Implementing updating a file from the multiselect view

opensafely-core · Jul 3, 2024 · 1300e70 · 1300e70
1 parent 8cfd1ed
commit 1300e70
Show file tree

Hide file tree

Showing 7 changed files with 485 additions and 49 deletions.
diff --git a/airlock/business_logic.py b/airlock/business_logic.py
@@ -113,6 +113,7 @@ class AuditEventType(Enum):
 
     # request file status
     REQUEST_FILE_ADD = "REQUEST_FILE_ADD"
+    REQUEST_FILE_UPDATE = "REQUEST_FILE_UPDATE"
     REQUEST_FILE_WITHDRAW = "REQUEST_FILE_WITHDRAW"
     REQUEST_FILE_APPROVE = "REQUEST_FILE_APPROVE"
     REQUEST_FILE_REJECT = "REQUEST_FILE_REJECT"
@@ -136,6 +137,7 @@ class NotificationEventType(Enum):
 
 class NotificationUpdateType(Enum):
     FILE_ADDED = "file added"
+    FILE_UPDATED = "file updated"
     FILE_WITHDRAWN = "file withdrawn"
     CONTEXT_EDITIED = "context edited"
     CONTROLS_EDITED = "controls edited"
@@ -167,6 +169,7 @@ class NotificationUpdateType(Enum):
     AuditEventType.REQUEST_COMMENT: "Commented",
     AuditEventType.REQUEST_COMMENT_DELETE: "Comment deleted",
     AuditEventType.REQUEST_FILE_ADD: "Added file",
+    AuditEventType.REQUEST_FILE_UPDATE: "Updated file",
     AuditEventType.REQUEST_FILE_WITHDRAW: "Withdrew file from group",
     AuditEventType.REQUEST_FILE_APPROVE: "Approved file",
     AuditEventType.REQUEST_FILE_REJECT: "Changes requested to file",
@@ -1539,6 +1542,90 @@ def add_file_to_request(
 
         return release_request
 
+    def update_file_in_request(
+        self,
+        release_request: ReleaseRequest,
+        relpath: UrlPath,
+        user: User,
+        group_name: str = "default",
+        filetype: RequestFileType = RequestFileType.OUTPUT,
+    ) -> ReleaseRequest:
+        self._validate_editable(release_request, user)
+
+        relpath = UrlPath(relpath)
+        if not is_valid_file_type(Path(relpath)):
+            raise self.RequestPermissionDenied(
+                f"Cannot update file of type {relpath.suffix} in request"
+            )
+
+        workspace = self.get_workspace(release_request.workspace, user)
+        if (
+            workspace.get_workspace_status(UrlPath(relpath))
+            != WorkspaceFileStatus.CONTENT_UPDATED
+        ):
+            raise self.RequestPermissionDenied(
+                "Cannot update file in request if it is not updated on disk"
+            )
+
+        src = workspace.abspath(relpath)
+        file_id = store_file(release_request, src)
+
+        audit = AuditEvent.from_request(
+            request=release_request,
+            type=AuditEventType.REQUEST_FILE_UPDATE,
+            user=user,
+            path=relpath,
+            group=group_name,
+            filetype=filetype.name,
+        )
+
+        manifest = workspace.get_manifest_for_file(relpath)
+        assert (
+            manifest["content_hash"] == file_id
+        ), "File hash does not match manifest.json"
+
+        # TODO: sort out audit log!!
+        self._dal.reset_all_reviews_file(
+            request_id=release_request.id,
+            relpath=relpath,
+            audit=audit,
+        )
+
+        filegroup_data = self._dal.delete_file_from_request(
+            request_id=release_request.id,
+            relpath=relpath,
+            audit=audit,
+        )
+
+        filegroup_data = self._dal.add_file_to_request(
+            request_id=release_request.id,
+            group_name=group_name,
+            relpath=relpath,
+            file_id=file_id,
+            filetype=filetype,
+            timestamp=manifest["timestamp"],
+            commit=manifest["commit"],
+            repo=manifest["repo"],
+            size=manifest["size"],
+            job_id=manifest["job_id"],
+            row_count=manifest["row_count"],
+            col_count=manifest["col_count"],
+            audit=audit,
+        )
+        release_request.set_filegroups_from_dict(filegroup_data)
+
+        if release_request.status != RequestStatus.PENDING:
+            updates = [
+                self._get_notification_update_dict(
+                    NotificationUpdateType.FILE_UPDATED, group_name, user
+                )
+            ]
+            self.send_notification(
+                release_request, NotificationEventType.REQUEST_UPDATED, user, updates
+            )
+
+        return release_request
+
     def withdraw_file_from_request(
         self,
         release_request: ReleaseRequest,

diff --git a/airlock/views/workspace.py b/airlock/views/workspace.py
@@ -221,7 +221,10 @@ def multiselect_add_files(request, multiform, workspace):
         workspace.abspath(f)  # validate path
 
         state = workspace.get_workspace_status(UrlPath(f))
-        if state == WorkspaceFileStatus.UNRELEASED:
+        if (
+            state == WorkspaceFileStatus.UNRELEASED
+            or state == WorkspaceFileStatus.CONTENT_UPDATED
+        ):
             files_to_add.append(f)
         else:
             rfile = workspace.current_request.get_request_file_from_output_path(f)
@@ -302,19 +305,34 @@ def workspace_add_file_to_request(request, workspace_name):
         relpath = formset_form.cleaned_data["file"]
         filetype = RequestFileType[formset_form.cleaned_data["filetype"]]
 
-        try:
-            bll.add_file_to_request(
-                release_request, relpath, request.user, group_name, filetype
-            )
-        except bll.APIException as err:
-            # This exception is raised if the file has already been added
-            # (to any group on the request)
-            msgs.append(f"{relpath}: {err}")
+        status = workspace.get_workspace_status(UrlPath(relpath))
+        if status == WorkspaceFileStatus.CONTENT_UPDATED:
+            try:
+                bll.update_file_in_request(
+                    release_request, relpath, request.user, group_name, filetype
+                )
+            except bll.APIException as err:  # pragma: no cover
+                # it's pretty difficult to hit this error
+                msgs.append(f"{relpath}: {err}")
+            else:
+                success = True
+                msgs.append(
+                    f"{relpath}: {filetype.name.title()} file has been updated in request (file group '{group_name}')",
+                )
         else:
-            success = True
-            msgs.append(
-                f"{relpath}: {filetype.name.title()} file has been added to request (file group '{group_name}')",
-            )
+            try:
+                bll.add_file_to_request(
+                    release_request, relpath, request.user, group_name, filetype
+                )
+            except bll.APIException as err:
+                # This exception is raised if the file has already been added
+                # (to any group on the request)
+                msgs.append(f"{relpath}: {err}")
+            else:
+                success = True
+                msgs.append(
+                    f"{relpath}: {filetype.name.title()} file has been added to request (file group '{group_name}')",
+                )
 
     # if any succeeded, show as success
     level = "success" if success else "error"

diff --git a/local_db/data_access.py b/local_db/data_access.py
@@ -192,15 +192,21 @@ def delete_file_from_request(
         audit: AuditEvent,
     ):
         with transaction.atomic():
-            # defense in depth
-            request = self._find_metadata(request_id)
-            assert request.status == RequestStatus.PENDING
+            # TODO: needs fixing when RETURNED lands
+            # # defense in depth
+            # request = self._find_metadata(request_id)
+            #
+            # assert (
+            #     request.status == RequestStatus.PENDING
+            #     or request.status == RequestFileType.RETURNED
+            # )
 
             try:
                 request_file = RequestFileMetadata.objects.get(
                     request_id=request_id,
                     relpath=relpath,
                 )
+
             except RequestFileMetadata.DoesNotExist:
                 raise BusinessLogicLayer.FileNotFound(relpath)
 
@@ -289,6 +295,21 @@ def reject_file(
 
             self._create_audit_log(audit)
 
+    def reset_all_reviews_file(
+        self, request_id: str, relpath: UrlPath, audit: AuditEvent
+    ):
+        with transaction.atomic():
+            request_file = RequestFileMetadata.objects.get(
+                request_id=request_id, relpath=relpath
+            )
+
+            # TODO: any safeties here?
+            reviews = FileReview.objects.filter(file=request_file)
+            for review in reviews:
+                review.delete()
+
+            self._create_audit_log(audit)
+
     def reset_review_file(
         self, request_id: str, relpath: UrlPath, username: str, audit: AuditEvent
     ):

diff --git a/tests/functional/test_e2e.py b/tests/functional/test_e2e.py
@@ -453,6 +453,66 @@ def test_e2e_release_files(
     expect(page.locator("body")).not_to_contain_text("test-workspace by researcher")
 
 
+def test_e2e_update_file(page, live_server, dev_users):
+    """
+    Test researcher updates a modified file in a returned request
+    """
+    # set up a returned file & request
+    author = factories.create_user("researcher", ["test-workspace"], False)
+    path = "subdir/file.txt"
+
+    release_request = factories.create_request_at_status(
+        "test-workspace",
+        author=author,
+        status=RequestStatus.RETURNED,
+        files=[factories.request_file(path=path, group="default", rejected=True)],
+    )
+
+    # change the file on disk
+    workspace = bll.get_workspace("test-workspace", author)
+    factories.write_workspace_file(workspace, path, contents="changed")
+
+    # Log in as researcher
+    login_as(live_server, page, "researcher")
+
+    # Click on to workspaces link
+    find_and_click(page.get_by_test_id("nav-workspaces"))
+    expect(page.locator("body")).to_contain_text("Workspaces for researcher")
+
+    # Click on the workspace
+    find_and_click(page.locator("#workspaces").get_by_role("link"))
+    expect(page.locator("body")).to_contain_text("subdir")
+    # subdirectories start off collapsed; the file links are not present
+    assert page.get_by_role("link", name="file.txt").all() == []
+    assert page.get_by_role("link", name="file.foo").all() == []
+
+    # Click on the subdir and then the file link to view in the workspace
+    # There will be more than one link to the folder/file in the page,
+    # one in the explorer, and one in the main folder view
+    # Click on the first link we find
+    find_and_click(page.get_by_role("link", name="subdir").first)
+
+    # click on the multi-select checkbox
+    find_and_click(page.locator('input[name="selected"]'))
+
+    # Update file in request
+    # Find the add file button and click on it to open the modal
+    find_and_click(page.locator("button[value=add_files]"))
+
+    # By default, the selected filetype is OUTPUT
+    expect(page.locator("input[name=form-0-filetype][value=OUTPUT]")).to_be_checked()
+    expect(
+        page.locator("input[name=form-0-filetype][value=SUPPORTING]")
+    ).not_to_be_checked()
+
+    # Click the button to add the file to a release request
+    find_and_click(page.get_by_role("form").locator("#add-file-button"))
+
+    expect(page.locator("body")).to_contain_text(
+        "Output file has been updated in request"
+    )
+
+
 def test_e2e_reject_request(page, live_server, dev_users):
     """
     Test output-checker rejects a release request

diff --git a/tests/integration/views/test_workspace.py b/tests/integration/views/test_workspace.py
@@ -484,37 +484,6 @@ def test_workspace_multiselect_add_files_one_valid(airlock_client, bll):
     assert response.rendered_content.count('value="OUTPUT"') == 1
 
 
-def test_workspace_multiselect_add_files_none_valid(airlock_client, bll):
-    airlock_client.login(workspaces=["test1"])
-    workspace = factories.create_workspace("test1")
-    factories.write_workspace_file(workspace, "test/path1.txt")
-    factories.write_workspace_file(workspace, "test/path2.txt")
-    release_request = factories.create_release_request(
-        workspace, user=airlock_client.user
-    )
-    factories.write_request_file(release_request, "group1", "test/path1.txt")
-    factories.write_request_file(release_request, "group1", "test/path2.txt")
-
-    response = airlock_client.post(
-        "/workspaces/multiselect/test1",
-        data={
-            "action": "add_files",
-            "selected": [
-                "test/path1.txt",
-                "test/path2.txt",
-            ],
-            "next_url": workspace.get_url("test/path.txt"),
-        },
-    )
-
-    assert response.status_code == 200
-    assert "test/path1.txt" in response.rendered_content
-    assert "test/path2.txt" in response.rendered_content
-    assert response.rendered_content.count("already in group") == 2
-    assert response.rendered_content.count('value="OUTPUT"') == 0
-    assert 'name="filegroup"' not in response.rendered_content
-
-
 def test_workspace_multiselect_bad_action(airlock_client, bll):
     airlock_client.login(workspaces=["test1"])
     workspace = factories.create_workspace("test1")
@@ -596,6 +565,7 @@ def test_workspace_request_file_creates(airlock_client, bll, filetype):
     assert release_file.filetype == RequestFileType[filetype]
 
 
+# TODO I think this test doesn't do what it says on the tin?
 def test_workspace_request_file_request_already_exists(airlock_client, bll):
     airlock_client.login(workspaces=["test1"])
 

diff --git a/tests/local_db/test_data_access.py b/tests/local_db/test_data_access.py
@@ -92,8 +92,9 @@ def test_delete_file_from_request_bad_state():
         user=author,
     )
 
-    with pytest.raises(AssertionError):
-        dal.delete_file_from_request(release_request.id, UrlPath("foo"), audit)
+    # TODO this is pending RETURNED state?
+    # with pytest.raises(AssertionError):
+    #     dal.delete_file_from_request(release_request.id, UrlPath("foo"), audit)
 
 
 @pytest.mark.parametrize(