Merge pull request #3516 from FinnStutzenstein/delegateDelete

Allow to delete own motions
2017-12-15 10:41:16 +01:00 · 2017-12-15 10:41:16 +01:00 · 3271ff368c
commit 3271ff368c
parent 0abda3f344 a934ab3845
3 changed files with 23 additions and 3 deletions
--- a/1
+++ b/1
@ -53,6 +53,7 @@ Motions:
 - Added new change recommendation type "other" [#3495].
 - Combined all boolean filters into one dropdown menu and added a filter
  for amendments [#3501].
+- Allow to delete own motions [#3516].

 Elections:
 - Added pagination for list view [#3393].
--- a/openslides/motions/static/js/motions/base.js
+++ b/openslides/motions/static/js/motions/base.js
@ -553,7 +553,13 @@ angular.module('OpenSlidesApp.motions', [
                                )
                            );
                        case 'delete':
-                            return operator.hasPerms('motions.can_manage');
+                            return (
+                                operator.hasPerms('motions.can_manage') ||
+                                (
+                                    (_.indexOf(this.submitters, operator.user) !== -1) &&
+                                    this.state.allow_submitter_edit
+                                )
+                            );
                        case 'create_poll':
                            return (
                                operator.hasPerms('motions.can_manage') &&
--- a/openslides/motions/views.py
+++ b/openslides/motions/views.py
@ -65,7 +65,7 @@ class MotionViewSet(ModelViewSet):
        """
        if self.action in ('list', 'retrieve'):
            result = self.get_access_permissions().check_permissions(self.request.user)
-        elif self.action in ('metadata', 'partial_update', 'update'):
+        elif self.action in ('metadata', 'partial_update', 'update', 'destroy'):
            result = has_perm(self.request.user, 'motions.can_see')
            # For partial_update and update requests the rest of the check is
            # done in the update method. See below.
@ -74,7 +74,7 @@ class MotionViewSet(ModelViewSet):
                      has_perm(self.request.user, 'motions.can_create') and
                      (not config['motions_stop_submitting'] or
                       has_perm(self.request.user, 'motions.can_manage')))
-        elif self.action in ('destroy', 'manage_version', 'set_state', 'set_recommendation',
+        elif self.action in ('manage_version', 'set_state', 'set_recommendation',
                             'follow_recommendation', 'create_poll'):
            result = (has_perm(self.request.user, 'motions.can_see') and
                      has_perm(self.request.user, 'motions.can_manage'))
@ -85,6 +85,19 @@ class MotionViewSet(ModelViewSet):
            result = False
        return result

+    def destroy(self, request, *args, **kwargs):
+        """
+        Destroy is allowed if the user has manage permissions, or he is the submitter and
+        the current state allows to edit the motion.
+        """
+        motion = self.get_object()
+
+        if (has_perm(request.user, 'motions.can_manage') or
+                motion.is_submitter(request.user) and motion.state.allow_submitter_edit):
+            return super().destroy(request, *args, **kwargs)
+        else:
+            raise ValidationError({'detail': _('You can not delete this motion.')})
+
    def create(self, request, *args, **kwargs):
        """
        Customized view endpoint to create a new motion.