Merge pull request #163 from taigaio/bug/1628/creating-memberships-with-invalid-role

Disabling membership creation if the role isn't valid for the project
2014-11-19 14:28:22 +01:00 · 2014-11-19 14:28:22 +01:00 · 145d959dae
parent 3d6863d6c1 d246808b54
commit 145d959dae
2 changed files with 29 additions and 4 deletions
--- a/taiga/projects/serializers.py
+++ b/taiga/projects/serializers.py
@ -187,6 +187,14 @@ class MembershipSerializer(ModelSerializer):

        return attrs

+    def validate_role(self, attrs, source):
+        project = attrs["project"]
+        role = attrs[source]
+
+        if project.roles.filter(id=role.id).count() == 0:
+            raise serializers.ValidationError(_("Invalid role for the project"))
+
+        return attrs

 class ProjectMembershipSerializer(ModelSerializer):
    role_name = serializers.CharField(source='role.name', required=False)
--- a/tests/integration/test_memberships.py
+++ b/tests/integration/test_memberships.py
@ -108,17 +108,34 @@ def test_api_invite_existing_user(client, outbox):
    assert message.to == [user.email]
    assert "Added to the project" in message.subject

-def test_api_create_invalid_membership(client):
-    "Should create the invitation linked to that user"
+
+def test_api_create_invalid_membership_email_failing(client):
+    "Should not create the invitation linked to that user"
    user = f.UserFactory.create()
    role = f.RoleFactory.create()
-
    client.login(role.project.owner)

    url = reverse("memberships-list")
    data = {"role": role.pk, "project": role.project.pk}

-    response = client.json.post(url, data)
+    response = client.json.post(url, json.dumps(data))

    assert response.status_code == 400, response.data
    assert user.memberships.count() == 0
+
+def test_api_create_invalid_membership_role_doesnt_exist_in_the_project(client):
+    "Should not create the invitation linked to that user"
+    user = f.UserFactory.create()
+    role = f.RoleFactory.create()
+    project = f.ProjectFactory.create()
+
+    client.login(project.owner)
+
+    url = reverse("memberships-list")
+    data = {"role": role.pk, "project": project.pk, "email": user.email}
+
+    response = client.json.post(url, json.dumps(data))
+
+    assert response.status_code == 400, response.data
+    assert response.data["role"][0] == "Invalid role for the project"
+    assert user.memberships.count() == 0