Fixed submitter check for anonymous users

This commit is contained in:
FinnStutzenstein 2019-09-23 09:36:32 +02:00
parent 59089ebef0
commit e8dec048ef
2 changed files with 15 additions and 0 deletions

View File

@ -408,7 +408,11 @@ class Motion(RESTModelMixin, AgendaItemWithListOfSpeakersMixin, models.Model):
def is_submitter(self, user): def is_submitter(self, user):
""" """
Returns True if user is a submitter of this motion, else False. Returns True if user is a submitter of this motion, else False.
Anonymous users cannot be submitters.
""" """
if isinstance(user, AnonymousUser):
return False
return self.submitters.filter(user=user).exists() return self.submitters.filter(user=user).exists()
def is_supporter(self, user): def is_supporter(self, user):

View File

@ -576,6 +576,17 @@ class UpdateMotion(TestCase):
self.assertEqual(motion.title, "test_title_aeng7ahChie3waiR8xoh") self.assertEqual(motion.title, "test_title_aeng7ahChie3waiR8xoh")
self.assertEqual(motion.identifier, "test_identifier_jieseghohj7OoSah1Ko9") self.assertEqual(motion.identifier, "test_identifier_jieseghohj7OoSah1Ko9")
def test_patch_as_anonymous_without_manage_perms(self):
config["general_system_enable_anonymous"] = True
guest_client = APIClient()
response = guest_client.patch(
reverse("motion-detail", args=[self.motion.pk]),
{"identifier": "test_identifier_4g2jgj1wrnmvvIRhtqqPO84WD"},
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
motion = Motion.objects.get()
self.assertEqual(motion.identifier, "1")
def test_patch_empty_text(self): def test_patch_empty_text(self):
response = self.client.patch( response = self.client.patch(
reverse("motion-detail", args=[self.motion.pk]), {"text": ""}, format="json" reverse("motion-detail", args=[self.motion.pk]), {"text": ""}, format="json"