Fixed create view for non staff users, fixed #1670.

This commit is contained in:
Norman Jäckel 2015-11-18 01:20:49 +01:00
parent 2417549755
commit 2063dcff51
2 changed files with 16 additions and 1 deletions

View File

@ -82,7 +82,7 @@ class MotionViewSet(ModelViewSet):
"""
# Check permission to send submitter and supporter data.
if (not request.user.has_perm('motions.can_manage') and
(request.data.getlist('submitters') or request.data.getlist('supporters'))):
(request.data.get('submitters_id') or request.data.get('supporters_id'))):
# Non-staff users are not allowed to send submitter or supporter data.
self.permission_denied(request)

View File

@ -120,6 +120,21 @@ class CreateMotion(TestCase):
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertEqual(Motion.objects.get().state.workflow_id, 2)
def test_non_admin(self):
"""
Test to create a motion by a delegate, non staff user.
"""
self.admin = get_user_model().objects.get(username='admin')
self.admin.groups.add(3)
self.admin.groups.remove(4)
response = self.client.post(
reverse('motion-list'),
{'title': 'test_title_peiJozae0luew9EeL8bo',
'text': 'test_text_eHohS8ohr5ahshoah8Oh'})
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
class UpdateMotion(TestCase):
"""