ieeeuoft · danielqiuu · Jun 18, 2023 · Jun 26, 2023
diff --git a/hackathon_site/event/static/event/js/application.js b/hackathon_site/event/static/event/js/application.js
@@ -2,4 +2,4 @@ $(document).ready(function () {
     $(
         "#id_why_participate, #id_what_technical_experience, #id_what_past_experience"
     ).characterCounter();
-});
+});
diff --git a/hackathon_site/event/static/event/js/landing.js b/hackathon_site/event/static/event/js/landing.js
@@ -79,4 +79,4 @@ function setCounter(countDownDate) {
 
     $("#day2").html(Math.floor(days / 10) % 10);
     $("#day3").html(days % 10);
-}
+}
diff --git a/hackathon_site/event/static/event/styles/scss/_variables.scss b/hackathon_site/event/static/event/styles/scss/_variables.scss
@@ -30,4 +30,4 @@ $font-sizes: (
 
 @function size($size) {
     @return map-get($font-sizes, $size); //(name of map, key)
-}
+}
diff --git a/hackathon_site/event/static/event/styles/scss/styles.scss b/hackathon_site/event/static/event/styles/scss/styles.scss
@@ -684,4 +684,4 @@ strong {
 .marginTop0 {
     margin-top: 0 !important;
 }
-// End of formatting stuff
+// End of formatting stuff
diff --git a/hackathon_site/hardware/serializers.py b/hackathon_site/hardware/serializers.py
@@ -76,6 +76,28 @@ class IncidentSerializer(IncidentCreateSerializer):
     order_item = OrderItemSerializer()
 
 
+class IncidentPatchSerializer(serializers.ModelSerializer):
+    team_id = serializers.SerializerMethodField()
+
+    class Meta:
+        model = Incident
+        fields = (
+            "id",
+            "state",
+            "time_occurred",
+            "description",
+            "order_item",
+            "team_id",
+            "created_at",
+            "updated_at",
+        )
+        read_only_fields = ("id", "order_item", "team_id", "created_at", "updated_at")
+
+    @staticmethod
+    def get_team_id(obj: Incident) -> int:
+        return obj.order_item.order.team.id if obj.order_item.order.team else None
+
+
 class OrderItemInOrderSerializer(serializers.ModelSerializer):
     class Meta:
         model = OrderItem

diff --git a/hackathon_site/hardware/test_api.py b/hackathon_site/hardware/test_api.py
@@ -930,6 +930,94 @@ def test_incident_get_success(self):
         self.assertEqual(expected_response, data)
 
 
+class IncidentDetailViewPatchTestCase(SetupUserMixin, APITestCase):
+    def setUp(self):
+        super().setUp()
+        self.view_name = "api:hardware:incident-detail"
+        self.team = Team.objects.create()
+        self.permissions = Permission.objects.filter(
+            content_type__app_label="hardware", codename="change_incident"
+        )
+        self.order = Order.objects.create(
+            status="Cart",
+            team=self.team,
+            request={"hardware": [{"id": 1, "quantity": 1}]},
+        )
+        self.hardware = Hardware.objects.create(
+            name="name",
+            model_number="model",
+            manufacturer="manufacturer",
+            datasheet="/datasheet/location/",
+            notes="notes",
+            quantity_available=4,
+            max_per_team=1,
+            picture="/picture/location",
+        )
+
+        self.order_item = OrderItem.objects.create(
+            order=self.order, hardware=self.hardware,
+        )
+
+        self.incident = Incident.objects.create(
+            state="Broken",
+            description="Description",
+            order_item=self.order_item,
+            time_occurred=datetime(2022, 8, 8, tzinfo=settings.TZ_INFO),
+        )
+
+        self.view_permissions = Permission.objects.filter(
+            content_type__app_label="hardware", codename="view_incident"
+        )
+
+        self.pk = self.incident.id
+
+    def _build_view(self, pk):
+        return reverse(self.view_name, kwargs={"pk": pk})
+
+    def test_user_not_logged_in(self):
+        request_data = {"description": "New Description"}
+        response = self.client.patch(self._build_view(self.pk), request_data)
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+
+    def test_user_lack_perms(self):
+        self._login()
+        request_data = {"description": "New Description"}
+        response = self.client.patch(self._build_view(self.pk), request_data)
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+    def test_successful_state_change_update_incident_state(self):
+        self._login(self.permissions)
+        request_data = {"state": "Broken"}
+        response = self.client.patch(self._build_view(self.pk), request_data)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(request_data["state"], Incident.objects.get(id=self.pk).state)
+
+    def test_unallowed_state_change_does_not_update_incident_state(self):
+        self._login(self.permissions)
+        request_data = {"state": "abcdefg"}
+        response = self.client.patch(self._build_view(self.pk), request_data)
+        self.assertNotEqual(
+            request_data["state"], Incident.objects.get(id=self.pk).state
+        )
+        self.assertEqual(
+            response.json(),
+            {"state": [f"\"{request_data['state']}\" is not a valid choice."]},
+        )
+
+    def test_fail_change_read_only_does_not_change_id(self):
+        self._login(self.permissions)
+        request_data = {"id": -1}
+        response = self.client.patch(self._build_view(self.pk), request_data)
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+        self.assertNotEqual(request_data["id"], Incident.objects.get(id=self.pk).id)
+
+    def test_fail_change_non_existing_field(self):
+        self._login(self.permissions)
+        request_data = {"Non Existent field": "abcdefg"}
+        response = self.client.patch(self._build_view(self.pk), request_data)
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+
 class OrderListViewPostTestCase(SetupUserMixin, APITestCase):
     def setUp(self):
         super().setUp()

diff --git a/hackathon_site/hardware/views.py b/hackathon_site/hardware/views.py
@@ -27,6 +27,7 @@
     CategorySerializer,
     HardwareSerializer,
     IncidentSerializer,
+    IncidentPatchSerializer,
     IncidentCreateSerializer,
     OrderListSerializer,
     OrderCreateSerializer,
@@ -103,15 +104,35 @@ def post(self, request, *args, **kwargs):
         return self.create(request, *args, **kwargs)
 
 
-class IncidentDetailView(mixins.RetrieveModelMixin, generics.GenericAPIView):
+class IncidentDetailView(
+    mixins.RetrieveModelMixin, mixins.UpdateModelMixin, generics.GenericAPIView
+):
     queryset = Incident.objects.all()
 
-    serializer_class = IncidentSerializer
     permission_classes = [FullDjangoModelPermissions]
 
+    def get_serializer_class(self):
+        if self.request.method == "GET":
+            return IncidentSerializer
+        elif self.request.method == "PATCH":
+            return IncidentPatchSerializer
+
     def get(self, request, *args, **kwargs):
         return self.retrieve(request, *args, **kwargs)
 
+    def patch(self, request, *args, **kwargs):
+        try:
+            data = request.data
+            if not isinstance(data, dict):
+                raise ValueError("Invalid request data format")
+            valid_fields = {"state", "time_occurred", "description"}
+            for field in data:
+                if field not in valid_fields:
+                    raise ValueError(f'"{field}" is not a valid field')
+            return self.partial_update(request, *args, **kwargs)
+        except ValueError as e:
+            return Response(str(e), status=status.HTTP_400_BAD_REQUEST)
+
 
 class OrderItemListView(mixins.ListModelMixin, generics.GenericAPIView):
     search_fields = ("order__team__team_code", "order__id")
-Original file line number
+Diff line change
@@ Expand Up / @@ -2,4 +2,4 @@ $(document).ready(function () { @@
         $(
             "#id_why_participate, #id_what_technical_experience, #id_what_past_experience"
         ).characterCounter();
-    });
+    });