From a934ab38455960be4789a9126edf5d22c065a307 Mon Sep 17 00:00:00 2001 From: FinnStutzenstein Date: Fri, 15 Dec 2017 09:26:57 +0100 Subject: [PATCH] Allow to delete own motions. --- CHANGELOG | 1 + openslides/motions/static/js/motions/base.js | 8 +++++++- openslides/motions/views.py | 17 +++++++++++++++-- 3 files changed, 23 insertions(+), 3 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index e72beb753..60d4b294d 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -53,6 +53,7 @@ Motions: - Added new change recommendation type "other" [#3495]. - Combined all boolean filters into one dropdown menu and added a filter for amendments [#3501]. +- Allow to delete own motions [#3516]. Elections: - Added pagination for list view [#3393]. diff --git a/openslides/motions/static/js/motions/base.js b/openslides/motions/static/js/motions/base.js index 23f07e568..596739839 100644 --- a/openslides/motions/static/js/motions/base.js +++ b/openslides/motions/static/js/motions/base.js @@ -553,7 +553,13 @@ angular.module('OpenSlidesApp.motions', [ ) ); case 'delete': - return operator.hasPerms('motions.can_manage'); + return ( + operator.hasPerms('motions.can_manage') || + ( + (_.indexOf(this.submitters, operator.user) !== -1) && + this.state.allow_submitter_edit + ) + ); case 'create_poll': return ( operator.hasPerms('motions.can_manage') && diff --git a/openslides/motions/views.py b/openslides/motions/views.py index 8ab4f390f..1e04f2e28 100644 --- a/openslides/motions/views.py +++ b/openslides/motions/views.py @@ -65,7 +65,7 @@ class MotionViewSet(ModelViewSet): """ if self.action in ('list', 'retrieve'): result = self.get_access_permissions().check_permissions(self.request.user) - elif self.action in ('metadata', 'partial_update', 'update'): + elif self.action in ('metadata', 'partial_update', 'update', 'destroy'): result = has_perm(self.request.user, 'motions.can_see') # For partial_update and update requests the rest of the check is # done in the update method. See below. @@ -74,7 +74,7 @@ class MotionViewSet(ModelViewSet): has_perm(self.request.user, 'motions.can_create') and (not config['motions_stop_submitting'] or has_perm(self.request.user, 'motions.can_manage'))) - elif self.action in ('destroy', 'manage_version', 'set_state', 'set_recommendation', + elif self.action in ('manage_version', 'set_state', 'set_recommendation', 'follow_recommendation', 'create_poll'): result = (has_perm(self.request.user, 'motions.can_see') and has_perm(self.request.user, 'motions.can_manage')) @@ -85,6 +85,19 @@ class MotionViewSet(ModelViewSet): result = False return result + def destroy(self, request, *args, **kwargs): + """ + Destroy is allowed if the user has manage permissions, or he is the submitter and + the current state allows to edit the motion. + """ + motion = self.get_object() + + if (has_perm(request.user, 'motions.can_manage') or + motion.is_submitter(request.user) and motion.state.allow_submitter_edit): + return super().destroy(request, *args, **kwargs) + else: + raise ValidationError({'detail': _('You can not delete this motion.')}) + def create(self, request, *args, **kwargs): """ Customized view endpoint to create a new motion.