From 14b82fa038124b4f9ab01863a26c01d9c5d94942 Mon Sep 17 00:00:00 2001
From: Mark <mark@marktai.com>
Date: Wed, 24 Jan 2018 05:33:50 +0000
Subject: [PATCH 1/2] added verification permission to mentor and to requests

---
 src/email_requests/tests.py | 25 ++++++++++++++++---------
 src/email_requests/views.py |  2 ++
 src/users/factories.py      |  1 +
 src/users/permissions.py    | 10 ++++++++++
 src/users/tests.py          | 11 ++++++++++-
 src/users/views.py          |  6 ++++--
 6 files changed, 43 insertions(+), 12 deletions(-)
 create mode 100644 src/users/permissions.py

diff --git a/src/email_requests/tests.py b/src/email_requests/tests.py
index 7dd0da4..a04b3a7 100644
--- a/src/email_requests/tests.py
+++ b/src/email_requests/tests.py
@@ -30,7 +30,6 @@ def test_make_request(self):
         create_url = reverse('email_requests:send_email', kwargs={'mentor_id': self.mentor.id})
         
         request_params = {
-            #'phone': '12345678910',
             'preferred_mentee_email': 'test@ucla.edu',
             'message': 'Hi this is test message',
         }
@@ -46,7 +45,6 @@ def test_make_request(self):
 
         self.assertEqual(request.mentor, self.mentor)
         self.assertEqual(request.mentee, self.mentee)
-        #self.assertEqual(request.phone, request_params['phone'])
         self.assertEqual(request.preferred_mentee_email, request_params['preferred_mentee_email'])
 
     def test_make_request_no_phone(self):
@@ -71,6 +69,22 @@ def test_make_request_no_phone(self):
         self.assertEqual(request.phone, '')
         self.assertEqual(request.preferred_mentee_email, request_params['preferred_mentee_email'])
 
+    def test_make_request_unverified(self):
+        self.mentee = users_factories.ProfileFactory(verified=False)
+        create_url = reverse('email_requests:send_email', kwargs={'mentor_id': self.mentor.id})
+        
+        request_params = {
+            'preferred_mentee_email': 'test@ucla.edu',
+            'message': 'Hi this is test message',
+        }
+
+        resp = self.client.post(
+            create_url,
+            data=request_params,
+        )
+
+        self.assertFalse(Request.objects.filter(mentor=self.mentor, mentee=self.mentee).exists())
+
 class ListRequestsTest(APITestCase):
     
     get_url = reverse('email_requests:requests_list')
@@ -166,8 +180,6 @@ def test_mentee_only_requests(self):
 
 
     def test_list_reqests_empty(self):
-        
-
         resp = self.client.get(
             self.get_url,
         )
@@ -175,8 +187,3 @@ def test_list_reqests_empty(self):
         self.assertEqual(resp.data['count'], 0)
         self.assertEqual(len(resp.data['results']), 0)
 
-       
-
-    
-
-
diff --git a/src/email_requests/views.py b/src/email_requests/views.py
index 204f58e..3ad79f4 100644
--- a/src/email_requests/views.py
+++ b/src/email_requests/views.py
@@ -11,9 +11,11 @@
 
 import sendgrid
 from sendgrid.helpers.mail import Email, Content, Substitution, Mail
+from users.permissions import VerifiedUser
 
 # Create your views here.
 class EmailRequestView(generics.CreateAPIView):
+    permission_classes = (VerifiedUser,)
     serializer_class = RequestSerializer
 
     def get_object(self):
diff --git a/src/users/factories.py b/src/users/factories.py
index d8b58a4..55aa2cc 100644
--- a/src/users/factories.py
+++ b/src/users/factories.py
@@ -15,6 +15,7 @@ class Meta:
         model = models.Profile
     user = factory.SubFactory(UserFactory)
     verification_code = factory.LazyAttribute(lambda a: models.Profile.generate_verification_code())
+    verified = True
 
 class MajorFactory(factory.django.DjangoModelFactory):
     class Meta:
diff --git a/src/users/permissions.py b/src/users/permissions.py
new file mode 100644
index 0000000..92eea61
--- /dev/null
+++ b/src/users/permissions.py
@@ -0,0 +1,10 @@
+from rest_framework import permissions
+
+
+class VerifiedUser(permissions.BasePermission):
+    """
+    Custom permission to only allow verified users 
+    """
+
+    def has_object_permission(self, request, view, obj):
+        return obj.verified
diff --git a/src/users/tests.py b/src/users/tests.py
index 3566a65..99d2c49 100644
--- a/src/users/tests.py
+++ b/src/users/tests.py
@@ -53,7 +53,7 @@ class VerifyUserTest(APITestCase):
     verify_url = reverse('users:verify')
 
     def setUp(self):
-        self.profile = factories.ProfileFactory()
+        self.profile = factories.ProfileFactory(verified=False)
         self.client.force_authenticate(user=self.profile.user)
 
     def tearDown(self):
@@ -240,6 +240,15 @@ def test_makes_existing_mentor_active(self):
         mentor.refresh_from_db()
         self.assertTrue(mentor.active)
 
+    def test_requires_verification(self):
+        self.profile = factories.ProfileFactory(verified=False)
+        self.assertEqual(Mentor.objects.filter(profile = self.profile).exists(), False)
+        resp = self.client.post(
+            self.mentors_create_url,
+        )
+        self.assertEqual(Mentor.objects.filter(profile = self.profile).exists(), False)
+
+
 class FindMentorByIDTest(APITestCase):
     def setUp(self):
         self.mentor = factories.MentorFactory()
diff --git a/src/users/views.py b/src/users/views.py
index a424394..d0fdef0 100644
--- a/src/users/views.py
+++ b/src/users/views.py
@@ -21,6 +21,7 @@
     UserSerializer, GroupSerializer, ProfileSerializer, MajorSerializer, 
     MentorSerializer, CourseSerializer,
 )
+from .permissions import VerifiedUser
 
 import sendgrid
 from sendgrid.helpers.mail import Email, Content, Substitution, Mail
@@ -169,12 +170,13 @@ class OwnMentorView(generics.RetrieveUpdateDestroyAPIView):
     """
     View for turning mentor status on (post) and modifying all mentor fields
     """
+    permission_classes = tuple()
     serializer_class = MentorSerializer
+
     def get_object(self):
         return get_object_or_404(Mentor, profile__user=self.request.user)
-    serializer_class = MentorSerializer
-    def post (self,request):
 
+    def post (self, request):
         profile_id = self.request.user.profile.id
         profile = Profile.objects.get(id=profile_id)
         mentor_request = Mentor.objects.filter(profile__user=self.request.user)

From f33e6f8fe898ea43584fccea45597af9e0727b84 Mon Sep 17 00:00:00 2001
From: Mark <mark@marktai.com>
Date: Wed, 24 Jan 2018 06:23:49 +0000
Subject: [PATCH 2/2] actually made it work

---
 src/users/permissions.py | 5 ++---
 src/users/views.py       | 2 +-
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/users/permissions.py b/src/users/permissions.py
index 92eea61..c412100 100644
--- a/src/users/permissions.py
+++ b/src/users/permissions.py
@@ -5,6 +5,5 @@ class VerifiedUser(permissions.BasePermission):
     """
     Custom permission to only allow verified users 
     """
-
-    def has_object_permission(self, request, view, obj):
-        return obj.verified
+    def has_permission(self, request, view):
+        return request.user.profile.verified
diff --git a/src/users/views.py b/src/users/views.py
index d0fdef0..9fd596c 100644
--- a/src/users/views.py
+++ b/src/users/views.py
@@ -170,7 +170,7 @@ class OwnMentorView(generics.RetrieveUpdateDestroyAPIView):
     """
     View for turning mentor status on (post) and modifying all mentor fields
     """
-    permission_classes = tuple()
+    permission_classes = (VerifiedUser,)
     serializer_class = MentorSerializer
 
     def get_object(self):