Merge pull request #136 from maykinmedia/feature/127-make-requested-changes

[#127] Create a response to a review

Author: SilviaAmAm

backend/src/openarchiefbeheer/api/urls.py

@@ -14,6 +14,7 @@
     DestructionListItemsViewSet,
     DestructionListReviewViewSet,
     DestructionListViewSet,
+    ReviewResponseViewSet,
 )
 from openarchiefbeheer.zaken.api.views import (
     CacheZakenView,
@@ -41,6 +42,11 @@
     DestructionListItemReviewViewSet,
     basename="reviews-items",
 )
+router.register(
+    r"review-responses",
+    ReviewResponseViewSet,
+    basename="review-responses",
+)
 router.register(r"zaken", ZakenViewSet, basename="zaken")
 
 

backend/src/openarchiefbeheer/destruction/api/filtersets.py

@@ -7,6 +7,7 @@
     DestructionListItem,
     DestructionListItemReview,
     DestructionListReview,
+    ReviewResponse,
 )
 
 
@@ -46,7 +47,12 @@ def filter_destruction_list_uuid(
 
 
 class DestructionListReviewItemFilterset(FilterSet):
-
     class Meta:
         model = DestructionListItemReview
         fields = ("review",)
+
+
+class ReviewResponseFilterset(FilterSet):
+    class Meta:
+        model = ReviewResponse
+        fields = ("review",)

backend/src/openarchiefbeheer/destruction/api/permissions.py

@@ -33,19 +33,3 @@ def has_object_permission(self, request, view, destruction_list):
             request.user == destruction_list.author
             and destruction_list.status == ListStatus.new
         )
-
-
-class CanMakeRequestedChanges(permissions.BasePermission):
-    message = _(
-        "You are either not allowed to update this destruction list or "
-        "the destruction list can currently not be updated."
-    )
-
-    def has_permission(self, request, view):
-        return request.user.role and request.user.role.can_start_destruction
-
-    def has_object_permission(self, request, view, destruction_list):
-        return (
-            request.user == destruction_list.author
-            and destruction_list.status == ListStatus.changes_requested
-        )

backend/src/openarchiefbeheer/destruction/api/serializers.py

@@ -1,3 +1,4 @@
+from django.db import transaction
 from django.db.models import Q
 from django.utils.translation import gettext_lazy as _
 
@@ -349,16 +350,64 @@ class ActionZaakSerializer(serializers.Serializer):
         required=False, help_text=_("A new date for when this case should be archived.")
     )
 
+    def to_internal_value(self, data: dict) -> dict:
+        internal_value = super().to_internal_value(data)
+
+        if archiefactiedatum := internal_value.get("archiefactiedatum"):
+            internal_value["archiefactiedatum"] = archiefactiedatum.isoformat()
+        return internal_value
+
 
 class ReviewItemResponseSerializer(serializers.ModelSerializer):
-    action_zaak = ActionZaakSerializer()
+    action_zaak = ActionZaakSerializer(required=False)
 
     class Meta:
         model = ReviewItemResponse
-        fields = ("review_item", "action_item", "action_zaak", "created", "comment")
+        fields = (
+            "pk",
+            "review_item",
+            "action_item",
+            "action_zaak",
+            "created",
+            "comment",
+        )
 
 
 class ReviewResponseSerializer(serializers.ModelSerializer):
+    items_responses = ReviewItemResponseSerializer(many=True)
+
     class Meta:
         model = ReviewResponse
-        fields = ("review", "comment", "created")
+        fields = ("pk", "review", "comment", "created", "items_responses")
+
+    def validate(self, attrs: dict) -> dict:
+        destruction_list = attrs["review"].destruction_list
+        request = self.context["request"]
+
+        if not (
+            request.user == destruction_list.author
+            and destruction_list.status == ListStatus.changes_requested
+        ):
+            raise ValidationError(
+                _(
+                    "This user is either not allowed to update the destruction list or "
+                    "the destruction list cannot currently be updated."
+                )
+            )
+
+        return attrs
+
+    @transaction.atomic
+    def create(self, validated_data: dict) -> ReviewResponse:
+        items_responses_data = validated_data.pop("items_responses", [])
+        items_responses = [
+            ReviewItemResponse(**item_response)
+            for item_response in items_responses_data
+        ]
+
+        review_response = ReviewResponse.objects.create(**validated_data)
+        ReviewItemResponse.objects.bulk_create(items_responses)
+
+        # TODO kick off celery task to update the cases and to change the status/assignee of the destruction list
+
+        return review_response

backend/src/openarchiefbeheer/destruction/api/viewsets.py

@@ -4,33 +4,30 @@
 from django_filters.rest_framework import DjangoFilterBackend
 from drf_spectacular.utils import OpenApiExample, extend_schema, extend_schema_view
 from rest_framework import mixins, viewsets
-from rest_framework.decorators import action
 from rest_framework.permissions import IsAuthenticated
-from rest_framework.response import Response
 
 from ..models import (
     DestructionList,
     DestructionListItem,
     DestructionListItemReview,
     DestructionListReview,
+    ReviewResponse,
 )
 from .filtersets import (
     DestructionListFilterset,
     DestructionListItemFilterset,
     DestructionListReviewFilterset,
     DestructionListReviewItemFilterset,
+    ReviewResponseFilterset,
 )
-from .permissions import (
-    CanMakeRequestedChanges,
-    CanStartDestructionPermission,
-    CanUpdateDestructionList,
-)
+from .permissions import CanStartDestructionPermission, CanUpdateDestructionList
 from .serializers import (
     DestructionListAPIResponseSerializer,
     DestructionListItemReviewSerializer,
     DestructionListItemSerializer,
     DestructionListReviewSerializer,
     DestructionListSerializer,
+    ReviewResponseSerializer,
 )
 
 
@@ -129,13 +126,6 @@
         description=_("Retrieve details about a destruction list."),
         responses={200: DestructionListAPIResponseSerializer},
     ),
-    make_requested_changes=extend_schema(
-        tags=["Destruction list"],
-        summary=_("Make requested changes"),
-        description=_(
-            "Update a destruction list after a reviewer has requested changes."
-        ),
-    ),
 )
 class DestructionListViewSet(
     mixins.RetrieveModelMixin,
@@ -155,8 +145,6 @@ def get_permissions(self):
             permission_classes = [IsAuthenticated & CanStartDestructionPermission]
         elif self.action == "update":
             permission_classes = [IsAuthenticated & CanUpdateDestructionList]
-        elif self.action == "make_requested_changes":
-            permission_classes = [IsAuthenticated & CanMakeRequestedChanges]
         else:
             permission_classes = [IsAuthenticated]
         return [permission() for permission in permission_classes]
@@ -174,12 +162,6 @@ def create(self, request, *args, **kwargs):
     def update(self, request, *args, **kwargs):
         return super().update(request, *args, **kwargs)
 
-    @action(detail=True, methods=["patch"], name="make-requested-changes")
-    def make_requested_changes(self, request, *args, **kwargs):
-        # Triggers the object permissions check
-        self.get_object()
-        return Response("Not implemented!")
-
 
 @extend_schema_view(
     list=extend_schema(
@@ -242,3 +224,35 @@ class DestructionListItemReviewViewSet(mixins.ListModelMixin, viewsets.GenericVi
     queryset = DestructionListItemReview.objects.all()
     filter_backends = (DjangoFilterBackend,)
     filterset_class = DestructionListReviewItemFilterset
+
+
+@extend_schema_view(
+    list=extend_schema(
+        tags=["Reviews"],
+        summary=_("List review responses"),
+        description=_("List all the responses to the reviews of a destruction list."),
+    ),
+    create=extend_schema(
+        tags=["Reviews"],
+        summary=_("Create a review response"),
+        description=_(
+            "Create a response to a review. "
+            "You need to be the author of a destruction list for this and you need to be assigned to it. "
+            "The status of the destruction list must be 'changes requested'."
+        ),
+    ),
+)
+class ReviewResponseViewSet(
+    mixins.ListModelMixin, mixins.CreateModelMixin, viewsets.GenericViewSet
+):
+    serializer_class = ReviewResponseSerializer
+    queryset = ReviewResponse.objects.all()
+    filter_backends = (DjangoFilterBackend,)
+    filterset_class = ReviewResponseFilterset
+
+    def get_permissions(self):
+        if self.action == "create":
+            permission_classes = [IsAuthenticated & CanStartDestructionPermission]
+        else:
+            permission_classes = [IsAuthenticated]
+        return [permission() for permission in permission_classes]

backend/src/openarchiefbeheer/destruction/models.py

@@ -2,6 +2,7 @@
 import uuid as _uuid
 
 from django.db import models
+from django.db.models import QuerySet
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 
@@ -323,6 +324,10 @@ class Meta:
     def __str__(self):
         return f"Response to {self.review}"
 
+    @property
+    def items_responses(self) -> QuerySet["ReviewItemResponse"]:
+        return ReviewItemResponse.objects.filter(review_item__review=self.review)
+
 
 class ReviewItemResponse(models.Model):
     review_item = models.ForeignKey(

backend/src/openarchiefbeheer/destruction/tests/factories.py

@@ -47,3 +47,17 @@ class DestructionListItemReviewFactory(factory.django.DjangoModelFactory):
 
     class Meta:
         model = "destruction.DestructionListItemReview"
+
+
+class ReviewItemResponseFactory(factory.django.DjangoModelFactory):
+    review_item = factory.SubFactory(DestructionListItemReviewFactory)
+
+    class Meta:
+        model = "destruction.ReviewItemResponse"
+
+
+class ReviewResponseFactory(factory.django.DjangoModelFactory):
+    review = factory.SubFactory(DestructionListReviewFactory)
+
+    class Meta:
+        model = "destruction.ReviewResponse"