class rms:
                    rms.access_error
                )
            elif rms.user_type(self) == rms.enums_department:
-                if request.user.department.code != rms.user(self).department.code:
+                instance = self.get_object()
+                if rms.user(self).department.code != instance.department.code:
                    raise ParseError(
                        rms.department_error
                    )
@@ -122,10 +112,7 @@ class rms:
    def company_crate(function):
        @wraps(function)
        def wrapper(self, request, *args, **kwargs):
-            if rms.user_type(self) != rms.enums_super:
+            rms.superuser_create(self)
-                raise ParseError(
-                    rms.access_error
-                )
            return function(self, request, *args, **kwargs)
        return wrapper
@@ -133,16 +120,7 @@ class rms:
    def department_crate(function):
        @wraps(function)
        def wrapper(self, request, *args, **kwargs):
-            # if rms.user_type(self) == rms.enums_super:
+            rms.superuser_create(self)
-            #     pass
-            # elif rms.user_type(self) != rms.enums_super or rms.user_type(self) != rms.enums_company:
-            #     raise ParseError(
-            #         rms.access_error
-            #     )
-            if rms.user_type(self) != rms.enums_super:
-                raise ParseError(
-                    rms.access_error
-                )
            return function(self, request, *args, **kwargs)
        return wrapper
@@ -150,10 +128,15 @@ class rms:
    def application_crate(function):
        @wraps(function)
        def wrapper(self, request, *args, **kwargs):
-            if rms.user_type(self) != rms.enums_super:
+            rms.superuser_create(self)
-                raise ParseError(
+            return function(self, request, *args, **kwargs)
-                    rms.access_error
+        return wrapper
-                )
+    @staticmethod
+    def module_crate(function):
+        @wraps(function)
+        def wrapper(self, request, *args, **kwargs):
+            rms.superuser_create(self)
            return function(self, request, *args, **kwargs)
        return wrapper

--- a/config/settings/base.py
+++ b/config/settings/base.py
@@ -128,7 +128,7 @@ STATIC_ROOT = os.path.join(BASE_DIR, "static")
 MEDIA_ROOT = os.path.join(BASE_DIR, 'media')
 MEDIA_URL = '/media/'
-CORS_ORIGIN_ALLOW_ALL = True
+# CORS_ORIGIN_ALLOW_ALL = True
 REST_SESSION_LOGIN = True

--- a/config/settings/dev.py
+++ b/config/settings/dev.py
@@ -4,6 +4,7 @@ import configparser
 DEBUG = True
 ALLOWED_HOSTS = ['*']
+# CORS_ORIGIN_ALLOW_ALL = True
 config = configparser.ConfigParser()
 config_file = os.path.join('./', 'env.ini')
@@ -52,3 +53,5 @@ VENDOR_REJECT_MESSAGE = config['NOTIFICATION_EMAIL']['VENDOR_REJECT_MESSAGE']
 CATCH_EMAIL = config['DEV']['CATCH_EMAIL']
 CR_FRONT_LINK = config['DEV']['CR_LINK']
+CORS_ORIGIN_ALLOW_ALL = True
--- a/config/settings/local.py
+++ b/config/settings/local.py
@@ -50,3 +50,5 @@ VENDOR_REJECT_MESSAGE = config['NOTIFICATION_EMAIL']['VENDOR_REJECT_MESSAGE']
 CATCH_EMAIL = config['LOCAL']['CATCH_EMAIL']
 CR_FRONT_LINK = config['LOCAL']['CR_LINK']
+CORS_ORIGIN_ALLOW_ALL = True
\ No newline at end of file
--- a/config/settings/production.py
+++ b/config/settings/production.py
@@ -4,6 +4,7 @@ import configparser
 DEBUG = False
 ALLOWED_HOSTS = ['*']
+CORS_ORIGIN_ALLOW_ALL = True
 config = configparser.ConfigParser()
 config_file = os.path.join('./', 'env.ini')
@@ -52,3 +53,4 @@ VENDOR_REJECT_MESSAGE = config['NOTIFICATION_EMAIL']['VENDOR_REJECT_MESSAGE']
 CATCH_EMAIL = config['PRODUCTION']['CATCH_EMAIL']
 CR_FRONT_LINK = config['PRODUCTION']['CR_LINK']
+CORS_ORIGIN_ALLOW_ALL = config['PRODUCTION']['CORS_ORIGIN_ALLOW_ALL']
--- a/config/settings/staging.py
+++ b/config/settings/staging.py
@@ -52,3 +52,4 @@ VENDOR_REJECT_MESSAGE = config['NOTIFICATION_EMAIL']['VENDOR_REJECT_MESSAGE']
 CATCH_EMAIL = config['STAGING']['CATCH_EMAIL']
 CR_FRONT_LINK = config['STAGING']['CR_LINK']
+CORS_ORIGIN_ALLOW_ALL = config['STAGING']['CORS_ORIGIN_ALLOW_ALL']
--- a/env.template.ini
+++ b/env.template.ini
@@ -12,6 +12,7 @@ USER_DEFAULT_PASSWORD =
 CATCH_EMAIL = gladys@tirsolutions.com
 CR_LINK = http://stagingrms.oneberrysystem.com/cms/change-request/form/view
 REALTIMESERVER_IP = 127.0.0.1:8000
+CORS_ORIGIN_ALLOW_ALL = False
 [UAT]
 DATABASE_ENGINE = django.db.backends.mysql
@@ -27,6 +28,7 @@ USER_DEFAULT_PASSWORD =
 CATCH_EMAIL = gladys@tirsolutions.com
 CR_LINK = http://stagingrms.oneberrysystem.com/cms/change-request/form/view
 REALTIMESERVER_IP = 127.0.0.1:8000
+CORS_ORIGIN_ALLOW_ALL = False
 [DEV]
 DATABASE_ENGINE = django.db.backends.mysql
@@ -42,6 +44,7 @@ USER_DEFAULT_PASSWORD =
 CATCH_EMAIL = gladys@tirsolutions.com
 CR_LINK = http://devweb.rmsv2.oneberrysystem.com/cms/change-request/form/view
 REALTIMESERVER_IP = 127.0.0.1:8000
+CORS_ORIGIN_ALLOW_ALL = True
 [STAGING]
@@ -58,6 +61,7 @@ USER_DEFAULT_PASSWORD = password
 CATCH_EMAIL = gladys@tirsolutions.com
 CR_LINK = http://stagingrms.oneberrysystem.com/cms/change-request/form/view
 REALTIMESERVER_IP = 127.0.0.1:8000
+CORS_ORIGIN_ALLOW_ALL = False
 [LOCAL]
@@ -74,6 +78,7 @@ USER_DEFAULT_PASSWORD = password
 CATCH_EMAIL = gladys@tirsolutions.com
 CR_LINK = http://localhost:8000/cms/change-request/form/view
 REALTIMESERVER_IP = 127.0.0.1:8000
+CORS_ORIGIN_ALLOW_ALL = True
 [SETTINGS]
 CONFIG = config.settings.staging