Implement Core Business Logic, Authorization, and Workflow State Management

[Mohithreddy70]

Backend Implementation: Patent Management System (PMS) Core Logic

Description

This PR establishes the foundational backend architecture for the Patent Management System, focusing on enforcing business rules, securing data access, and managing complex application workflows.

Key Changes

• Workflow Engine: Implemented state-transition logic for patent applications (based on PMS-WF-101), supporting transitions from Draft to Submitted, Under Review, and Approved/Rejected/Needs Revision.
• Business Rule Enforcement: - Validation: Integrated BR-PMS-001 to ensure all mandatory fields (title, abstract, claims, etc.) are present before submission.
  • Sequential Review: Enforced BR-PMS-004, ensuring applications are director-approved before attorney assignment.
  • Budgeting: Added logic for cost-threshold checking and director escalation for financial approvals (BR-PMS-008).
• Access Control: Developed a role-based authorization system (BR-PMS-002) that restricts operations based on user roles such as Applicant, Director, or PCC_ADMIN.
• Document Management: Implemented revision locking (BR-PMS-006) to prevent applicants from editing documents unless the status is specifically 'Awaiting Revision'.
• Conflict of Interest (COI): Added automated checks to prevent directors or admins from reviewing applications where they are listed as inventors (BR-PMS-003).

Testing

• Unit tests for status transition logic and business rule validations.
• Integration tests for role-based endpoint security.

[FusionIIIT-Bot]

Congratulations for making your first Pull Request at Fusion!! 🎉 Someone from our team will review it soon.

[vikrantwiz02]

Code Review — Patent Management System Core Logic (Backend)

The architecture is the strongest part: services/selectors split is clean, TextChoices for status, custom exceptions with HTTP codes, audit logging, and a real test suite with YAML specs and CSV reports are all well above the bar. The issues are concentrated in role resolution (fuzzy matching, single-designation lookup) and a dangerous test DB config in development.py. See inline comments.

[vikrantwiz02]

_get_user_designation only checks the first designation — users with multiple roles will be misidentified. .first() returns an arbitrary single row. A user who holds both "Professor" and "PCC Admin" designations may have their PCC Admin role missed entirely, depending on query order. Check all designations:

def is_pcc_admin(user):
    return HoldsDesignation.objects.filter(
        user=user,
        designation__name__icontains="PCC",
    ).exists()

def is_director(user):
    return HoldsDesignation.objects.filter(
        user=user,
        designation__name__iexact="Director",
    ).exists()

[vikrantwiz02]

Fuzzy role check: "PCC" in designation.upper() is too broad. Any designation whose name happens to contain the letters "PCC" (e.g. a hypothetical "DPCC Officer") would be granted PCC Admin access. Use an exact or prefix match:

return designation.strip().lower() == "pcc admin"

[vikrantwiz02]

BR-PMS-003 (COI) is only enforced for the Director — not for PCC Admin. _check_director_conflict prevents a Director who is an inventor from reviewing, but there is no equivalent guard for assert_pcc_admin operations. If a PCC Admin is also listed as an inventor, they can review, forward, and manage the application without any COI block. Add a _check_pcc_admin_conflict call in the PCC review service functions.

[vikrantwiz02]

Migration instructions in a module docstring. The file-level docstring includes cd FusionIIIT && python manage.py makemigrations ... and raw SQL. Docstrings appear in help(), IDEs, and generated docs — they are not the right place for deployment instructions. Move these to the PR description, a CONTRIBUTING.md, or a standalone migration file.

[vikrantwiz02]

PORT: '5433' is a personal dev machine setting — the standard Postgres port is 5432. Committing a non-standard port breaks every other developer's local setup without any explanation. Remove this line; if your local Postgres runs on a different port, override it via an environment variable:

'PORT': os.environ.get('DB_PORT', '5432'),

[vikrantwiz02]

DATABASES['default']['TEST'] = {'MIRROR': 'default'} is dangerous. The MIRROR key tells Django to run tests against the live default database instead of creating an isolated test database. Running manage.py test with this config will read from and potentially write to real data. Remove this block entirely — without MIRROR, Django creates a separate test_fusionlab database automatically.

[vikrantwiz02]

Unrelated migration in a different app modified by this PR. A new dependency ('academic_procedures', '0001_initial') is added to programme_curriculum's migration 0026, which originally had no such dependency. This is unrelated to the patent system. Any branch that lacks academic_procedures 0001_initial will now fail to migrate. Revert this change to programme_curriculum/migrations/0026_add_database_indexes.py — it should not be part of a patent module PR.

[vikrantwiz02]

Code-generation script committed to repo root. setup_tests.py is a script that writes the content of runner.py to disk. It should not be in the repo — runner.py is already committed directly. Remove this file.