From a0a47ead2b4bb2eaf3ac801197e6ba39e2baa3d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=81lex=20Hermida?= <alexhermida@gmail.com>
Date: Fri, 21 Sep 2018 13:53:02 +0200
Subject: [PATCH] Add allowed sections to project settings serializer

---
 taiga/projects/settings/serializers.py     | 18 +++++++++++++-----
 tests/integration/test_project_settings.py | 10 +++++-----
 2 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/taiga/projects/settings/serializers.py b/taiga/projects/settings/serializers.py
index ce9ac582..dd10cbf7 100644
--- a/taiga/projects/settings/serializers.py
+++ b/taiga/projects/settings/serializers.py
@@ -17,6 +17,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 from taiga.base.api import serializers
+from taiga.permissions.services import is_project_admin, user_has_perm
 
 from . import models
 
@@ -36,13 +37,20 @@ class UserProjectSettingsSerializer(serializers.ModelSerializer):
 
     def get_allowed_sections(self, obj):
         sections = [Section.timeline, Section.search, Section.team]
+        active_modules = {'epics': 'view_epics', 'backlog': 'view_us',
+                          'kanban': 'view_us', 'wiki': 'view_wiki_pages',
+                          'issues': 'view_issues'}
 
-        active_modules = ['epics', 'backlog', 'kanban', 'wiki', 'issues']
+        for key in active_modules:
+            module_name = "is_{}_activated".format(key)
+            if getattr(obj.project, module_name) and \
+                    user_has_perm(obj.user, active_modules[key], obj.project):
+                sections.append(getattr(Section, key))
 
-        for module in active_modules:
-            module_name = "is_{}_activated".format(module)
-            if getattr(obj.project, module_name):
-                sections.append(getattr(Section, module))
         if obj.project.videoconferences:
             sections.append(Section.meetup)
+
+        if is_project_admin(obj.user, obj.project):
+            sections.append(Section.admin)
+
         return sections
diff --git a/tests/integration/test_project_settings.py b/tests/integration/test_project_settings.py
index 3419432c..fa288326 100644
--- a/tests/integration/test_project_settings.py
+++ b/tests/integration/test_project_settings.py
@@ -44,8 +44,9 @@ def test_retrieve_home_page_setting_with_allowed_sections(client):
     # "videoconferences": null,
     user = f.UserFactory.create()
     project = f.ProjectFactory.create(owner=user)
-    f.MembershipFactory.create(project=project, user=user, is_admin=True)
-
+    membership = f.MembershipFactory.create(user=user, project=project, is_admin=False)
+    membership.role.permissions = ["view_us", "view_wiki_pages"]
+    membership.role.save()
     url = reverse("user-project-settings-list")
 
     client.login(project.owner)
@@ -55,14 +56,13 @@ def test_retrieve_home_page_setting_with_allowed_sections(client):
     assert response.status_code == 200
     assert 1 == len(response.data)
     assert 1 == response.data[0].get("homepage")
-
-    assert 6 == len(response.data[0].get("allowed_sections"))
+    assert 5 == len(response.data[0].get("allowed_sections"))
 
     assert Section.timeline in response.data[0].get("allowed_sections")
     assert Section.search in response.data[0].get("allowed_sections")
     assert Section.team in response.data[0].get("allowed_sections")
     assert Section.backlog in response.data[0].get("allowed_sections")
-    assert Section.issues in response.data[0].get("allowed_sections")
     assert Section.wiki in response.data[0].get("allowed_sections")
 
     assert Section.epics not in response.data[0].get("allowed_sections")
+    assert Section.issues not in response.data[0].get("allowed_sections")