Merge pull request #753 in RMS/api-main-service from core-dev-gladys to RMSv2

* commit '53435a62':
  {dev bugfix} Do not allow to save Vendor same level to other delegation Template Post
  {dev bugfix} check if cr prefix exists in template
  {dev bugfix} Validate if poc is assigned to another delegation other than Vendor (Template Post and Form Post
  {dev bugfix} delete media file on master attachment when error occurs

app/applicationlayer/cms/form/attachment/serializers.py

@@ -17,18 +17,18 @@ class ChangeRequestFormAttachmentsSerializer(
             "contact_no": instance.uploaded_by.contact_no
         }
         ret['uploaded_by'] = user_object
+        
         ret['file_upload'] = self.context['request'].build_absolute_uri(
             instance.file_upload.url.url)
         ret['file_upload_id'] = instance.file_upload.id
         return ret
-
+    
     class Meta:
         model = models.ChangeRequestFormAttachments
         fields = '__all__'
         read_only_fields = ['created', 'code']
 
 
-
 class ChangeRequestFormAttachmentsFileUploadSerializer(
     serializers.ModelSerializer
 ):

app/applicationlayer/cms/form/header/views.py

@@ -36,7 +36,8 @@ from app.applicationlayer.cms.utils_cr import (number_generator,
                                                entity_log_bulk,
                                                reminder_trigger_save,
                                                overdue_trigger_save,
-                                               reset_autoemail_tables)
+                                               reset_autoemail_tables,
+                                               delete_master_attachment_file)
 
 from app.entities import enums
 from app.applicationlayer.utils import model_to_dict
@@ -1365,6 +1366,7 @@ class ChangeRequestFormPost(APIView):
 
         except ValidationError as e:
             transaction.savepoint_rollback(sp1)
+            
             message = {
                 'code': 400,
                 'status': 'failed',
@@ -1374,6 +1376,7 @@ class ChangeRequestFormPost(APIView):
 
         except Exception as e:
             transaction.savepoint_rollback(sp1)
+
             message = {
                 'code': 500,
                 'status': 'failed',

app/applicationlayer/cms/template/header/serializers.py

@@ -94,8 +94,8 @@ class ChangeRequestTemplatesSerializer(
                   'tmp_details')
 
         read_only_fields = ['created', 'template_no']
-    
-   
+
+
 class ChangeRequestTemplatesSerializerList(
     serializers.ModelSerializer
 ):

app/applicationlayer/cms/template/header/views.py

@@ -14,7 +14,8 @@ from app.applicationlayer.utils import (CustomPagination,
                                         status_message_response)
 
 from app.applicationlayer.cms.utils_cr import (
-    entity_log_bulk
+    entity_log_bulk,
+    delete_master_attachment_file
 )
 from app.applicationlayer.utils import model_to_dict
 from app.entities import enums, models
@@ -186,7 +187,7 @@ class ChangeRequestTemplatesViewset(viewsets.ModelViewSet):
         except Exception as e:
             return Response(e,
                             status=status.HTTP_500_INTERNAL_SERVER_ERROR)
-
+    
     @transaction.atomic
     def partial_update(self, request, *args, **kwargs):
 
@@ -347,12 +348,12 @@ class ChangeRequestTemplatePost(APIView):
     def post(self, request):
         template_header = request.data
 
-        try:            
+        try:
             data_list_approver = []
             data_list_stake = []
             data_list_attach = []
             data_list_detail = []
-
+            
             template_header_data = {
                 'requested_to_template_name': template_header['requested_to_template_name'],
                 'requested_to_template_id': template_header['requested_to_template_id'],
@@ -443,15 +444,25 @@ class ChangeRequestTemplatePost(APIView):
 
         except ValidationError as e:
             transaction.savepoint_rollback(sp1)
+
+            if template_header['tmp_attachments']:
+                delete_master_attachment_file(
+                    template_header['tmp_attachments'])
+
             message = {
                 'code': 400,
                 'status': 'failed',
                 'message': str(e),
             }
             return Response(message, status=status.HTTP_400_BAD_REQUEST)
-
+        
         except Exception as e:
             transaction.savepoint_rollback(sp1)
+
+            if template_header['tmp_attachments']:
+                delete_master_attachment_file(
+                    template_header['tmp_attachments'])
+
             message = {
                 'code': 500,
                 'status': 'failed',

app/applicationlayer/cms/utils_cr.py

@@ -822,4 +822,13 @@ def cancelled_user_trigger(form_code,
 
         # create notification
         notification_create(form_code, message, receiver_code,
-                            sender_code, 'cms')
\ No newline at end of file
+                            sender_code, 'cms')
+
+
+def delete_master_attachment_file(attachments):
+    # delete master attachment data and media file attachments
+    for attachment in attachments:
+        attach = models.MasterAttachment.objects.filter(
+            id=attachment['file_upload'])
+        if attach:
+            attach.first().delete()

app/businesslayer/changerequest/change_request_template.py

@@ -157,3 +157,35 @@ def validation_approver_same_level(approvers):
             return user_name
 
     return None
+
+
+# Check if poc is assigned to another delegation other than Vendor
+def validation_poc_vendor_only(poc, approvers):
+    
+    validate = False
+
+    for approver in approvers:
+        if 'user' in approver and 'delegation' in approver:
+            if poc == approver['user']:
+                if not approver['delegation'] == 'DELEGATION-20191119-0000002':
+                    validate = True
+    return validate
+                
+
+# Check if level if Vendor delegation has same level with other delegation
+def validation_vendor_unique_level(approvers):
+
+    validate = False
+    data_level = []
+
+    for approver in approvers:
+        if 'delegation' in approver:
+            if approver['delegation'] == 'DELEGATION-20191119-0000002':
+                data_level.append(approver['level'])
+    
+    for approver in approvers:
+        if 'delegation' in approver:
+            if approver['level'] in data_level:
+                if not approver['delegation'] == 'DELEGATION-20191119-0000002':
+                    validate = True
+    return validate
\ No newline at end of file

app/helper/decorators.py

@@ -4,14 +4,18 @@ import json
 from rest_framework.exceptions import ParseError
 from functools import wraps
 from rest_framework.authtoken.models import Token
-from app.entities.models import User, Department, Company
+from app.entities.models import (User, Department, Company,
+                                 ChangeRequestTemplateHeader,
+                                 ChangeRequestFormHeader)
 from app.entities import enums
 from django.db.models import Q
 from app.businesslayer.changerequest.change_request_template import (
     tmp_add_edit_delete,
     validation_approver_same_level,
     validation_existing_vendor_requestor,
-    validation_existing_approver
+    validation_existing_approver,
+    validation_poc_vendor_only,
+    validation_vendor_unique_level
 )
 from app.applicationlayer.utils import error_message
 
@@ -292,50 +296,63 @@ def TemplateValidation(function):
     def wrapper(self, request, *args, **kwargs):
         template_header = request.data
 
+        required = {'requested_to_template_name': 'Template Name',
+                    'requested_to_template_id': 'CR Number prefix',
+                    'requested_to_target_date': 'Lead Time',
+                    'requested_to_company': 'Company',
+                    'requested_to_department': 'Department'}
+        
+        for key in required.keys():
+            if not key in template_header or template_header[key] == '':
+                return error_message('400', required[key] + ' is required',
+                    'failed', status.HTTP_400_BAD_REQUEST)
+        
+        # Check if prefix already exists
+        prefix = ChangeRequestTemplateHeader.objects.filter(
+            requested_to_template_id=template_header['requested_to_template_id'])
+
+        if prefix:
+            return error_message('400', 'CR Number prefix already exists.',
+                'failed', status.HTTP_400_BAD_REQUEST)
+
+        # Restrict form using Superuser Department
         if (template_header['created_by_department'] == 'DEPARTMENT-20190923-0000001' or
                 template_header['requested_to_department'] == 'DEPARTMENT-20190923-0000001'):
-            message = {
-                'code': 400,
-                'status': 'failed',
-                'message': 'Superuser department cannot be selected',
-            }
-            return Response(message,
-                            status=status.HTTP_400_BAD_REQUEST)
-
+            return error_message('400', 'Superuser department cannot be selected',
+                    'failed', status.HTTP_400_BAD_REQUEST)
+            
         tmp_approvers = template_header['tmp_approvers']
-
+        
         # Check if Vendor and Requestor are existing on routing table
         if len(tmp_approvers) < 2:
-            message = {
-                'code': 400,
-                'status': 'failed',
-                'message': 'Please make sure to add an Approver, Vendor and Requestor into routing table',
-            }
-            return Response(message,
-                            status=status.HTTP_400_BAD_REQUEST)
+            return error_message('400', 'Please make sure to add an Approver, Vendor and Requestor into routing table',
+                'failed', status.HTTP_400_BAD_REQUEST)
         else:
             result = validation_existing_vendor_requestor(tmp_approvers)
 
             if result is False:
-                message = {
-                    'code': 400,
-                    'status': 'failed',
-                    'message': 'Please add Vendor/Implementor and Requestor into routing table',
-                }
-                return Response(message,
-                                status=status.HTTP_400_BAD_REQUEST)
+                return error_message('400', 'Please add Vendor/Implementor and Requestor into routing table',
+                    'failed', status.HTTP_400_BAD_REQUEST)
 
         # Do not allow adding an approver for the same level
         validation_result = validation_approver_same_level(tmp_approvers)
         if validation_result is not None:
-            message = {
-                'code': 400,
-                'status': 'failed',
-                'message': validation_result + ' is already exist for the same level of approval.',
-            }
-            return Response(message,
-                            status=status.HTTP_400_BAD_REQUEST)
-
+            return error_message('400', validation_result + ' is already exist for the same level of approval.',
+                    'failed', status.HTTP_400_BAD_REQUEST)
+        
+        # Do not allow saving user as Vendor and other delegation
+        validate = validation_poc_vendor_only(
+            template_header['requested_to_user'], tmp_approvers)
+        if validate is True:
+            return error_message('400', 'Point of contact can only be assign to Vendor/Implementor',
+                    'failed', status.HTTP_400_BAD_REQUEST)
+        
+        # Do not allow to save Vendor same level to other delegation
+        validate = validation_vendor_unique_level(tmp_approvers)
+        if validate is True:
+            return error_message('400', 'Vendor/Implementor cannot have same level with other delegation/s',
+                    'failed', status.HTTP_400_BAD_REQUEST)
+            
         return function(self, request, *args, **kwargs)
     return wrapper
 
@@ -399,6 +416,18 @@ def FormValidation(function):
                 'message': 'Please select at least 1 approver before submitting this request.',
             }
             return Response(message, status=status.HTTP_400_BAD_REQUEST)
+        
+        # Do not allow saving user as Vendor and other delegation
+        validate = validation_poc_vendor_only(
+            form_header['requested_to_user'], frm_approvers)
+        if validate is True:
+            message = {
+                'code': 400,
+                'status': 'failed',
+                'message': 'Point of contact can only be assign to Vendor/Implementor',
+            }
+            return Response(message,
+                            status=status.HTTP_400_BAD_REQUEST)
 
         return function(self, request, *args, **kwargs)
     return wrapper