taiga
/
taiga-back
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Now taking care of delete_last_milestone permission

remotes/origin/enhancement/email-actions
Jesús Espino 2014-08-04 19:07:29 +02:00
parent 2e80668ba8
commit 64a8a137ab
2 changed files with 31 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
taiga/projects/milestones/permissions.py
View File

@ -15,7 +15,13 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
from taiga.base.api.permissions import (ResourcePermission, HasProjectPerm, from taiga.base.api.permissions import (ResourcePermission, HasProjectPerm,
IsProjectOwner, AllowAny) IsProjectOwner, AllowAny,
PermissionComponent)
class IsLastMilestone(PermissionComponent):
def check_permissions(self, request, view, obj=None):
return obj.project.milestones.filter(pk__gt=obj.pk).count() == 0
class MilestonePermission(ResourcePermission): class MilestonePermission(ResourcePermission):
@ -24,6 +30,6 @@ class MilestonePermission(ResourcePermission):
retrieve_perms = HasProjectPerm('view_milestones') retrieve_perms = HasProjectPerm('view_milestones')
create_perms = HasProjectPerm('add_milestone') create_perms = HasProjectPerm('add_milestone')
update_perms = HasProjectPerm('modify_milestone') update_perms = HasProjectPerm('modify_milestone')
destroy_perms = HasProjectPerm('delete_milestone') destroy_perms = HasProjectPerm('delete_milestone') | (HasProjectPerm('delete_last_milestone') & IsLastMilestone())
list_perms = AllowAny() list_perms = AllowAny()
stats_perms = HasProjectPerm('view_milestones') stats_perms = HasProjectPerm('view_milestones')

23
tests/integration/resources_permissions/test_milestones_resources.py
View File

@ -146,6 +146,29 @@ def test_milestone_delete(client, data):
assert results == [401, 403, 403, 204] assert results == [401, 403, 403, 204]
def test_milestone_delete_last_milestone(client, data):
url_not_last_milestone = reverse('milestones-detail', kwargs={"pk": data.public_milestone.pk})
data.public_milestone2 = f.MilestoneFactory(project=data.public_project)
url_last_milestone = reverse('milestones-detail', kwargs={"pk": data.public_milestone2.pk})
data.public_membership.role.permissions = list(filter(lambda x: x != "delete_milestone", data.public_membership.role.permissions))
data.public_membership.role.save()
users = [
None,
data.registered_user,
data.project_member_without_perms,
data.project_member_with_perms,
]
results = helper_test_http_method(client, 'delete', url_not_last_milestone, None, users)
assert results == [401, 403, 403, 403]
results = helper_test_http_method(client, 'delete', url_last_milestone, None, users)
assert results == [401, 403, 403, 204]
results = helper_test_http_method(client, 'delete', url_not_last_milestone, None, users)
assert results == [401, 403, 403, 204]
def test_milestone_list(client, data): def test_milestone_list(client, data):
url = reverse('milestones-list') url = reverse('milestones-list')