Feature/unit tests services

[Vanshita Suryavanshi (Vanshi-ta)]

Note

High Risk
Medium-to-high risk because it introduces a new product app with public CRUD endpoints and connects to MongoDB at import time via environment-driven settings (plus ALLOWED_HOSTS = ["*"]). Also adds REST_FRAMEWORK token auth config without adding djangorestframework, which may break startup/deploys.

Overview
Adds a new product Django app backed by MongoEngine, including Product/ProductCategory documents, repository/service layers, and JSON API endpoints for CRUD, filtering/pagination/sorting, category-product assignment, and CSV bulk upload.

Updates Django wiring to connect to MongoDB via env vars (with a separate test connection), registers the app routes in urls.py, opens ALLOWED_HOSTS to *, and adds token-auth configuration under REST_FRAMEWORK. Includes extensive unit/integration tests for services and API endpoints, plus scripts for seeding data, running tests, and migrating existing product/category data; housekeeping updates add ignores for venv/cache/coverage and add mongoengine to requirements.txt.

^{Reviewed by Cursor Bugbot for commit 07ed103. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 4 potential issues.

^{Bugbot Autofix is ON, but it could not run because the branch was deleted or merged before autofix could start.}

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit 07ed103. Configure here.}

[cursor]

Unhandled ValueError in category DELETE view handler

High Severity

The category_detail view's DELETE handler calls product_category_service.delete_category(), which raises ValueError("Cannot delete category with existing products") when the category has associated products. However, unlike the PUT handler (which wraps its call in try/except ValueError), the DELETE handler has no exception handling. This results in an unhandled 500 error reaching the user instead of a proper 400 response.

Additional Locations (1)

• backend/python/product/services/product_category_service.py#L42-L49

 

^{Reviewed by Cursor Bugbot for commit 07ed103. Configure here.}

[cursor]

Error message references wrong MongoDB port number

Medium Severity

check_mongo() correctly checks port 27019 (matching docker-compose.yaml), but the error message on failure says "MongoDB is not running on localhost:27017". This misleads developers into thinking the wrong port is expected, when the actual host port is 27019.

Additional Locations (1)

• backend/python/scripts/run_tests.py#L8-L9

 

^{Reviewed by Cursor Bugbot for commit 07ed103. Configure here.}

[cursor]

Duplicate category resolution in service and repository layers

Medium Severity

product_service.update_product resolves data["category"] from a string ID to a ProductCategory object and mutates the dict in-place. Then product_repository.update_product receives the same dict and tries to do ProductCategory.objects(id=data["category"]) where the value is now a ProductCategory object, not a string ID. This causes a redundant DB query and relies on MongoEngine implicitly extracting the pk from a Document object in a query filter.

Additional Locations (1)

• backend/python/product/repositories/product_repository.py#L109-L114

 

^{Reviewed by Cursor Bugbot for commit 07ed103. Configure here.}

[cursor]

Serializer omits description and warehouse_quantity fields

Medium Severity

serialize_product is the sole product serializer used across all endpoints, yet it omits description and warehouse_quantity from the returned dict. Both fields exist on the Product model, are accepted during creation and update, and are validated (e.g., warehouse_quantity must be non-negative). Clients can write these fields but never read them back through any API response.

 

^{Reviewed by Cursor Bugbot for commit 07ed103. Configure here.}