Only Foundation admins can update the 'name' fields of official vendors

Once a vendor is registered and approved by the Foundation to become an
official vendor, only Foundation admins can make change to its vendor
name field.  This is to ensure that the Foundation will be aware of any
vendor identity (name) change.

Change-Id: Ia761707457091ce39fd1281ab5010e0456f779cc

refstack-ui/app/components/vendors/partials/vendorEditModal.html

@@ -7,7 +7,8 @@
     <div class="modal-body">
         <div class="form-group">
             <label for="name">Name</label>
-            <input type="text"
+            <input ng-disabled="modal.vendor.type==3 && !modal.isAdmin"
+                   type="text"
                    class="form-control"
                    id="name"
                    ng-model="modal.vendor.name">

refstack-ui/app/components/vendors/vendorController.js

@@ -249,6 +249,7 @@
         .controller('VendorEditModalController', VendorEditModalController);
 
     VendorEditModalController.$inject = [
+        '$rootScope',
         '$uibModalInstance', '$http', '$state', 'vendor', 'refstackApiUrl'
     ];
 
@@ -256,8 +257,8 @@
      * Vendor Edit Modal Controller
      * This controls the modal that allows editing a vendor.
      */
-    function VendorEditModalController($uibModalInstance, $http, $state,
-        vendor, refstackApiUrl) {
+    function VendorEditModalController($rootScope, $uibModalInstance, $http,
+        $state, vendor, refstackApiUrl) {
 
         var ctrl = this;
 
@@ -267,7 +268,9 @@
         ctrl.removeProperty = removeProperty;
 
         ctrl.vendor = vendor;
+        ctrl.vendorName = vendor.name;
         ctrl.vendorProperties = [];
+        ctrl.isAdmin = $rootScope.auth.currentUser.is_admin;
 
         parseVendorProperties();
 
@@ -294,9 +297,11 @@
             ctrl.showSuccess = false;
             var url = [refstackApiUrl, '/vendors/', ctrl.vendor.id].join('');
             var properties = propertiesToJson();
-            var content = {'name': ctrl.vendor.name,
-                           'description': ctrl.vendor.description,
+            var content = {'description': ctrl.vendor.description,
                            'properties': properties};
+            if (ctrl.vendorName != ctrl.vendor.name) {
+                content.name = ctrl.vendor.name;
+            }
             $http.put(url, content).success(function() {
                 ctrl.showSuccess = true;
                 $state.reload();

refstack-ui/tests/unit/ControllerSpec.js

@@ -961,21 +961,27 @@ describe('Refstack controllers', function () {
     });
 
     describe('VendorEditModalController', function() {
-        var ctrl, modalInstance, state;
+        var rootScope, ctrl, modalInstance, state;
         var fakeVendor = {'name': 'Foo', 'description': 'Bar', 'id': '1234',
                           'properties': {'key1': 'value1', 'key2': 'value2'}};
 
-        beforeEach(inject(function ($controller) {
+        beforeEach(inject(function ($controller, $rootScope) {
             modalInstance = {
                 dismiss: jasmine.createSpy('modalInstance.dismiss')
             };
             state = {
                 reload: jasmine.createSpy('state.reload')
             };
+            rootScope = $rootScope.$new();
+            rootScope.auth = {'currentUser' : {'is_admin': true,
+                                               'openid': 'foo'}
+                             };
             ctrl = $controller('VendorEditModalController',
-                {$uibModalInstance: modalInstance, $state: state,
+                {$rootScope: rootScope,
+                 $uibModalInstance: modalInstance, $state: state,
                  vendor: fakeVendor}
             );
+
         }));
 
         it('should be able to add/remove properties',
@@ -995,12 +1001,13 @@ describe('Refstack controllers', function () {
         it('should have a function to save changes',
             function () {
                 var expectedContent = {
-                    'name': 'Foo', 'description': 'Bar',
+                    'name': 'Foo1', 'description': 'Bar',
                     'properties': {'key1': 'value1', 'key2': 'value2'}
                 };
                 $httpBackend.expectPUT(
                     fakeApiUrl + '/vendors/1234', expectedContent)
                     .respond(200, '');
+                ctrl.vendor.name = 'Foo1';
                 ctrl.saveChanges();
                 $httpBackend.flush();
             });

refstack/api/controllers/vendors.py

@@ -115,22 +115,26 @@ class VendorsController(validation.BaseRestControllerWithValidation):
     @pecan.expose('json', method='PUT')
     def put(self, vendor_id, **kw):
         """Handler for update item. Should return full info with updates."""
-        is_admin = (api_utils.check_user_is_foundation_admin()
+        is_foundation_admin = api_utils.check_user_is_foundation_admin()
+        is_admin = (is_foundation_admin
                     or api_utils.check_user_is_vendor_admin(vendor_id))
         if not is_admin:
             pecan.abort(403, 'Forbidden.')
-
         vendor_info = {'id': vendor_id}
+        vendor = db.get_organization(vendor_id)
         if 'name' in kw:
+            if (vendor['type'] == const.OFFICIAL_VENDOR and
+                    not is_foundation_admin):
+                pecan.abort(
+                    403, 'Name change for an official vendor is not allowed.')
             vendor_info['name'] = kw['name']
         if 'description' in kw:
             vendor_info['description'] = kw['description']
         if 'properties' in kw:
             vendor_info['properties'] = json.dumps(kw['properties'])
-        db.update_organization(vendor_info)
+        vendor = db.update_organization(vendor_info)
 
         pecan.response.status = 200
-        vendor = db.get_organization(vendor_id)
         vendor['can_manage'] = True
         return vendor
 

refstack/db/sqlalchemy/api.py

@@ -441,6 +441,7 @@ def update_organization(organization_info):
         organization.properties = organization_info.get(
             'properties', organization.properties)
         organization.save(session=session)
+        return _to_dict(organization)
 
 
 def get_organization(organization_id, allowed_keys=None):