Fixed submitter check for anonymous users
This commit is contained in:
parent
59089ebef0
commit
e8dec048ef
@ -408,7 +408,11 @@ class Motion(RESTModelMixin, AgendaItemWithListOfSpeakersMixin, models.Model):
|
|||||||
def is_submitter(self, user):
|
def is_submitter(self, user):
|
||||||
"""
|
"""
|
||||||
Returns True if user is a submitter of this motion, else False.
|
Returns True if user is a submitter of this motion, else False.
|
||||||
|
Anonymous users cannot be submitters.
|
||||||
"""
|
"""
|
||||||
|
if isinstance(user, AnonymousUser):
|
||||||
|
return False
|
||||||
|
|
||||||
return self.submitters.filter(user=user).exists()
|
return self.submitters.filter(user=user).exists()
|
||||||
|
|
||||||
def is_supporter(self, user):
|
def is_supporter(self, user):
|
||||||
|
@ -576,6 +576,17 @@ class UpdateMotion(TestCase):
|
|||||||
self.assertEqual(motion.title, "test_title_aeng7ahChie3waiR8xoh")
|
self.assertEqual(motion.title, "test_title_aeng7ahChie3waiR8xoh")
|
||||||
self.assertEqual(motion.identifier, "test_identifier_jieseghohj7OoSah1Ko9")
|
self.assertEqual(motion.identifier, "test_identifier_jieseghohj7OoSah1Ko9")
|
||||||
|
|
||||||
|
def test_patch_as_anonymous_without_manage_perms(self):
|
||||||
|
config["general_system_enable_anonymous"] = True
|
||||||
|
guest_client = APIClient()
|
||||||
|
response = guest_client.patch(
|
||||||
|
reverse("motion-detail", args=[self.motion.pk]),
|
||||||
|
{"identifier": "test_identifier_4g2jgj1wrnmvvIRhtqqPO84WD"},
|
||||||
|
)
|
||||||
|
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
|
||||||
|
motion = Motion.objects.get()
|
||||||
|
self.assertEqual(motion.identifier, "1")
|
||||||
|
|
||||||
def test_patch_empty_text(self):
|
def test_patch_empty_text(self):
|
||||||
response = self.client.patch(
|
response = self.client.patch(
|
||||||
reverse("motion-detail", args=[self.motion.pk]), {"text": ""}, format="json"
|
reverse("motion-detail", args=[self.motion.pk]), {"text": ""}, format="json"
|
||||||
|
Loading…
Reference in New Issue
Block a user