Merge pull request #3518 from FinnStutzenstein/delegateDelete
fixed ValidationError
This commit is contained in:
commit
541e1edb27
@ -67,7 +67,7 @@ class MotionViewSet(ModelViewSet):
|
|||||||
result = self.get_access_permissions().check_permissions(self.request.user)
|
result = self.get_access_permissions().check_permissions(self.request.user)
|
||||||
elif self.action in ('metadata', 'partial_update', 'update', 'destroy'):
|
elif self.action in ('metadata', 'partial_update', 'update', 'destroy'):
|
||||||
result = has_perm(self.request.user, 'motions.can_see')
|
result = has_perm(self.request.user, 'motions.can_see')
|
||||||
# For partial_update and update requests the rest of the check is
|
# For partial_update, update and delete requests the rest of the check is
|
||||||
# done in the update method. See below.
|
# done in the update method. See below.
|
||||||
elif self.action == 'create':
|
elif self.action == 'create':
|
||||||
result = (has_perm(self.request.user, 'motions.can_see') and
|
result = (has_perm(self.request.user, 'motions.can_see') and
|
||||||
@ -92,11 +92,11 @@ class MotionViewSet(ModelViewSet):
|
|||||||
"""
|
"""
|
||||||
motion = self.get_object()
|
motion = self.get_object()
|
||||||
|
|
||||||
if (has_perm(request.user, 'motions.can_manage') or
|
if not ((has_perm(request.user, 'motions.can_manage') or
|
||||||
motion.is_submitter(request.user) and motion.state.allow_submitter_edit):
|
motion.is_submitter(request.user) and motion.state.allow_submitter_edit)):
|
||||||
|
self.permission_denied(request)
|
||||||
|
|
||||||
return super().destroy(request, *args, **kwargs)
|
return super().destroy(request, *args, **kwargs)
|
||||||
else:
|
|
||||||
raise ValidationError({'detail': _('You can not delete this motion.')})
|
|
||||||
|
|
||||||
def create(self, request, *args, **kwargs):
|
def create(self, request, *args, **kwargs):
|
||||||
"""
|
"""
|
||||||
|
@ -9,7 +9,13 @@ from rest_framework.test import APIClient
|
|||||||
|
|
||||||
from openslides.core.config import config
|
from openslides.core.config import config
|
||||||
from openslides.core.models import Tag
|
from openslides.core.models import Tag
|
||||||
from openslides.motions.models import Category, Motion, MotionBlock, State
|
from openslides.motions.models import (
|
||||||
|
Category,
|
||||||
|
Motion,
|
||||||
|
MotionBlock,
|
||||||
|
State,
|
||||||
|
Workflow,
|
||||||
|
)
|
||||||
from openslides.users.models import Group
|
from openslides.users.models import Group
|
||||||
from openslides.utils.autoupdate import inform_changed_data
|
from openslides.utils.autoupdate import inform_changed_data
|
||||||
from openslides.utils.test import TestCase
|
from openslides.utils.test import TestCase
|
||||||
@ -598,6 +604,58 @@ class UpdateMotion(TestCase):
|
|||||||
self.assertEqual(motion.versions.count(), 1)
|
self.assertEqual(motion.versions.count(), 1)
|
||||||
|
|
||||||
|
|
||||||
|
class DeleteMotion(TestCase):
|
||||||
|
"""
|
||||||
|
Tests deleting motions.
|
||||||
|
"""
|
||||||
|
def setUp(self):
|
||||||
|
self.client = APIClient()
|
||||||
|
self.client.login(username='admin', password='admin')
|
||||||
|
self.admin = get_user_model().objects.get(username='admin')
|
||||||
|
self.motion = Motion(
|
||||||
|
title='test_title_acle3fa93l11lwlkcc31',
|
||||||
|
text='test_text_f390sjfyycj29ss56sro')
|
||||||
|
self.motion.save()
|
||||||
|
|
||||||
|
def test_simple_delete(self):
|
||||||
|
response = self.client.delete(
|
||||||
|
reverse('motion-detail', args=[self.motion.pk]))
|
||||||
|
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
|
||||||
|
motions = Motion.objects.count()
|
||||||
|
self.assertEqual(motions, 0)
|
||||||
|
|
||||||
|
def make_admin_delegate(self):
|
||||||
|
group_staff = self.admin.groups.get(name='Staff')
|
||||||
|
group_delegates = Group.objects.get(name='Delegates')
|
||||||
|
self.admin.groups.remove(group_staff)
|
||||||
|
self.admin.groups.add(group_delegates)
|
||||||
|
inform_changed_data(self.admin)
|
||||||
|
|
||||||
|
def put_motion_in_complex_workflow(self):
|
||||||
|
workflow = Workflow.objects.get(name='Complex Workflow')
|
||||||
|
self.motion.reset_state(workflow=workflow)
|
||||||
|
self.motion.save()
|
||||||
|
|
||||||
|
def test_delete_foreign_motion_as_delegate(self):
|
||||||
|
self.make_admin_delegate()
|
||||||
|
self.put_motion_in_complex_workflow()
|
||||||
|
|
||||||
|
response = self.client.delete(
|
||||||
|
reverse('motion-detail', args=[self.motion.pk]))
|
||||||
|
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
|
||||||
|
|
||||||
|
def test_delete_own_motion_as_delegate(self):
|
||||||
|
self.make_admin_delegate()
|
||||||
|
self.put_motion_in_complex_workflow()
|
||||||
|
self.motion.submitters.add(self.admin)
|
||||||
|
|
||||||
|
response = self.client.delete(
|
||||||
|
reverse('motion-detail', args=[self.motion.pk]))
|
||||||
|
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
|
||||||
|
motions = Motion.objects.count()
|
||||||
|
self.assertEqual(motions, 0)
|
||||||
|
|
||||||
|
|
||||||
class ManageVersion(TestCase):
|
class ManageVersion(TestCase):
|
||||||
"""
|
"""
|
||||||
Tests permitting and deleting versions.
|
Tests permitting and deleting versions.
|
||||||
|
Loading…
Reference in New Issue
Block a user