[cvp-web] Admin can approve and not approve results

JIRA: DOVETAIL-562

According to the CVP workflow, once a result has been submitted to review,
the admin will send email to all reviewers to get the comment (+1 / -1).
Enable admin to approve/not approve the result after he gets the feedback from all reviewers.
Otherwise, the result will always be in 'review' status.

Change-Id: Ic3ace3c7284c70e9a8186d03e6cd88c91ecc76f9
Signed-off-by: grakiss <grakiss.wanglei@huawei.com>

diff --git a/cvp/3rd_party/static/testapi-ui/components/results/results.html b/cvp/3rd_party/static/testapi-ui/components/results/results.html
index a16ac30..1f816ea 100644 (file)
--- a/cvp/3rd_party/static/testapi-ui/components/results/results.html
+++ b/cvp/3rd_party/static/testapi-ui/components/results/results.html
@@ -15,6 +15,7 @@
 <div class="row" style="margin-bottom:24px;"></div>
 <div cg-busy="{promise:ctrl.authRequest,message:'Loading'}"></div>
 <div cg-busy="{promise:ctrl.resultsRequest,message:'Loading'}"></div>
+
 <div ng-show="ctrl.data" class="results-table">
     <table ng-data="ctrl.data.result" ng-show="ctrl.data" class="table table-striped table-hover">
         <thead>
@@ -48,12 +49,10 @@
                             Operation<span class="caret"></span>
                         </a>
                         <ul class="dropdown-menu" uib-dropdown-menu role="menu" aria-labelledby="single-button">
-                            <li role="menuitem" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-class="{'hide': result.status != 'review' || auth.currentUser.openid != result.owner}" ng-click="ctrl.toPrivate(result, 'private')">withdraw submit</a></li>
-                            <li role="menuitem" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-class="{'hide': result.status != 'private' || auth.currentUser.openid != result.owner}" ng-click="ctrl.toReview(result, 'review')">submit to review</a></li>
-                            <!--
-                            <li role="menuitem" ng-if="auth.currentUser.role.indexOf('reviewer') != -1" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-class="{'hide': result.status == 'approved'}" ng-click="ctrl.toggleCheck(result, 'status', 'approve')">approve</a></li>
-                            <li role="menuitem" ng-if="auth.currentUser.role.indexOf('reviewer') != -1" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-class="{'hide': result.status == 'not approved'}" ng-click="ctrl.toggleCheck(result, 'status', 'not approve')">not approve</a></li>
-                            -->
+                            <li role="menuitem" ng-if="auth.currentUser.openid == result.owner" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-class="{'hide': result.status == 'private'}" ng-click="ctrl.toPrivate(result, 'private')">withdraw submit</a></li>
+                            <li role="menuitem" ng-if="auth.currentUser.openid == result.owner" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-class="{'hide': result.status != 'private'}" ng-click="ctrl.toReview(result, 'review')">submit to review</a></li>
+                            <li role="menuitem" ng-if="auth.currentUser.role.indexOf('administrator') != -1" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-class="{'hide': result.status == 'approved' || result.status == 'private'}" ng-click="ctrl.toggleCheck(result, 'status', 'approved')">approve</a></li>
+                            <li role="menuitem" ng-if="auth.currentUser.role.indexOf('administrator') != -1" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-class="{'hide': result.status == 'not approved' || result.status == 'private'}" ng-click="ctrl.toggleCheck(result, 'status', 'not approved')">not approve</a></li>
                             <li role="menuitem" ng-if="auth.currentUser.openid == result.owner" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-click="ctrl.openSharedModal(result)">share with</a></li>
                             <li role="menuitem" ng-if="auth.currentUser.openid == result.owner" class="menu-item menu-item-type-post_type menu-item-object-page"><a ng-click="ctrl.deleteTest(result._id)">delete</a></li>
                         </ul>
@@ -88,6 +87,7 @@
         </uib-pagination>
     </div>
 </div>
+
 </div>
 <div ng-show="ctrl.showError" class="alert alert-danger" role="alert">
     <span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span>

diff --git a/cvp/opnfv_testapi/resources/test_handlers.py b/cvp/opnfv_testapi/resources/test_handlers.py
index 2baa294..161585e 100644 (file)
--- a/cvp/opnfv_testapi/resources/test_handlers.py
+++ b/cvp/opnfv_testapi/resources/test_handlers.py
@@ -188,21 +188,49 @@ class TestsGURHandler(GenericTestHandler):
 
         query = {'_id': objectid.ObjectId(_id)}
         db_keys = ['_id', ]
+
+        test = yield dbapi.db_find_one("tests", query)
+        if not test:
+            msg = 'Record does not exist'
+            self.finish_request({'code': 404, 'msg': msg})
+            return
+
         curr_user = self.get_secure_cookie(auth_const.OPENID)
-        if item in {"shared", "label", "status"}:
+        if item in {"shared", "label"}:
             query['owner'] = curr_user
             db_keys.append('owner')
 
-        if item == "status" and value == "review":
-            test = yield dbapi.db_find_one("tests", query)
-            if test:
+        if item == "status":
+            if value in {'approved', 'not approved'}:
+                if test['status'] == 'private':
+                    msg = 'Not allowed to approve/not approve'
+                    self.finish_request({'code': 403, 'msg': msg})
+                    return
+
+                user = yield dbapi.db_find_one("users", {'openid': curr_user})
+                if 'administrator' not in user['role']:
+                    msg = 'No permission to operate'
+                    self.finish_request({'code': 403, 'msg': msg})
+                    return
+            elif value == 'review':
+                if test['status'] != 'private':
+                    msg = 'Not allowed to submit to review'
+                    self.finish_request({'code': 403, 'msg': msg})
+                    return
+
+                query['owner'] = curr_user
+                db_keys.append('owner')
+
                 test_query = {'id': test['id'], 'status': 'review'}
                 record = yield dbapi.db_find_one("tests", test_query)
                 if record:
-                    msg = ('{} has already submitted one record with the same'
+                    msg = ('{} has already submitted one record with the same '
                            'Test ID: {}'.format(record['owner'], test['id']))
                     self.finish_request({'code': 403, 'msg': msg})
                     return
+            else:
+                query['owner'] = curr_user
+                db_keys.append('owner')
 
         logging.debug("before _update 2")
         self._update(query=query, db_keys=db_keys)