Fixes for PurchaseOrder API interface

- Allow DELETE endpoint for PurchaseOrder - Remove 'read_only' attribute for 'reference' field - Add extra functionality to API test class - Add unit testing
2024-08-30 18:33:04 +00:00 · 2021-06-22 16:28:42 +10:00 · 2021-06-22 16:28:42 +10:00 · 3fa3ce06a1
commit 3fa3ce06a1
parent 061a120af2
4 changed files with 113 additions and 5 deletions
--- a/InvenTree/InvenTree/api_tester.py
+++ b/InvenTree/InvenTree/api_tester.py
@ -73,22 +73,50 @@ class InvenTreeAPITestCase(APITestCase):
                ruleset.save()
                break
-    def get(self, url, data={}, code=200):
+    def get(self, url, data={}, expected_code=200):
        """
        Issue a GET request
        """
        response = self.client.get(url, data, format='json')
-        self.assertEqual(response.status_code, code)
+        if expected_code is not None:
            self.assertEqual(response.status_code, expected_code)
        return response
-    def post(self, url, data):
+    def post(self, url, data, expected_code=None):
        """
        Issue a POST request
        """
        response = self.client.post(url, data=data, format='json')
        if expected_code is not None:
            self.assertEqual(response.status_code, expected_code)
        return response
    def delete(self, url, expected_code=None):
        """
        Issue a DELETE request
        """
        response = self.client.delete(url)
        if expected_code is not None:
            self.assertEqual(response.status_code, expected_code)
        return response
    def patch(self, url, data, expected_code=None):
        """
        Issue a PATCH request
        """
        response = self.client.patch(url, data=data, format='json')
        if expected_code is not None:
            self.assertEqual(response.status_code, expected_code)
        return response
--- a/InvenTree/order/api.py
+++ b/InvenTree/order/api.py
@ -157,7 +157,7 @@ class POList(generics.ListCreateAPIView):
    ordering = '-creation_date'
-class PODetail(generics.RetrieveUpdateAPIView):
+class PODetail(generics.RetrieveUpdateDestroyAPIView):
    """ API endpoint for detail view of a PurchaseOrder object """
    queryset = PurchaseOrder.objects.all()
--- a/InvenTree/order/serializers.py
+++ b/InvenTree/order/serializers.py
@ -93,8 +93,10 @@ class POSerializer(InvenTreeModelSerializer):
        ]
        read_only_fields = [
            'reference',
            'status'
            'issue_date',
            'complete_date',
            'creation_date',
        ]
--- a/InvenTree/order/test_api.py
+++ b/InvenTree/order/test_api.py
@ -110,6 +110,84 @@ class PurchaseOrderTest(OrderTest):
        self.assertEqual(response.status_code, status.HTTP_200_OK)
    def test_po_create(self):
        """
        Test that we can create and delete a PurchaseOrder via the API
        """
        n = PurchaseOrder.objects.count()
        url = reverse('api-po-list')
        # Initially we do not have "add" permission for the PurchaseOrder model,
        # so this POST request should return 403
        response = self.post(
            url,
            {
                'supplier': 1,
                'reference': '123456789-xyz',
                'description': 'PO created via the API',
            },
            expected_code=403
        )
        # And no new PurchaseOrder objects should have been created
        self.assertEqual(PurchaseOrder.objects.count(), n)
        # Ok, now let's give this user the correct permission
        self.assignRole('purchase_order.add')
        # Initially we do not have "add" permission for the PurchaseOrder model,
        # so this POST request should return 403
        response = self.post(
            url,
            {
                'supplier': 1,
                'reference': '123456789-xyz',
                'description': 'PO created via the API',
            },
            expected_code=201
        )
        self.assertEqual(PurchaseOrder.objects.count(), n+1)
        pk = response.data['pk']
        # Try to create a PO with identical reference (should fail!)
        response = self.post(
            url,
            {
                'supplier': 1,
                'reference': '123456789-xyz',
                'description': 'A different description',
            },
            expected_code=400
        )
        self.assertEqual(PurchaseOrder.objects.count(), n+1)
        url = reverse('api-po-detail', kwargs={'pk': pk})
        # Get detail info!
        response = self.get(url)
        self.assertEqual(response.data['pk'], pk)
        self.assertEqual(response.data['reference'], '123456789-xyz')
        # Now, let's try to delete it!
        # Initially, we do *not* have the required permission!
        response = self.delete(url, expected_code=403)
        # Now, add the "delete" permission!
        self.assignRole("purchase_order.delete")
        response = self.delete(url, expected_code=204)
        # Number of PurchaseOrder objects should have decreased
        self.assertEqual(PurchaseOrder.objects.count(), n)
        # And if we try to access the detail view again, it has gone
        response = self.get(url, expected_code=404)
 class SalesOrderTest(OrderTest):
    """