Allow to delete own motions.

This commit is contained in:
FinnStutzenstein 2017-12-15 09:26:57 +01:00 committed by Emanuel Schütze
parent 912876c895
commit a934ab3845
3 changed files with 23 additions and 3 deletions

View File

@ -53,6 +53,7 @@ Motions:
- Added new change recommendation type "other" [#3495].
- Combined all boolean filters into one dropdown menu and added a filter
for amendments [#3501].
- Allow to delete own motions [#3516].
Elections:
- Added pagination for list view [#3393].

View File

@ -553,7 +553,13 @@ angular.module('OpenSlidesApp.motions', [
)
);
case 'delete':
return operator.hasPerms('motions.can_manage');
return (
operator.hasPerms('motions.can_manage') ||
(
(_.indexOf(this.submitters, operator.user) !== -1) &&
this.state.allow_submitter_edit
)
);
case 'create_poll':
return (
operator.hasPerms('motions.can_manage') &&

View File

@ -65,7 +65,7 @@ class MotionViewSet(ModelViewSet):
"""
if self.action in ('list', 'retrieve'):
result = self.get_access_permissions().check_permissions(self.request.user)
elif self.action in ('metadata', 'partial_update', 'update'):
elif self.action in ('metadata', 'partial_update', 'update', 'destroy'):
result = has_perm(self.request.user, 'motions.can_see')
# For partial_update and update requests the rest of the check is
# done in the update method. See below.
@ -74,7 +74,7 @@ class MotionViewSet(ModelViewSet):
has_perm(self.request.user, 'motions.can_create') and
(not config['motions_stop_submitting'] or
has_perm(self.request.user, 'motions.can_manage')))
elif self.action in ('destroy', 'manage_version', 'set_state', 'set_recommendation',
elif self.action in ('manage_version', 'set_state', 'set_recommendation',
'follow_recommendation', 'create_poll'):
result = (has_perm(self.request.user, 'motions.can_see') and
has_perm(self.request.user, 'motions.can_manage'))
@ -85,6 +85,19 @@ class MotionViewSet(ModelViewSet):
result = False
return result
def destroy(self, request, *args, **kwargs):
"""
Destroy is allowed if the user has manage permissions, or he is the submitter and
the current state allows to edit the motion.
"""
motion = self.get_object()
if (has_perm(request.user, 'motions.can_manage') or
motion.is_submitter(request.user) and motion.state.allow_submitter_edit):
return super().destroy(request, *args, **kwargs)
else:
raise ValidationError({'detail': _('You can not delete this motion.')})
def create(self, request, *args, **kwargs):
"""
Customized view endpoint to create a new motion.