From b06db9b603fcdc9556da5dedfe721beff4c1a719 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20Espino?= Date: Wed, 26 Mar 2014 11:02:05 +0100 Subject: [PATCH] Bug#226: Now owners has permissions to do restricted actions --- taiga/projects/api.py | 16 ++++++++-------- taiga/projects/tasks/api.py | 2 +- taiga/projects/userstories/api.py | 4 ++-- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/taiga/projects/api.py b/taiga/projects/api.py index b012df6f..a38ab7bd 100644 --- a/taiga/projects/api.py +++ b/taiga/projects/api.py @@ -193,7 +193,7 @@ class PointsViewSet(ModelCrudViewSet): project = get_object_or_404(models.Project, id=project_id) - if not has_project_perm(request.user, project, 'change_points'): + if request.user != project.owner and not has_project_perm(request.user, project, 'change_points'): raise exc.PermissionDenied(_("You don't have permisions to change points.")) service = services.PointsService() @@ -225,7 +225,7 @@ class UserStoryStatusViewSet(ModelCrudViewSet): project = get_object_or_404(models.Project, id=project_id) - if not has_project_perm(request.user, project, 'change_userstorystatus'): + if request.user != project.owner and not has_project_perm(request.user, project, 'change_userstorystatus'): raise exc.PermissionDenied(_("You don't have permisions to change user_story_statuses.")) service = services.UserStoryStatusesService() @@ -259,7 +259,7 @@ class TaskStatusViewSet(ModelCrudViewSet): project = get_object_or_404(models.Project, id=project_id) - if not has_project_perm(request.user, project, 'change_taskstatus'): + if request.user != project.owner and not has_project_perm(request.user, project, 'change_taskstatus'): raise exc.PermissionDenied(_("You don't have permisions to change task_statuses.")) service = services.TaskStatusesService() @@ -293,7 +293,7 @@ class SeverityViewSet(ModelCrudViewSet): project = get_object_or_404(models.Project, id=project_id) - if not has_project_perm(request.user, project, 'change_severity'): + if request.user != project.owner and not has_project_perm(request.user, project, 'change_severity'): raise exc.PermissionDenied(_("You don't have permisions to change severities.")) service = services.SeveritiesService() @@ -325,7 +325,7 @@ class PriorityViewSet(ModelCrudViewSet): project = get_object_or_404(models.Project, id=project_id) - if not has_project_perm(request.user, project, 'change_priority'): + if request.user != project.owner and not has_project_perm(request.user, project, 'change_priority'): raise exc.PermissionDenied(_("You don't have permisions to change priorities.")) service = services.PrioritiesService() @@ -357,7 +357,7 @@ class IssueTypeViewSet(ModelCrudViewSet): project = get_object_or_404(models.Project, id=project_id) - if not has_project_perm(request.user, project, 'change_issuetype'): + if request.user != project.owner and not has_project_perm(request.user, project, 'change_issuetype'): raise exc.PermissionDenied(_("You don't have permisions to change issue_types.")) service = services.IssueTypesService() @@ -389,7 +389,7 @@ class IssueStatusViewSet(ModelCrudViewSet): project = get_object_or_404(models.Project, id=project_id) - if not has_project_perm(request.user, project, 'change_issuestatus'): + if request.user != project.owner and not has_project_perm(request.user, project, 'change_issuestatus'): raise exc.PermissionDenied(_("You don't have permisions to change issue_statuses.")) service = services.IssueStatusesService() @@ -423,7 +423,7 @@ class QuestionStatusViewSet(ModelCrudViewSet): project = get_object_or_404(models.Project, id=project_id) - if not has_project_perm(request.user, project, 'change_questionstatus'): + if request.user != project.owner and not has_project_perm(request.user, project, 'change_questionstatus'): raise exc.PermissionDenied(_("You don't have permisions to change question_statuses.")) service = services.QuestionStatusesService() diff --git a/taiga/projects/tasks/api.py b/taiga/projects/tasks/api.py index 8c196972..b1becf0b 100644 --- a/taiga/projects/tasks/api.py +++ b/taiga/projects/tasks/api.py @@ -112,7 +112,7 @@ class TaskViewSet(NotificationSenderMixin, ModelCrudViewSet): project = get_object_or_404(Project, id=project_id) us = get_object_or_404(UserStory, id=us_id) - if not has_project_perm(request.user, project, 'add_task'): + if request.user != project.owner and not has_project_perm(request.user, project, 'add_task'): raise exc.PermissionDenied(_("You don't have permisions to create tasks.")) items = filter(lambda s: len(s) > 0, diff --git a/taiga/projects/userstories/api.py b/taiga/projects/userstories/api.py index f84d7bb3..a9e7640c 100644 --- a/taiga/projects/userstories/api.py +++ b/taiga/projects/userstories/api.py @@ -85,7 +85,7 @@ class UserStoryViewSet(NeighborsApiMixin, NotificationSenderMixin, ModelCrudView project = get_object_or_404(Project, id=project_id) - if not has_project_perm(request.user, project, 'add_userstory'): + if request.user != project.owner and not has_project_perm(request.user, project, 'add_userstory'): raise exc.PermissionDenied(_("You don't have permisions to create user stories.")) service = services.UserStoriesService() @@ -110,7 +110,7 @@ class UserStoryViewSet(NeighborsApiMixin, NotificationSenderMixin, ModelCrudView project = get_object_or_404(Project, id=project_id) - if not has_project_perm(request.user, project, 'add_userstory'): + if request.user != project.owner and not has_project_perm(request.user, project, 'change_userstory'): raise exc.PermissionDenied(_("You don't have permisions to create user stories.")) service = services.UserStoriesService()