Fixes for PurchaseOrder API interface

- Allow DELETE endpoint for PurchaseOrder - Remove 'read_only' attribute for 'reference' field - Add extra functionality to API test class - Add unit testing
2024-08-30 18:33:04 +00:00 · 2021-06-22 16:28:42 +10:00 · 2021-06-22 16:28:42 +10:00 · 3fa3ce06a1
commit 3fa3ce06a1
parent 061a120af2
4 changed files with 113 additions and 5 deletions
--- a/InvenTree/InvenTree/api_tester.py
+++ b/InvenTree/InvenTree/api_tester.py
@ -73,22 +73,50 @@ class InvenTreeAPITestCase(APITestCase):
                ruleset.save()
                break

-    def get(self, url, data={}, code=200):
+    def get(self, url, data={}, expected_code=200):
        """
        Issue a GET request
        """

        response = self.client.get(url, data, format='json')

-        self.assertEqual(response.status_code, code)
+        if expected_code is not None:
+            self.assertEqual(response.status_code, expected_code)

        return response

-    def post(self, url, data):
+    def post(self, url, data, expected_code=None):
        """
        Issue a POST request
        """

        response = self.client.post(url, data=data, format='json')

+        if expected_code is not None:
+            self.assertEqual(response.status_code, expected_code)
+
+        return response
+
+    def delete(self, url, expected_code=None):
+        """
+        Issue a DELETE request
+        """
+
+        response = self.client.delete(url)
+
+        if expected_code is not None:
+            self.assertEqual(response.status_code, expected_code)
+
+        return response
+
+    def patch(self, url, data, expected_code=None):
+        """
+        Issue a PATCH request
+        """
+
+        response = self.client.patch(url, data=data, format='json')
+
+        if expected_code is not None:
+            self.assertEqual(response.status_code, expected_code)
+
        return response
--- a/InvenTree/order/api.py
+++ b/InvenTree/order/api.py
@ -157,7 +157,7 @@ class POList(generics.ListCreateAPIView):
    ordering = '-creation_date'


-class PODetail(generics.RetrieveUpdateAPIView):
+class PODetail(generics.RetrieveUpdateDestroyAPIView):
    """ API endpoint for detail view of a PurchaseOrder object """

    queryset = PurchaseOrder.objects.all()
--- a/InvenTree/order/serializers.py
+++ b/InvenTree/order/serializers.py
@ -93,8 +93,10 @@ class POSerializer(InvenTreeModelSerializer):
        ]

        read_only_fields = [
-            'reference',
            'status'
+            'issue_date',
+            'complete_date',
+            'creation_date',
        ]


--- a/InvenTree/order/test_api.py
+++ b/InvenTree/order/test_api.py
@ -110,6 +110,84 @@ class PurchaseOrderTest(OrderTest):

        self.assertEqual(response.status_code, status.HTTP_200_OK)

+    def test_po_create(self):
+        """
+        Test that we can create and delete a PurchaseOrder via the API
+        """
+
+        n = PurchaseOrder.objects.count()
+
+        url = reverse('api-po-list')
+
+        # Initially we do not have "add" permission for the PurchaseOrder model,
+        # so this POST request should return 403
+        response = self.post(
+            url,
+            {
+                'supplier': 1,
+                'reference': '123456789-xyz',
+                'description': 'PO created via the API',
+            },
+            expected_code=403
+        )
+
+        # And no new PurchaseOrder objects should have been created
+        self.assertEqual(PurchaseOrder.objects.count(), n)
+
+        # Ok, now let's give this user the correct permission
+        self.assignRole('purchase_order.add')
+
+        # Initially we do not have "add" permission for the PurchaseOrder model,
+        # so this POST request should return 403
+        response = self.post(
+            url,
+            {
+                'supplier': 1,
+                'reference': '123456789-xyz',
+                'description': 'PO created via the API',
+            },
+            expected_code=201
+        )
+
+        self.assertEqual(PurchaseOrder.objects.count(), n+1)
+
+        pk = response.data['pk']
+
+        # Try to create a PO with identical reference (should fail!)
+        response = self.post(
+            url,
+            {
+                'supplier': 1,
+                'reference': '123456789-xyz',
+                'description': 'A different description',
+            },
+            expected_code=400
+        )
+
+        self.assertEqual(PurchaseOrder.objects.count(), n+1)
+
+        url = reverse('api-po-detail', kwargs={'pk': pk})
+
+        # Get detail info!
+        response = self.get(url)
+        self.assertEqual(response.data['pk'], pk)
+        self.assertEqual(response.data['reference'], '123456789-xyz')
+
+        # Now, let's try to delete it!
+        # Initially, we do *not* have the required permission!
+        response = self.delete(url, expected_code=403)
+
+        # Now, add the "delete" permission!
+        self.assignRole("purchase_order.delete")
+
+        response = self.delete(url, expected_code=204)
+
+        # Number of PurchaseOrder objects should have decreased
+        self.assertEqual(PurchaseOrder.objects.count(), n)
+
+        # And if we try to access the detail view again, it has gone
+        response = self.get(url, expected_code=404)
+

 class SalesOrderTest(OrderTest):
    """