Merge pull request #3516 from FinnStutzenstein/delegateDelete
Allow to delete own motions
This commit is contained in:
commit
3271ff368c
@ -53,6 +53,7 @@ Motions:
|
|||||||
- Added new change recommendation type "other" [#3495].
|
- Added new change recommendation type "other" [#3495].
|
||||||
- Combined all boolean filters into one dropdown menu and added a filter
|
- Combined all boolean filters into one dropdown menu and added a filter
|
||||||
for amendments [#3501].
|
for amendments [#3501].
|
||||||
|
- Allow to delete own motions [#3516].
|
||||||
|
|
||||||
Elections:
|
Elections:
|
||||||
- Added pagination for list view [#3393].
|
- Added pagination for list view [#3393].
|
||||||
|
@ -553,7 +553,13 @@ angular.module('OpenSlidesApp.motions', [
|
|||||||
)
|
)
|
||||||
);
|
);
|
||||||
case 'delete':
|
case 'delete':
|
||||||
return operator.hasPerms('motions.can_manage');
|
return (
|
||||||
|
operator.hasPerms('motions.can_manage') ||
|
||||||
|
(
|
||||||
|
(_.indexOf(this.submitters, operator.user) !== -1) &&
|
||||||
|
this.state.allow_submitter_edit
|
||||||
|
)
|
||||||
|
);
|
||||||
case 'create_poll':
|
case 'create_poll':
|
||||||
return (
|
return (
|
||||||
operator.hasPerms('motions.can_manage') &&
|
operator.hasPerms('motions.can_manage') &&
|
||||||
|
@ -65,7 +65,7 @@ class MotionViewSet(ModelViewSet):
|
|||||||
"""
|
"""
|
||||||
if self.action in ('list', 'retrieve'):
|
if self.action in ('list', 'retrieve'):
|
||||||
result = self.get_access_permissions().check_permissions(self.request.user)
|
result = self.get_access_permissions().check_permissions(self.request.user)
|
||||||
elif self.action in ('metadata', 'partial_update', 'update'):
|
elif self.action in ('metadata', 'partial_update', 'update', 'destroy'):
|
||||||
result = has_perm(self.request.user, 'motions.can_see')
|
result = has_perm(self.request.user, 'motions.can_see')
|
||||||
# For partial_update and update requests the rest of the check is
|
# For partial_update and update requests the rest of the check is
|
||||||
# done in the update method. See below.
|
# done in the update method. See below.
|
||||||
@ -74,7 +74,7 @@ class MotionViewSet(ModelViewSet):
|
|||||||
has_perm(self.request.user, 'motions.can_create') and
|
has_perm(self.request.user, 'motions.can_create') and
|
||||||
(not config['motions_stop_submitting'] or
|
(not config['motions_stop_submitting'] or
|
||||||
has_perm(self.request.user, 'motions.can_manage')))
|
has_perm(self.request.user, 'motions.can_manage')))
|
||||||
elif self.action in ('destroy', 'manage_version', 'set_state', 'set_recommendation',
|
elif self.action in ('manage_version', 'set_state', 'set_recommendation',
|
||||||
'follow_recommendation', 'create_poll'):
|
'follow_recommendation', 'create_poll'):
|
||||||
result = (has_perm(self.request.user, 'motions.can_see') and
|
result = (has_perm(self.request.user, 'motions.can_see') and
|
||||||
has_perm(self.request.user, 'motions.can_manage'))
|
has_perm(self.request.user, 'motions.can_manage'))
|
||||||
@ -85,6 +85,19 @@ class MotionViewSet(ModelViewSet):
|
|||||||
result = False
|
result = False
|
||||||
return result
|
return result
|
||||||
|
|
||||||
|
def destroy(self, request, *args, **kwargs):
|
||||||
|
"""
|
||||||
|
Destroy is allowed if the user has manage permissions, or he is the submitter and
|
||||||
|
the current state allows to edit the motion.
|
||||||
|
"""
|
||||||
|
motion = self.get_object()
|
||||||
|
|
||||||
|
if (has_perm(request.user, 'motions.can_manage') or
|
||||||
|
motion.is_submitter(request.user) and motion.state.allow_submitter_edit):
|
||||||
|
return super().destroy(request, *args, **kwargs)
|
||||||
|
else:
|
||||||
|
raise ValidationError({'detail': _('You can not delete this motion.')})
|
||||||
|
|
||||||
def create(self, request, *args, **kwargs):
|
def create(self, request, *args, **kwargs):
|
||||||
"""
|
"""
|
||||||
Customized view endpoint to create a new motion.
|
Customized view endpoint to create a new motion.
|
||||||
|
Loading…
Reference in New Issue
Block a user