✨ [#127] Endpoints to create a response to a review

Author: SilviaAmAm

backend/src/openarchiefbeheer/destruction/api/permissions.py

@@ -33,19 +33,3 @@ def has_object_permission(self, request, view, destruction_list):
             request.user == destruction_list.author
             and destruction_list.status == ListStatus.new
         )
-
-
-class CanMakeRequestedChanges(permissions.BasePermission):
-    message = _(
-        "You are either not allowed to update this destruction list or "
-        "the destruction list can currently not be updated."
-    )
-
-    def has_permission(self, request, view):
-        return request.user.role and request.user.role.can_start_destruction
-
-    def has_object_permission(self, request, view, destruction_list):
-        return (
-            request.user == destruction_list.author
-            and destruction_list.status == ListStatus.changes_requested
-        )

backend/src/openarchiefbeheer/destruction/api/serializers.py

@@ -1,3 +1,4 @@
+from django.db import transaction
 from django.db.models import Q
 from django.utils.translation import gettext_lazy as _
 
@@ -349,9 +350,16 @@ class ActionZaakSerializer(serializers.Serializer):
         required=False, help_text=_("A new date for when this case should be archived.")
     )
 
+    def to_internal_value(self, data: dict) -> dict:
+        internal_value = super().to_internal_value(data)
+
+        if archiefactiedatum := internal_value.get("archiefactiedatum"):
+            internal_value["archiefactiedatum"] = archiefactiedatum.isoformat()
+        return internal_value
+
 
 class ReviewItemResponseSerializer(serializers.ModelSerializer):
-    action_zaak = ActionZaakSerializer()
+    action_zaak = ActionZaakSerializer(required=False)
 
     class Meta:
         model = ReviewItemResponse
@@ -371,3 +379,35 @@ class ReviewResponseSerializer(serializers.ModelSerializer):
     class Meta:
         model = ReviewResponse
         fields = ("pk", "review", "comment", "created", "items_responses")
+
+    def validate(self, attrs: dict) -> dict:
+        destruction_list = attrs["review"].destruction_list
+        request = self.context["request"]
+
+        if not (
+            request.user == destruction_list.author
+            and destruction_list.status == ListStatus.changes_requested
+        ):
+            raise ValidationError(
+                _(
+                    "This user is either not allowed to update the destruction list or "
+                    "the destruction list cannot currently be updated."
+                )
+            )
+
+        return attrs
+
+    @transaction.atomic
+    def create(self, validated_data: dict) -> ReviewResponse:
+        items_responses_data = validated_data.pop("items_responses", [])
+        items_responses = [
+            ReviewItemResponse(**item_response)
+            for item_response in items_responses_data
+        ]
+
+        review_response = ReviewResponse.objects.create(**validated_data)
+        ReviewItemResponse.objects.bulk_create(items_responses)
+
+        # TODO kick off celery task to update the cases and to change the status/assignee of the destruction list
+
+        return review_response

backend/src/openarchiefbeheer/destruction/api/viewsets.py

@@ -4,9 +4,7 @@
 from django_filters.rest_framework import DjangoFilterBackend
 from drf_spectacular.utils import OpenApiExample, extend_schema, extend_schema_view
 from rest_framework import mixins, viewsets
-from rest_framework.decorators import action
 from rest_framework.permissions import IsAuthenticated
-from rest_framework.response import Response
 
 from ..models import (
     DestructionList,
@@ -22,11 +20,7 @@
     DestructionListReviewItemFilterset,
     ReviewResponseFilterset,
 )
-from .permissions import (
-    CanMakeRequestedChanges,
-    CanStartDestructionPermission,
-    CanUpdateDestructionList,
-)
+from .permissions import CanStartDestructionPermission, CanUpdateDestructionList
 from .serializers import (
     DestructionListAPIResponseSerializer,
     DestructionListItemReviewSerializer,
@@ -132,13 +126,6 @@
         description=_("Retrieve details about a destruction list."),
         responses={200: DestructionListAPIResponseSerializer},
     ),
-    make_requested_changes=extend_schema(
-        tags=["Destruction list"],
-        summary=_("Make requested changes"),
-        description=_(
-            "Update a destruction list after a reviewer has requested changes."
-        ),
-    ),
 )
 class DestructionListViewSet(
     mixins.RetrieveModelMixin,
@@ -158,8 +145,6 @@ def get_permissions(self):
             permission_classes = [IsAuthenticated & CanStartDestructionPermission]
         elif self.action == "update":
             permission_classes = [IsAuthenticated & CanUpdateDestructionList]
-        elif self.action == "make_requested_changes":
-            permission_classes = [IsAuthenticated & CanMakeRequestedChanges]
         else:
             permission_classes = [IsAuthenticated]
         return [permission() for permission in permission_classes]
@@ -177,12 +162,6 @@ def create(self, request, *args, **kwargs):
     def update(self, request, *args, **kwargs):
         return super().update(request, *args, **kwargs)
 
-    @action(detail=True, methods=["patch"], name="make-requested-changes")
-    def make_requested_changes(self, request, *args, **kwargs):
-        # Triggers the object permissions check
-        self.get_object()
-        return Response("Not implemented!")
-
 
 @extend_schema_view(
     list=extend_schema(
@@ -253,9 +232,27 @@ class DestructionListItemReviewViewSet(mixins.ListModelMixin, viewsets.GenericVi
         summary=_("List review responses"),
         description=_("List all the responses to the reviews of a destruction list."),
     ),
+    create=extend_schema(
+        tags=["Reviews"],
+        summary=_("Create a review response"),
+        description=_(
+            "Create a response to a review. "
+            "You need to be the author of a destruction list for this and you need to be assigned to it. "
+            "The status of the destruction list must be 'changes requested'."
+        ),
+    ),
 )
-class ReviewResponseViewSet(mixins.ListModelMixin, viewsets.GenericViewSet):
+class ReviewResponseViewSet(
+    mixins.ListModelMixin, mixins.CreateModelMixin, viewsets.GenericViewSet
+):
     serializer_class = ReviewResponseSerializer
     queryset = ReviewResponse.objects.all()
     filter_backends = (DjangoFilterBackend,)
     filterset_class = ReviewResponseFilterset
+
+    def get_permissions(self):
+        if self.action == "create":
+            permission_classes = [IsAuthenticated & CanStartDestructionPermission]
+        else:
+            permission_classes = [IsAuthenticated]
+        return [permission() for permission in permission_classes]

backend/src/openarchiefbeheer/destruction/models.py

@@ -2,6 +2,7 @@
 import uuid as _uuid
 
 from django.db import models
+from django.db.models import QuerySet
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 
@@ -324,7 +325,7 @@ def __str__(self):
         return f"Response to {self.review}"
 
     @property
-    def items_responses(self):
+    def items_responses(self) -> QuerySet["ReviewItemResponse"]:
         return ReviewItemResponse.objects.filter(review_item__review=self.review)