From 8891a52bdcf38338dec591090621a905a2d7375e Mon Sep 17 00:00:00 2001
From: Joshua Sangmeister <joshua.sangmeister@gmail.com>
Date: Thu, 8 Apr 2021 16:33:44 +0200
Subject: [PATCH] State and recommendation extension can be set with
 can_manage_metadata

---
 server/openslides/motions/views.py            |  9 ++++-
 .../tests/integration/motions/test_motions.py | 33 +++++++++++++++++++
 2 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/server/openslides/motions/views.py b/server/openslides/motions/views.py
index eab9d94d1..94fbfe5b4 100644
--- a/server/openslides/motions/views.py
+++ b/server/openslides/motions/views.py
@@ -273,7 +273,14 @@ class MotionViewSet(TreeSortMixin, ModelViewSet):
 
             if has_perm(request.user, "motions.can_manage_metadata"):
                 whitelist.extend(
-                    ("category_id", "motion_block_id", "origin", "supporters_id")
+                    (
+                        "category_id",
+                        "motion_block_id",
+                        "origin",
+                        "supporters_id",
+                        "state_extension",
+                        "recommendation_extension",
+                    )
                 )
 
             for key in keys:
diff --git a/server/tests/integration/motions/test_motions.py b/server/tests/integration/motions/test_motions.py
index 12a54f7bc..2653455af 100644
--- a/server/tests/integration/motions/test_motions.py
+++ b/server/tests/integration/motions/test_motions.py
@@ -2,6 +2,7 @@ import json
 
 import pytest
 from django.contrib.auth import get_user_model
+from django.contrib.auth.models import Permission
 from django.urls import reverse
 from rest_framework import status
 from rest_framework.test import APIClient
@@ -20,6 +21,7 @@ from openslides.motions.models import (
     Workflow,
 )
 from openslides.poll.models import BasePoll
+from openslides.utils.auth import get_group_model
 from openslides.utils.autoupdate import inform_changed_data
 from tests.common_groups import GROUP_ADMIN_PK, GROUP_DELEGATE_PK
 from tests.count_queries import count_queries
@@ -497,6 +499,37 @@ class UpdateMotion(TestCase):
         # Forbidden because of changed workflow state.
         self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
 
+    def test_patch_recommendation_extension(self):
+        group = get_group_model().objects.get(pk=GROUP_DELEGATE_PK)
+        group.permissions.clear()
+        group.permissions.add(
+            Permission.objects.get(
+                content_type__app_label="motions",
+                codename="can_see",
+            ),
+            Permission.objects.get(
+                content_type__app_label="motions",
+                codename="can_manage_metadata",
+            ),
+        )
+        group.save()
+        password = "test_password_lln8tep0UdxDvFDW"
+        user = get_user_model().objects.create_user(
+            username="test_username_cuZUI20g3AUbcFVC",
+            password=password,
+        )
+        user.groups.add(group)
+        user.save()
+        self.client.login(username=user.username, password=password)
+
+        response = self.client.patch(
+            reverse("motion-detail", args=[self.motion.pk]),
+            {"recommendation_extension": "extension"},
+        )
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        motion = Motion.objects.get()
+        self.assertEqual(motion.recommendation_extension, "extension")
+
 
 class DeleteMotion(TestCase):
     """