When creating a task with milestone and user_story associated checking the user_story is also associated to the milestone

2014-10-16 16:06:47 +02:00 · 2014-10-16 16:06:47 +02:00 · 6fc97cf99d
parent d6e987f18e
commit 6fc97cf99d
2 changed files with 27 additions and 3 deletions
--- a/taiga/projects/tasks/api.py
+++ b/taiga/projects/tasks/api.py
@ -52,13 +52,16 @@ class TaskViewSet(OCCResourceMixin, HistoryResourceMixin, WatchedResourceMixin,
        super().pre_conditions_on_save(obj)

        if obj.milestone and obj.milestone.project != obj.project:
-            raise exc.PermissionDenied(_("You don't have permissions for add/modify this task."))
+            raise exc.WrongArguments(_("You don't have permissions for add/modify this task."))

        if obj.user_story and obj.user_story.project != obj.project:
-            raise exc.PermissionDenied(_("You don't have permissions for add/modify this task."))
+            raise exc.WrongArguments(_("You don't have permissions for add/modify this task."))

        if obj.status and obj.status.project != obj.project:
-            raise exc.PermissionDenied(_("You don't have permissions for add/modify this task."))
+            raise exc.WrongArguments(_("You don't have permissions for add/modify this task."))
+
+        if obj.milestone and obj.user_story and obj.milestone != obj.user_story.milestone:
+            raise exc.WrongArguments(_("You don't have permissions for add/modify this task."))

    @list_route(methods=["POST"])
    def bulk_create(self, request, **kwargs):
--- a/tests/integration/test_tasks.py
+++ b/tests/integration/test_tasks.py
@ -61,3 +61,24 @@ def test_api_create_in_bulk_with_status(client):

    assert response.status_code == 200
    assert response.data[0]["status"] == us.project.default_task_status.id
+
+
+def test_api_create_invalid_task(client):
+    # Associated to a milestone and a user story.
+    # But the User Story is not associated with the milestone
+    us_milestone = f.MilestoneFactory.create()
+    us = f.create_userstory(milestone=us_milestone)
+    task_milestone = f.MilestoneFactory.create(project=us.project, owner=us.owner)
+
+    url = reverse("tasks-list")
+    data = {
+        "user_story": us.id,
+        "milestone": task_milestone.id,
+        "subject": "Testing subject",
+        "status": us.project.default_task_status.id,
+        "project": us.project.id
+    }
+
+    client.login(us.owner)
+    response = client.json.post(url, json.dumps(data))
+    assert response.status_code == 400