Merge pull request #2012 from boxwise/update-beta-levels

Update beta level management
boxwise · Mar 5, 2025 · 4cd3ba3 · 4cd3ba3
2 parents f13d25e + 03b5193
commit 4cd3ba3
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 9 deletions.
diff --git a/back/.gcloudignore b/back/.gcloudignore
@@ -25,6 +25,10 @@ Dockerfile
 docker-compose.yml
 .venv
 *.pyc
+.coverage
+htmlcov/
+.mypy_cache/
+.pytest_cache/
 .vscode
 .DS_Store
 venv/
@@ -33,3 +37,5 @@ requirements-deploy.txt
 test/
 scripts/
 README.md
+minimal.sql
+# init.sql is required for /cron/reseed-db
diff --git a/back/boxtribute_server/authz.py b/back/boxtribute_server/authz.py
@@ -332,21 +332,23 @@ def authorize_cross_organisation_access(
         "moveNotDeliveredBoxesInStock",
     ),
 }
-MUTATIONS_FOR_BETA_LEVEL[3] = MUTATIONS_FOR_BETA_LEVEL[2] + ("deleteBoxes",)
-MUTATIONS_FOR_BETA_LEVEL[4] = MUTATIONS_FOR_BETA_LEVEL[3] + (
+# Beta-level 3 also exists for statistics queries (see below)
+MUTATIONS_FOR_BETA_LEVEL[3] = MUTATIONS_FOR_BETA_LEVEL[2] + (
+    "deleteBoxes",
     "moveBoxesToLocation",
     "assignTagsToBoxes",
     "unassignTagsFromBoxes",
-    "createShareableLink",
 )
-MUTATIONS_FOR_BETA_LEVEL[5] = MUTATIONS_FOR_BETA_LEVEL[4] + (
+# Beta-level 4 also exists for FE display of ManageProducts
+MUTATIONS_FOR_BETA_LEVEL[4] = MUTATIONS_FOR_BETA_LEVEL[3] + (
     "createCustomProduct",
     "editCustomProduct",
     "deleteProduct",
     "enableStandardProduct",
     "editStandardProductInstantiation",
     "disableStandardProduct",
 )
+MUTATIONS_FOR_BETA_LEVEL[5] = MUTATIONS_FOR_BETA_LEVEL[4] + ("createShareableLink",)
 MUTATIONS_FOR_BETA_LEVEL[6] = MUTATIONS_FOR_BETA_LEVEL[5] + (
     # + mutations needed for bulk box creation
     "createTag",

diff --git a/back/boxtribute_server/routes.py b/back/boxtribute_server/routes.py
@@ -69,7 +69,7 @@ def public_api_server():
         return {"error": "No permission to access public API"}, 401
 
     log_request_to_gcloud(context=API_CONTEXT)
-    return execute_async(schema=public_api_schema, introspection=False)
+    return execute_async(schema=public_api_schema, introspection=True)
 
 
 @api_bp.post("/token")

diff --git a/back/test/unit_tests/test_authz.py b/back/test/unit_tests/test_authz.py
@@ -340,7 +340,8 @@ def test_check_beta_feature_access(mocker):
         "query { base(id: 1) { name } }", current_user=current_user
     )
 
-    # User with level 3 can additionally access statviz data
+    # User with level 3 can additionally access statviz data,
+    # and execute Box bulk actions
     current_user._max_beta_level = 3
     for mutation in ["deleteProduct", "createTag", "createBeneficiary"]:
         payload = f"mutation {{ {mutation} }}"
@@ -355,9 +356,9 @@ def test_check_beta_feature_access(mocker):
         "query { base(id: 1) { name } }", current_user=current_user
     )
 
-    # User with level 4 can additionally execute Box bulk actions
+    # User with level 4 can additionally access Product pages
     current_user._max_beta_level = 4
-    for mutation in ["deleteProduct", "createTag", "createBeneficiary"]:
+    for mutation in ["createShareableLink", "createTag", "createBeneficiary"]:
         payload = f"mutation {{ {mutation} }}"
         assert not check_user_beta_level(payload, current_user=current_user)
     for mutation in MUTATIONS_FOR_BETA_LEVEL[max_beta_level]:
@@ -370,7 +371,7 @@ def test_check_beta_feature_access(mocker):
         "query { base(id: 1) { name } }", current_user=current_user
     )
 
-    # User with level 5 can additionally access Product pages
+    # User with level 5 can additionally access create links
     current_user._max_beta_level = 5
     for mutation in ["createTag", "createBeneficiary"]:
         payload = f"mutation {{ {mutation} }}"