Merge pull request #3516 from FinnStutzenstein/delegateDelete

Allow to delete own motions
This commit is contained in:
Emanuel Schütze 2017-12-15 10:41:16 +01:00 committed by GitHub
commit 3271ff368c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 23 additions and 3 deletions

View File

@ -53,6 +53,7 @@ Motions:
- Added new change recommendation type "other" [#3495]. - Added new change recommendation type "other" [#3495].
- Combined all boolean filters into one dropdown menu and added a filter - Combined all boolean filters into one dropdown menu and added a filter
for amendments [#3501]. for amendments [#3501].
- Allow to delete own motions [#3516].
Elections: Elections:
- Added pagination for list view [#3393]. - Added pagination for list view [#3393].

View File

@ -553,7 +553,13 @@ angular.module('OpenSlidesApp.motions', [
) )
); );
case 'delete': case 'delete':
return operator.hasPerms('motions.can_manage'); return (
operator.hasPerms('motions.can_manage') ||
(
(_.indexOf(this.submitters, operator.user) !== -1) &&
this.state.allow_submitter_edit
)
);
case 'create_poll': case 'create_poll':
return ( return (
operator.hasPerms('motions.can_manage') && operator.hasPerms('motions.can_manage') &&

View File

@ -65,7 +65,7 @@ class MotionViewSet(ModelViewSet):
""" """
if self.action in ('list', 'retrieve'): if self.action in ('list', 'retrieve'):
result = self.get_access_permissions().check_permissions(self.request.user) result = self.get_access_permissions().check_permissions(self.request.user)
elif self.action in ('metadata', 'partial_update', 'update'): elif self.action in ('metadata', 'partial_update', 'update', 'destroy'):
result = has_perm(self.request.user, 'motions.can_see') result = has_perm(self.request.user, 'motions.can_see')
# For partial_update and update requests the rest of the check is # For partial_update and update requests the rest of the check is
# done in the update method. See below. # done in the update method. See below.
@ -74,7 +74,7 @@ class MotionViewSet(ModelViewSet):
has_perm(self.request.user, 'motions.can_create') and has_perm(self.request.user, 'motions.can_create') and
(not config['motions_stop_submitting'] or (not config['motions_stop_submitting'] or
has_perm(self.request.user, 'motions.can_manage'))) has_perm(self.request.user, 'motions.can_manage')))
elif self.action in ('destroy', 'manage_version', 'set_state', 'set_recommendation', elif self.action in ('manage_version', 'set_state', 'set_recommendation',
'follow_recommendation', 'create_poll'): 'follow_recommendation', 'create_poll'):
result = (has_perm(self.request.user, 'motions.can_see') and result = (has_perm(self.request.user, 'motions.can_see') and
has_perm(self.request.user, 'motions.can_manage')) has_perm(self.request.user, 'motions.can_manage'))
@ -85,6 +85,19 @@ class MotionViewSet(ModelViewSet):
result = False result = False
return result return result
def destroy(self, request, *args, **kwargs):
"""
Destroy is allowed if the user has manage permissions, or he is the submitter and
the current state allows to edit the motion.
"""
motion = self.get_object()
if (has_perm(request.user, 'motions.can_manage') or
motion.is_submitter(request.user) and motion.state.allow_submitter_edit):
return super().destroy(request, *args, **kwargs)
else:
raise ValidationError({'detail': _('You can not delete this motion.')})
def create(self, request, *args, **kwargs): def create(self, request, *args, **kwargs):
""" """
Customized view endpoint to create a new motion. Customized view endpoint to create a new motion.