REV-2575: add orders app with endpoint to retrieve order info from ecommerce #24
Conversation
dianekaplan
changed the title
dianekaplan
force-pushed
the
dianekaplan/REV-2575_order_history_clean
branch
from
d904a1a to
5f8de03
Compare
dianekaplan
force-pushed
the
dianekaplan/REV-2575_order_history_clean
branch
7 times, most recently
from
ab19b4e to
0d330b4
Compare
dianekaplan
force-pushed
the
dianekaplan/REV-2575_order_history_clean
branch
from
19c0a5d to
37212d9
Compare
dianekaplan
force-pushed
the
dianekaplan/REV-2575_order_history_clean
branch
from
f16f5f6 to
a097604
Compare
dianekaplan
force-pushed
the
dianekaplan/REV-2575_order_history_clean
branch
from
a097604 to
7ef427b
Compare
inventhouse
left a comment
inventhouse
left a comment
There was a problem hiding this comment.
Overall excellent work; a little feedback to consider, let me know if you have questions or want to chat about any of it.
|
|
||
| # Create superuser | ||
| echo -e "${GREEN}Creating super-user for ${name}...${NC}" | ||
| docker exec -t commerce-coordinator.app bash -c "echo 'from django.contrib.auth import get_user_model; User = get_user_model(); User.objects.create_superuser(\"edx\", \"[email protected]\", \"edx\") if not User.objects.filter(username=\"edx\").exists() else None' | python /edx/app/${name}/manage.py shell" |
There was a problem hiding this comment.
We may not want to delete these things, or, at least, we may want them back when we do move commerce-coordinator into a container
There was a problem hiding this comment.
Good call- I've saved it out in our share drive for future reference when the time comes: https://docs.google.com/document/d/1mu2VP7wh0E4oZhwURqCaVrOGDaYjtnYg204hl-7ybs0/edit
Shout it out if you think it would be better to keep this in the file just commented out, but this way seems cleaner for now since it's not in use.
There was a problem hiding this comment.
I think leaving them commented-out in the file with a brief comment saying to put them back when we move development into docker would be best, it's easy to lose track of an external doc somewhere.
There was a problem hiding this comment.
If that's the case, can we make them 2 files? Maybe make this something like local-provision-commerce-coordinator.sh so we can reference it in the README.md to properly set up the devstack auth on local.
There was a problem hiding this comment.
ah I like that idea- thanks Phil! Done now, and updated README accordingly
dianekaplan
force-pushed
the
dianekaplan/REV-2575_order_history_clean
branch
5 times, most recently
from
9b02b40 to
16a5fe8
Compare
dianekaplan
force-pushed
the
dianekaplan/REV-2575_order_history_clean
branch
3 times, most recently
from
dd7e237 to
a94398c
Compare
…nd refer to it from clients.py
dianekaplan
force-pushed
the
dianekaplan/REV-2575_order_history_clean
branch
from
a94398c to
dedeba1
Compare
dianekaplan
force-pushed
the
dianekaplan/REV-2575_order_history_clean
branch
from
6b0b6fe to
812bbf2
Compare
dianekaplan
changed the title
dianekaplan
force-pushed
the
dianekaplan/REV-2575_order_history_clean
branch
from
50fbc33 to
8fc0333
Compare
dianekaplan
changed the title
inventhouse
left a comment
inventhouse
left a comment
There was a problem hiding this comment.
Recommend keeping the docker stuff in the file, otherwise looks good!
|
|
||
| # Create superuser | ||
| echo -e "${GREEN}Creating super-user for ${name}...${NC}" | ||
| docker exec -t commerce-coordinator.app bash -c "echo 'from django.contrib.auth import get_user_model; User = get_user_model(); User.objects.create_superuser(\"edx\", \"[email protected]\", \"edx\") if not User.objects.filter(username=\"edx\").exists() else None' | python /edx/app/${name}/manage.py shell" |
There was a problem hiding this comment.
I think leaving them commented-out in the file with a brief comment saying to put them back when we move development into docker would be best, it's easy to lose track of an external doc somewhere.
pshiu
left a comment
pshiu
left a comment
There was a problem hiding this comment.
Looks good to me, nice work Diane! Just an observation that I think right now, anyone can query the order status of any other user, so we may need to figure out authentication in a later PR.
| self.mock_response = sample_response | ||
|
|
||
| @patch('commerce_coordinator.apps.orders.clients.EcommerceApiClient.get_orders') | ||
| def test_EcommerceApiClient(self, mock_response): |
There was a problem hiding this comment.
It can be confusing in terms of consistency throughout the whole project to use both underscore and camel case in a function name?
There was a problem hiding this comment.
https://peps.python.org/pep-0008/#function-and-variable-names
^ Not sure if it applies to test functions
There was a problem hiding this comment.
goooooood question..... I'd imagined I should use the name of the thing I'm testing (which has a camel case name), but you're right: I'm looking at examples in ecommerce it looks like we keep camel case for the test class name (if applicable) and underscores for test names- good catch! Updated now!
dianekaplan
force-pushed
the
dianekaplan/REV-2575_order_history_clean
branch
from
ce19558 to
e61a400
Compare
Thanks Phil- you are correct! I just checked manually, and even though the ecommerce OrderViewset filter_queryset gives a PermissionDenied if a non-staff user tries to see another's orders, you're right: when I log in as a new user locally and look up orders for an admin directly on the commerce-coordinator endpoint test view (link below), I do see the results! When the order history page makes the request, it's getting the authenticated user to pass along, so the potential vulnerability would be with the commerce-coordinator view url, and making sure only staff accounts can access this. I've logged this work here: https://openedx.atlassian.net/browse/REV-2708 |
Description: Add an orders app that'll be used for communication around order retrieval. The first endpoint will be to request order information for a user, but in the future we'll add another (or modify this one) to be able to call an external provider for a user's orders.
JIRA: Link to JIRA ticket
Installation instructions:
Testing instructions:
Test the endpoint: with this branch, go to the new endpoint test page, specifying a user that has orders in your local environment: http://localhost:8140/orders/order_history/?username=edx&page=1&page_size=20
Test via order history page: With this branch in progress, the order history page can go through this new endpoint to get the orders info.
Order history via CC endpoint:
Order history via ecommerce:
