✨(api) return user id, name and email on /team/<id>/accesses/

Add serializers to return basic user info when listing /team/<id>/accesses/ endpoint. This will allow front-end to retrieve members info without having to query API for each user.id.
2024-02-26 18:03:31 +01:00
parent 70b1b996df
commit 81243cfc9a
7 changed files with 283 additions and 68 deletions
--- a/src/backend/core/tests/team_accesses/test_api_team_accesses_create.py
+++ b/src/backend/core/tests/team_accesses/test_api_team_accesses_create.py
@@ -45,7 +45,7 @@ def test_api_team_accesses_create_authenticated_unrelated():

    client = APIClient()
    client.force_login(user)
-    response = APIClient().post(
+    response = client.post(
        f"/api/v1.0/teams/{team.id!s}/accesses/",
        {
            "user": str(other_user.id),
@@ -155,7 +155,7 @@ def test_api_team_accesses_create_authenticated_owner():

    client = APIClient()
    client.force_login(user)
-    response = APIClient().post(
+    response = client.post(
        f"/api/v1.0/teams/{team.id!s}/accesses/",
        {
            "user": str(other_user.id),
--- a/src/backend/core/tests/team_accesses/test_api_team_accesses_list.py
+++ b/src/backend/core/tests/team_accesses/test_api_team_accesses_list.py
@@ -55,12 +55,16 @@ def test_api_team_accesses_list_authenticated_related():
    Authenticated users should be able to list team accesses for a team
    to which they are related, whatever their role in the team.
    """
-    identity = factories.IdentityFactory()
+    identity = factories.IdentityFactory(is_main=True)
    user = identity.user

    team = factories.TeamFactory()
    user_access = models.TeamAccess.objects.create(team=team, user=user)  # random role
-    access1, access2 = factories.TeamAccessFactory.create_batch(2, team=team)
+
+    # other team members should appear
+    other_member = factories.UserFactory()
+    other_member_identity = factories.IdentityFactory(is_main=True, user=other_member)
+    access1 = factories.TeamAccessFactory.create(team=team, user=other_member)

    # Accesses for other teams to which the user is related should not be listed either
    other_access = factories.TeamAccessFactory(user=user)
@@ -73,27 +77,111 @@ def test_api_team_accesses_list_authenticated_related():
    )

    assert response.status_code == 200
-    assert response.json()["count"] == 3
+    assert response.json()["count"] == 2
    assert sorted(response.json()["results"], key=lambda x: x["id"]) == sorted(
        [
            {
                "id": str(user_access.id),
-                "user": str(user.id),
-                "role": user_access.role,
+                "user": {
+                    "id": str(user_access.user.id),
+                    "email": str(identity.email),
+                    "name": str(identity.name),
+                },
+                "role": str(user_access.role),
                "abilities": user_access.get_abilities(user),
            },
            {
                "id": str(access1.id),
-                "user": str(access1.user.id),
-                "role": access1.role,
+                "user": {
+                    "id": str(access1.user.id),
+                    "email": str(other_member_identity.email),
+                    "name": str(other_member_identity.name),
+                },
+                "role": str(access1.role),
                "abilities": access1.get_abilities(user),
            },
-            {
-                "id": str(access2.id),
-                "user": str(access2.user.id),
-                "role": access2.role,
-                "abilities": access2.get_abilities(user),
-            },
        ],
        key=lambda x: x["id"],
    )
+
+
+def test_api_team_accesses_list_authenticated_main_identity():
+    """
+    Name and email should be returned from main identity only
+    """
+    user = factories.UserFactory()
+    identity = factories.IdentityFactory(user=user, is_main=True)
+    factories.IdentityFactory(user=user)  # additional non-main identity
+
+    team = factories.TeamFactory()
+    models.TeamAccess.objects.create(team=team, user=user)  # random role
+
+    # other team members should appear, with correct identity
+    other_user = factories.UserFactory()
+    other_main_identity = factories.IdentityFactory(is_main=True, user=other_user)
+    factories.IdentityFactory(user=other_user)
+    factories.TeamAccessFactory.create(team=team, user=other_user)
+
+    # Accesses for other teams to which the user is related should not be listed either
+    other_access = factories.TeamAccessFactory(user=user)
+    factories.TeamAccessFactory(team=other_access.team)
+
+    client = APIClient()
+    client.force_login(user)
+    response = client.get(
+        f"/api/v1.0/teams/{team.id!s}/accesses/",
+    )
+
+    assert response.status_code == 200
+    assert response.json()["count"] == 2
+    users_info = [
+        (access["user"]["email"], access["user"]["name"])
+        for access in response.json()["results"]
+    ]
+    # user information should be returned from main identity
+    assert sorted(users_info) == sorted(
+        [
+            (str(identity.email), str(identity.name)),
+            (str(other_main_identity.email), str(other_main_identity.name)),
+        ]
+    )
+
+
+def test_api_team_accesses_list_authenticated_constant_numqueries(
+    django_assert_num_queries,
+):
+    """
+    The number of queries should not depend on the amount of fetched accesses.
+    """
+    user = factories.UserFactory()
+    factories.IdentityFactory(user=user, is_main=True)
+
+    team = factories.TeamFactory()
+    models.TeamAccess.objects.create(team=team, user=user)  # random role
+
+    client = APIClient()
+    client.force_login(user)
+    # Only 4 queries are needed to efficiently fetch team accesses,
+    # related users and identities :
+    # - query retrieving logged-in user for user_role annotation
+    # - count from pagination
+    # - query prefetching users' main identity
+    # - distinct from viewset
+    with django_assert_num_queries(4):
+        response = client.get(
+            f"/api/v1.0/teams/{team.id!s}/accesses/",
+        )
+
+    # create 20 new team members
+    for _ in range(20):
+        extra_user = factories.IdentityFactory(is_main=True).user
+        factories.TeamAccessFactory(team=team, user=extra_user)
+
+    # num queries should still be 4
+    with django_assert_num_queries(4):
+        response = client.get(
+            f"/api/v1.0/teams/{team.id!s}/accesses/",
+        )
+
+    assert response.status_code == 200
+    assert response.json()["count"] == 21
--- a/src/backend/core/tests/team_accesses/test_api_team_accesses_retrieve.py
+++ b/src/backend/core/tests/team_accesses/test_api_team_accesses_retrieve.py
@@ -33,26 +33,23 @@ def test_api_team_accesses_retrieve_authenticated_unrelated():
    identity = factories.IdentityFactory()
    user = identity.user

-    team = factories.TeamFactory()
-    access = factories.TeamAccessFactory(team=team)
+    access = factories.TeamAccessFactory(team=factories.TeamFactory())

    client = APIClient()
    client.force_login(user)
    response = client.get(
-        f"/api/v1.0/teams/{team.id!s}/accesses/{access.id!s}/",
+        f"/api/v1.0/teams/{access.team.id!s}/accesses/{access.id!s}/",
    )
-    assert response.status_code == 403
-    assert response.json() == {
-        "detail": "You do not have permission to perform this action."
-    }
+    assert response.status_code == 404
+    assert response.json() == {"detail": "Not found."}

    # Accesses related to another team should be excluded even if the user is related to it
-    for access in [
+    for other_access in [
        factories.TeamAccessFactory(),
        factories.TeamAccessFactory(user=user),
    ]:
        response = client.get(
-            f"/api/v1.0/teams/{team.id!s}/accesses/{access.id!s}/",
+            f"/api/v1.0/teams/{access.team.id!s}/accesses/{other_access.id!s}/",
        )

        assert response.status_code == 404
@@ -64,11 +61,11 @@ def test_api_team_accesses_retrieve_authenticated_related():
    A user who is related to a team should be allowed to retrieve the
    associated team user accesses.
    """
-    identity = factories.IdentityFactory()
+    identity = factories.IdentityFactory(is_main=True)
    user = identity.user

-    team = factories.TeamFactory(users=[user])
-    access = factories.TeamAccessFactory(team=team)
+    team = factories.TeamFactory()
+    access = factories.TeamAccessFactory(team=team, user=user)

    client = APIClient()
    client.force_login(user)
@@ -79,7 +76,11 @@ def test_api_team_accesses_retrieve_authenticated_related():
    assert response.status_code == 200
    assert response.json() == {
        "id": str(access.id),
-        "user": str(access.user.id),
-        "role": access.role,
+        "user": {
+            "id": str(access.user.id),
+            "email": str(identity.email),
+            "name": str(identity.name),
+        },
+        "role": str(access.role),
        "abilities": access.get_abilities(user),
    }