add new endpoint

src/iosanita/policy/restapi/services/bandi_search_filters/configure.zcml

@@ -0,0 +1,16 @@
+<configure
+    xmlns="http://namespaces.zope.org/zope"
+    xmlns:plone="http://namespaces.plone.org/plone"
+    >
+
+  <plone:service
+      method="GET"
+      accept="application/json,application/schema+json"
+      factory=".get.BandiSearchFiltersGet"
+      for="*"
+      permission="zope2.View"
+      layer="iosanita.policy.interfaces.IIosanitaPolicyLayer"
+      name="@bandi-search-filters"
+      />
+
+</configure>

src/iosanita/policy/restapi/services/bandi_search_filters/get.py

@@ -0,0 +1,62 @@
+# -*- coding: utf-8 -*-
+from plone import api
+from plone.base.interfaces.siteroot import IPloneSiteRoot
+from plone.restapi.services import Service
+from redturtle.bandi.vocabularies import TipologiaBandoVocabularyFactory
+from zope.interface import implementer
+from zope.publisher.interfaces import IPublishTraverse
+
+
+@implementer(IPublishTraverse)
+class BandiSearchFiltersGet(Service):
+    def reply(self):
+        """
+        Return possible values based also on current user permissions
+        """
+        pc = api.portal.get_tool(name="portal_catalog")
+        voc_tipologie = TipologiaBandoVocabularyFactory(self.context)
+
+        tipologie = []
+        subjects = []
+
+        bandi_folder = None
+
+        if IPloneSiteRoot.providedBy(self.context):
+            for subject in pc.uniqueValuesFor("Subject_bando"):
+                res = api.content.find(Subject_bando=subject)
+                if res:
+                    subjects.append({"UID": subject, "title": subject})
+
+            for item in voc_tipologie.by_token:
+                tipologie.append(
+                    {"UID": item, "title": voc_tipologie.getTerm(item).title}
+                )
+
+        else:
+            brains = api.content.find(context=self.context, portal_type="Bando")
+
+            for brain in brains:
+                bando = brain.getObject()
+                found = [x for x in tipologie if x["UID"] == bando.tipologia_bando]
+                if not found:
+                    try:
+                        tipologie.append(
+                            {
+                                "UID": bando.tipologia_bando,
+                                "title": voc_tipologie.getTerm(
+                                    bando.tipologia_bando
+                                ).title,
+                            }
+                        )
+                    except:
+                        import pdb
+
+                        pdb.set_trace()
+                for sub in bando.subject:
+                    found = [x for x in subjects if x["UID"] == sub]
+                    if not found:
+                        subjects.append({"UID": sub, "title": sub})
+
+        subjects.sort(key=lambda x: x["title"])
+        tipologie.sort(key=lambda x: x["title"])
+        return {"subjects": subjects, "tipologie": tipologie}

src/iosanita/policy/restapi/services/configure.zcml

@@ -4,6 +4,7 @@
     xmlns:zcml="http://namespaces.zope.org/zcml"
     >
 
+  <include package=".bandi_search_filters" />
   <include package=".search_tassonomie" />
   <include package=".search_filters" />
   <include package=".iosanita_settings" />

src/iosanita/policy/tests/test_bandi_search_filters_api.py

@@ -0,0 +1,77 @@
+# -*- coding: utf-8 -*-
+from iosanita.policy.testing import RESTAPI_TESTING
+from plone import api
+from plone.app.testing import setRoles
+from plone.app.testing import SITE_OWNER_NAME
+from plone.app.testing import SITE_OWNER_PASSWORD
+from plone.app.testing import TEST_USER_ID
+from plone.restapi.testing import RelativeSession
+from transaction import commit
+
+import unittest
+
+
+class BandiSearchFiltersAPITest(unittest.TestCase):
+    layer = RESTAPI_TESTING
+
+    def setUp(self):
+        self.app = self.layer["app"]
+        self.portal = self.layer["portal"]
+        self.portal_url = self.portal.absolute_url()
+
+        self.api_session = RelativeSession(self.portal_url)
+        self.api_session.headers.update({"Accept": "application/json"})
+        self.anon_api_session = RelativeSession(self.portal_url)
+        self.anon_api_session.headers.update({"Accept": "application/json"})
+
+        self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
+
+        setRoles(self.portal, TEST_USER_ID, ["Manager"])
+        self.bando_public_1 = api.content.create(
+            container=self.portal,
+            type="Bando",
+            title="Bando 1",
+            subject=("foo"),
+        )
+        self.bando_public_2 = api.content.create(
+            container=self.portal,
+            type="Bando",
+            title="Bando 2",
+            subject=("foo", "bar"),
+        )
+        self.bando_private = api.content.create(
+            container=self.portal,
+            type="Bando",
+            title="Bando 3",
+            subject=("foo", "baz"),
+        )
+
+        api.content.transition(obj=self.bando_public_1, transition="publish")
+        api.content.transition(obj=self.bando_public_2, transition="publish")
+
+        commit()
+
+    def tearDown(self):
+        self.api_session.close()
+        self.anon_api_session.close()
+
+    def test_endpoint_exists(self):
+        response = self.api_session.get("/@bandi-search-filters")
+
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.headers.get("Content-Type"), "application/json")
+
+    def test_endpoint_return_list_of_subjects_based_on_permissions(self):
+        response = self.api_session.get("/@bandi-search-filters").json()
+
+        self.assertIn("subjects", response)
+        subjects = [x["UID"] for x in response["subjects"]]
+        self.assertEqual(len(subjects), 3)
+        self.assertEqual(subjects, ["bar", "baz", "foo"])
+
+        response = self.anon_api_session.get("/@bandi-search-filters").json()
+
+        self.assertIn("subjects", response)
+        subjects = [x["UID"] for x in response["subjects"]]
+        self.assertEqual(len(subjects), 2)
+        self.assertEqual(subjects, ["bar", "foo"])