From 5612989b5d0ebda7547aa3eacdcb7a55428f707e Mon Sep 17 00:00:00 2001 From: Matti Lamppu Date: Wed, 11 Dec 2024 10:08:11 +0200 Subject: [PATCH] Add check for age to application create endpoint --- .../test_application/test_create.py | 20 ++++++++++++++++--- .../test_create_permissions.py | 4 +++- .../api/graphql/extensions/error_codes.py | 2 ++ .../graphql/types/application/serializers.py | 8 ++++++++ 4 files changed, 30 insertions(+), 4 deletions(-) diff --git a/tests/test_graphql_api/test_application/test_create.py b/tests/test_graphql_api/test_application/test_create.py index fae57b3c2..4da0fd6cb 100644 --- a/tests/test_graphql_api/test_application/test_create.py +++ b/tests/test_graphql_api/test_application/test_create.py @@ -1,5 +1,6 @@ from __future__ import annotations +import freezegun import pytest from tilavarauspalvelu.models import ( @@ -11,6 +12,7 @@ ReservationUnitOption, SuitableTimeRange, ) +from utils.date_utils import local_datetime from tests.factories import ApplicationRoundFactory from tests.test_graphql_api.test_application.helpers import get_application_create_data @@ -28,7 +30,7 @@ def test_application__create(graphql): # - There is an open application round # - A superuser is using the system application_round = ApplicationRoundFactory.create_in_status_open() - graphql.login_with_superuser() + graphql.login_with_superuser(date_of_birth=local_datetime(2006, 1, 1)) # when: # - User tries to create a new application without sections @@ -55,7 +57,7 @@ def test_application__create__with_application_sections(graphql): # - There is an open application round # - A superuser is using the system application_round = ApplicationRoundFactory.create_in_status_open() - graphql.login_with_superuser() + graphql.login_with_superuser(date_of_birth=local_datetime(2006, 1, 1)) assert Application.objects.count() == 0 @@ -90,7 +92,7 @@ def test_application__create__sub_serializer_error(graphql, field): # - There is an open application round # - A superuser is using the system application_round = ApplicationRoundFactory.create_in_status_open() - graphql.login_with_superuser() + graphql.login_with_superuser(date_of_birth=local_datetime(2006, 1, 1)) address_data = { "streetAddress": "Address", @@ -116,3 +118,15 @@ def test_application__create__sub_serializer_error(graphql, field): "message": "This field may not be blank.", } ] + + +@freezegun.freeze_time(local_datetime(2024, 1, 1)) +def test_application__create__is_under_age(graphql): + application_round = ApplicationRoundFactory.create_in_status_open() + graphql.login_with_superuser(date_of_birth=local_datetime(2006, 1, 2)) + + input_data = get_application_create_data(application_round) + response = graphql(CREATE_MUTATION, input_data=input_data) + + assert response.error_message() == "Mutation was unsuccessful." + assert response.field_error_messages("user") == ["Application can only be created by an adult reservee"] diff --git a/tests/test_graphql_api/test_application/test_create_permissions.py b/tests/test_graphql_api/test_application/test_create_permissions.py index 2f89433c0..d29ec35e4 100644 --- a/tests/test_graphql_api/test_application/test_create_permissions.py +++ b/tests/test_graphql_api/test_application/test_create_permissions.py @@ -2,6 +2,8 @@ import pytest +from utils.date_utils import local_datetime + from tests.factories import ApplicationRoundFactory from .helpers import CREATE_MUTATION, get_application_create_data @@ -33,7 +35,7 @@ def test_regular_user_can_create_application(graphql): # - There is an open application round # - A regular user is using the system application_round = ApplicationRoundFactory.create_in_status_open() - graphql.login_with_regular_user() + graphql.login_with_regular_user(date_of_birth=local_datetime(2006, 1, 1)) # when: # - User tries to create a new application diff --git a/tilavarauspalvelu/api/graphql/extensions/error_codes.py b/tilavarauspalvelu/api/graphql/extensions/error_codes.py index 09d3bf102..7a4c5ecb3 100644 --- a/tilavarauspalvelu/api/graphql/extensions/error_codes.py +++ b/tilavarauspalvelu/api/graphql/extensions/error_codes.py @@ -70,5 +70,7 @@ APPLICATION_ROUND_NOT_IN_ALLOCATION = "APPLICATION_ROUND_NOT_IN_ALLOCATION" APPLICATION_ROUND_NOT_IN_RESULTS_SENT_STATE = "APPLICATION_ROUND_NOT_IN_RESULTS_SENT_STATE" +APPLICATION_ADULT_RESERVEE_REQUIRED = "APPLICATION_ADULT_RESERVEE_REQUIRED" + CANCEL_REASON_DOES_NOT_EXIST = "CANCEL_REASON_DOES_NOT_EXIST" DENY_REASON_DOES_NOT_EXIST = "DENY_REASON_DOES_NOT_EXIST" diff --git a/tilavarauspalvelu/api/graphql/types/application/serializers.py b/tilavarauspalvelu/api/graphql/types/application/serializers.py index 699b8a046..17fc6a3d3 100644 --- a/tilavarauspalvelu/api/graphql/types/application/serializers.py +++ b/tilavarauspalvelu/api/graphql/types/application/serializers.py @@ -22,6 +22,7 @@ from utils.fields.serializer import CurrentUserDefaultNullable if TYPE_CHECKING: + from tilavarauspalvelu.models import User from tilavarauspalvelu.typing import AnyUser @@ -61,6 +62,13 @@ class Meta: }, } + def validate_user(self, user: User) -> User: + if user.actions.is_ad_user or user.actions.is_of_age: + return user + + msg = "Application can only be created by an adult reservee" + raise ValidationError(msg, error_codes.APPLICATION_ADULT_RESERVEE_REQUIRED) + class ApplicationUpdateSerializer(ApplicationCreateSerializer): instance: Application