Release 1.7.0

.github/workflows/django.yml

@@ -13,12 +13,6 @@ jobs:
       max-parallel: 4
       matrix:
         python-version: [3.9]
-    services:
-      elasticsearch:
-        image: elasticsearch:7.16.3
-        ports:
-        - 9200/tcp
-        options: -e="discovery.type=single-node" --health-cmd="curl http://localhost:9200/_cluster/health" --health-interval=10s --health-timeout=5s --health-retries=10
     steps:
     - uses: actions/checkout@v3
       with:
@@ -31,20 +25,13 @@ jobs:
       run: |
         python -m pip install --upgrade pip
         pip install -r requirements.txt
-    - name: Verify Elasticsearch connection from host
-      env:
-        OPEN_SEARCH_URL: http://localhost:${{ job.services.elasticsearch.ports[9200] }}
-      run: |
-        echo $OPEN_SEARCH_URL
-        curl -fsSL "$OPEN_SEARCH_URL/_cat/health?h=status"
     - name: Create settings_local.py
       run: |
         echo "SECRET_KEY = 'SECRET_KEY'" > CapX/settings_local.py
         echo "DEBUG = True" >> CapX/settings_local.py
         echo "ALLOWED_HOSTS = ['localhost', '127.0.0.1']" >> CapX/settings_local.py
         echo "BASE_DIR = '${GITHUB_WORKSPACE}'" >> CapX/settings_local.py
         echo "DATABASES = {'default': {'ENGINE': 'django.db.backends.sqlite3', 'NAME': 'db.sqlite3'}}" >> CapX/settings_local.py
-        echo "OPENSEARCH_DSL = {'default': {'hosts': 'http://localhost:${{ job.services.elasticsearch.ports[9200] }}'}}" >> CapX/settings_local.py
         echo "LANGUAGES = (('en', 'English'),('pt', 'Portuguese'),('es', 'Spanish'),)" >> CapX/settings.py
     - name: Coverage report
       run: |

.gitignore

@@ -4,6 +4,7 @@ __pycache__/
 */__pycache__
 *.pyc
 venv/
+.venv/
 Lib/
 Scripts/
 *.sqlite3

CapX/settings.py

@@ -31,7 +31,6 @@
     'django.contrib.staticfiles',
     'social_django',
     'modeltranslation',
-    'django_opensearch_dsl',
     'rest_framework',
     'rest_framework.authtoken',
     'rest_social_auth',

CapX/settings_local.py

@@ -35,16 +35,6 @@ def configure_settings():
             }
         }
 
-        opensearch={
-            'default': {
-                'hosts': 'http://elasticsearch.svc.tools.eqiad1.wikimedia.cloud:80',
-                'http_auth': (
-                    os.environ.get("TOOL_ELASTICSEARCH_USER", "default-value"), 
-                    os.environ.get("TOOL_ELASTICSEARCH_PASSWORD", "default-value")
-                )
-            }
-        }
-
     else:
         debug = True
         hosts = ['127.0.0.1']
@@ -58,18 +48,11 @@ def configure_settings():
             }
         }
 
-        opensearch={
-            'default': {
-                'hosts': 'http://localhost:9200'
-            }
-        }
-
     return {
         'DEBUG': debug,
         'ALLOWED_HOSTS': hosts,
         'SOCIAL_AUTH_MEDIAWIKI_CALLBACK': callback,
         'DATABASES': databases,
-        'OPENSEARCH_DSL': opensearch,
         'MESSAGE': message,
     }
 
@@ -78,5 +61,4 @@ def configure_settings():
 ALLOWED_HOSTS = settings['ALLOWED_HOSTS']
 SOCIAL_AUTH_MEDIAWIKI_CALLBACK = settings['SOCIAL_AUTH_MEDIAWIKI_CALLBACK']
 DATABASES = settings['DATABASES']
-OPENSEARCH_DSL = settings['OPENSEARCH_DSL']
 print(settings['MESSAGE'])

CapX/tests/test_settings_local.py

@@ -13,7 +13,6 @@ def test_os_path_exists_false(self):
             self.assertListEqual(settings['ALLOWED_HOSTS'], ['127.0.0.1'])
             self.assertEqual(settings['SOCIAL_AUTH_MEDIAWIKI_CALLBACK'], 'http://127.0.0.1:8000/oauth/complete/mediawiki/')
             self.assertEqual(settings['DATABASES']['default']['ENGINE'], 'django.db.backends.sqlite3')
-            self.assertEqual(settings['OPENSEARCH_DSL']['default']['hosts'], 'http://localhost:9200')
             self.assertEqual(settings['MESSAGE'], 'You are running in local mode, please make sure to set up the replica.my.cnf file to run in production mode')
 
     @unittest.skipIf(not hasattr(settings_local, 'configure_settings'), "settings_local.configure_settings doesn't exist")
@@ -25,5 +24,4 @@ def test_os_path_exists_true(self):
             self.assertListEqual(settings['ALLOWED_HOSTS'], ['capx-backend.toolforge.org', 'toolforge.org'])
             self.assertEqual(settings['SOCIAL_AUTH_MEDIAWIKI_CALLBACK'], 'https://capx.toolforge.org/oauth/')
             self.assertEqual(settings['DATABASES']['default']['ENGINE'], 'django.db.backends.mysql')
-            self.assertEqual(settings['OPENSEARCH_DSL']['default']['hosts'], 'http://elasticsearch.svc.tools.eqiad1.wikimedia.cloud:80')
             self.assertEqual(settings['MESSAGE'], 'You are running in production mode')

CapX/urls.py

@@ -19,7 +19,6 @@
 from django.urls import path, include
 from django.contrib.staticfiles.urls import staticfiles_urlpatterns
 from django.conf.urls.static import static
-from .search import search
 from rest_framework.routers import DefaultRouter
 from skills.views import SkillViewSet, ListSkillViewSet
 from users.views import ProfileViewSet, UsersViewSet, ListTerritoryViewSet, ListLanguageViewSet, ListWikimediaProjectViewSet, UsersBySkillViewSet
@@ -50,7 +49,6 @@
 
 urlpatterns = [
     path('admin/', admin.site.urls),
-    path('search/', search, name='search'),
     path('api-auth/', include("rest_framework.urls", namespace="rest_framework")),
     path('', include('social_django.urls')),
     path('', include(router.urls)),

orgs/tests/test_views.py

@@ -110,10 +110,12 @@ def test_retrieve_org(self):
         self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
 
         self.user.is_staff = True
+        self.user.save()
         response = self.client.get('/organizations/1/')
         self.assertEqual(response.status_code, status.HTTP_200_OK)
 
         self.user.is_staff = False
+        self.user.save()
         organization.managers.set([self.user])
         response = self.client.get('/organizations/1/')
         self.assertEqual(response.status_code, status.HTTP_200_OK)

skills/tests/test_views.py

@@ -9,6 +9,8 @@
 class SkillViewSetTestCase(TestCase):
     def setUp(self):
         self.user = CustomUser.objects.create_user(username='test', password=str(secrets.randbits(16)))
+        self.user.is_staff = True
+        self.user.save()
         self.client = APIClient()
         self.client.force_authenticate(self.user)
         skill = {
@@ -59,13 +61,13 @@ def test_update_skill(self):
 
     def test_delete_skill(self):
         response = self.client.delete('/skill/1/')
-        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+        self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
 
-    def test_delete_skill_staff(self):
-        self.user.is_staff = True
+    def test_delete_skill_nostaff(self):
+        self.user.is_staff = False
         self.user.save()
         response = self.client.delete('/skill/1/')
-        self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
 
     def test_delete_skill_referenced(self):
         # Create a second skill that references the first skill
@@ -74,7 +76,5 @@ def test_delete_skill_referenced(self):
             'skill_type': 1
         }
         self.client.post('/skill/', skill)
-        self.user.is_staff = True
-        self.user.save()
         response = self.client.delete('/skill/1/')
         self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)

skills/views.py

@@ -1,20 +1,39 @@
 from .models import Skill
 from .serializers import SkillSerializer
-from rest_framework import status, viewsets
+from rest_framework import status, viewsets, filters
 from rest_framework.response import Response
 
 
 class SkillViewSet(viewsets.ModelViewSet):
     serializer_class = SkillSerializer
     queryset = Skill.objects.all()
+    filter_backends = [filters.SearchFilter]
+    search_fields = ['skill_wikidata_item']
+
+    #Only staff can create and update skills
+    def create(self, request, *args, **kwargs):
+        if not request.user.is_staff:
+            return Response(
+                {"detail": "Only staff can create skills."},
+                status=status.HTTP_403_FORBIDDEN
+            )
+        return super().create(request, *args, **kwargs)
+
+    def update(self, request, *args, **kwargs):
+        if not request.user.is_staff:
+            return Response(
+                {"detail": "Only staff can update skills."},
+                status=status.HTTP_403_FORBIDDEN
+            )
+        return super().update(request, *args, **kwargs)
 
     def destroy(self, request, *args, **kwargs):
         instance = self.get_object()
 
         # Check if user is staff
         if not request.user.is_staff:
             return Response(
-                {"detail": "You do not have permission to perform this action."},
+                {"detail": "Only staff can delete skills."},
                 status=status.HTTP_403_FORBIDDEN
             )
 

users/tests/test_views.py

@@ -61,14 +61,13 @@ def test_update_other_profile(self):
         response = self.client.put(url, updated_data)
         self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
 
-    def test_update_match_skills_profile(self):
+    def test_update_unmatch_skills_profile(self):
         Skill.objects.create(
             skill_wikidata_item="Q123456789"
         )
 
         url = '/profile/' + str(self.user.pk) + '/'
         updated_data = {
-            'skills_known': [1],
             'skills_available': [1],
         }
         response = self.client.put(url, updated_data)

users/views.py

@@ -1,12 +1,14 @@
 from .models import Profile, Territory, Language, WikimediaProject
 from .serializers import ProfileSerializer, TerritorySerializer, LanguageSerializer, WikimediaProjectSerializer, UsersBySkillSerializer
-from rest_framework import status, viewsets
+from rest_framework import status, viewsets, filters
 from rest_framework.response import Response
 
 
 class UsersViewSet(viewsets.ModelViewSet):
     serializer_class = ProfileSerializer
     queryset = Profile.objects.all()
+    filter_backends = [filters.SearchFilter]
+    search_fields = ['user__username', 'user__email', 'display_name', 'about']
     http_method_names = ['get', 'head', 'options']
 
 
@@ -85,9 +87,9 @@ def retrieve(self, request, *args, **kwargs):
         available_users = Profile.objects.filter(skills_available=skill_id)
         wanted_users = Profile.objects.filter(skills_wanted=skill_id)
         data = {
-            'known': [user.id for user in known_users],
-            'available': [user.id for user in available_users],
-            'wanted': [user.id for user in wanted_users],
+            'known': [{'id': user.id, 'display_name': user.display_name, 'username': user.user.username, 'profile_image': user.profile_image} for user in known_users],
+            'available': [{'id': user.id, 'display_name': user.display_name, 'username': user.user.username, 'profile_image': user.profile_image} for user in available_users],
+            'wanted': [{'id': user.id, 'display_name': user.display_name, 'username': user.user.username, 'profile_image': user.profile_image} for user in wanted_users],
         }
         return Response(data)