Fix bug #783: Verify email existence on membership objects

taiga/projects/serializers.py

@@ -93,6 +93,7 @@ class IssueTypeSerializer(ModelSerializer):
 class MembershipSerializer(ModelSerializer):
     role_name = serializers.CharField(source='role.name', required=False, read_only=True)
     full_name = serializers.CharField(source='user.get_full_name', required=False, read_only=True)
+    email = serializers.EmailField(required=True)
     color = serializers.CharField(source='user.color', required=False, read_only=True)
     photo = serializers.SerializerMethodField("get_photo")
     invited_by = serializers.SerializerMethodField("get_invited_by")

tests/integration/resources_permissions/test_projects_choices_resources.py

@@ -39,22 +39,27 @@ def data():
 
     m.public_membership = f.MembershipFactory(project=m.public_project,
                                           user=m.project_member_with_perms,
+                                          email=m.project_member_with_perms.email,
                                           role__project=m.public_project,
                                           role__permissions=list(map(lambda x: x[0], MEMBERS_PERMISSIONS)))
     m.private_membership1 = f.MembershipFactory(project=m.private_project1,
                                                 user=m.project_member_with_perms,
+                                                email=m.project_member_with_perms.email,
                                                 role__project=m.private_project1,
                                                 role__permissions=list(map(lambda x: x[0], MEMBERS_PERMISSIONS)))
     f.MembershipFactory(project=m.private_project1,
                         user=m.project_member_without_perms,
+                        email=m.project_member_without_perms.email,
                         role__project=m.private_project1,
                         role__permissions=[])
     m.private_membership2 = f.MembershipFactory(project=m.private_project2,
                                                 user=m.project_member_with_perms,
+                                                email=m.project_member_with_perms.email,
                                                 role__project=m.private_project2,
                                                 role__permissions=list(map(lambda x: x[0], MEMBERS_PERMISSIONS)))
     f.MembershipFactory(project=m.private_project2,
                         user=m.project_member_without_perms,
+                        email=m.project_member_without_perms.email,
                         role__project=m.private_project2,
                         role__permissions=[])
 

tests/integration/test_memberships.py

@@ -86,3 +86,18 @@ def test_api_invite_existing_user(client, outbox):
 
     assert message.to == [user.email]
     assert "Added to the project" in message.subject
+
+def test_api_create_invalid_membership(client):
+    "Should create the invitation linked to that user"
+    user = f.UserFactory.create()
+    role = f.RoleFactory.create()
+
+    client.login(role.project.owner)
+
+    url = reverse("memberships-list")
+    data = {"role": role.pk, "project": role.project.pk}
+
+    response = client.json.post(url, data)
+
+    assert response.status_code == 400, response.data
+    assert user.memberships.count() == 0