From d246808b5475ca91e3166f1fcf269d20eadeb2d7 Mon Sep 17 00:00:00 2001
From: Alejandro Alonso <alejandro.alonso@kaleidos.net>
Date: Wed, 19 Nov 2014 10:07:35 +0100
Subject: [PATCH] Disabling membership creation if the role isn't valid for the
 project

---
 taiga/projects/serializers.py         |  8 ++++++++
 tests/integration/test_memberships.py | 25 +++++++++++++++++++++----
 2 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/taiga/projects/serializers.py b/taiga/projects/serializers.py
index add42979..ef6e9f73 100644
--- a/taiga/projects/serializers.py
+++ b/taiga/projects/serializers.py
@@ -187,6 +187,14 @@ class MembershipSerializer(ModelSerializer):
 
         return attrs
 
+    def validate_role(self, attrs, source):
+        project = attrs["project"]
+        role = attrs[source]
+
+        if project.roles.filter(id=role.id).count() == 0:
+            raise serializers.ValidationError(_("Invalid role for the project"))
+
+        return attrs
 
 class ProjectMembershipSerializer(ModelSerializer):
     role_name = serializers.CharField(source='role.name', required=False)
diff --git a/tests/integration/test_memberships.py b/tests/integration/test_memberships.py
index c717cbbf..01dcbd72 100644
--- a/tests/integration/test_memberships.py
+++ b/tests/integration/test_memberships.py
@@ -108,17 +108,34 @@ def test_api_invite_existing_user(client, outbox):
     assert message.to == [user.email]
     assert "Added to the project" in message.subject
 
-def test_api_create_invalid_membership(client):
-    "Should create the invitation linked to that user"
+
+def test_api_create_invalid_membership_email_failing(client):
+    "Should not create the invitation linked to that user"
     user = f.UserFactory.create()
     role = f.RoleFactory.create()
-
     client.login(role.project.owner)
 
     url = reverse("memberships-list")
     data = {"role": role.pk, "project": role.project.pk}
 
-    response = client.json.post(url, data)
+    response = client.json.post(url, json.dumps(data))
 
     assert response.status_code == 400, response.data
     assert user.memberships.count() == 0
+
+def test_api_create_invalid_membership_role_doesnt_exist_in_the_project(client):
+    "Should not create the invitation linked to that user"
+    user = f.UserFactory.create()
+    role = f.RoleFactory.create()
+    project = f.ProjectFactory.create()
+
+    client.login(project.owner)
+
+    url = reverse("memberships-list")
+    data = {"role": role.pk, "project": project.pk, "email": user.email}
+
+    response = client.json.post(url, json.dumps(data))
+
+    assert response.status_code == 400, response.data
+    assert response.data["role"][0] == "Invalid role for the project"
+    assert user.memberships.count() == 0