taiga
/
taiga-back
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Disabling membership creation if the role isn't valid for the project

remotes/origin/enhancement/email-actions
Alejandro Alonso 2014-11-19 10:07:35 +01:00 committed by David Barragán Merino
parent 3d6863d6c1
commit d246808b54
2 changed files with 29 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
taiga/projects/serializers.py
View File

@ -187,6 +187,14 @@ class MembershipSerializer(ModelSerializer):
return attrs return attrs
def validate_role(self, attrs, source):
project = attrs["project"]
role = attrs[source]
if project.roles.filter(id=role.id).count() == 0:
raise serializers.ValidationError(_("Invalid role for the project"))
return attrs
class ProjectMembershipSerializer(ModelSerializer): class ProjectMembershipSerializer(ModelSerializer):
role_name = serializers.CharField(source='role.name', required=False) role_name = serializers.CharField(source='role.name', required=False)

25
tests/integration/test_memberships.py
View File

@ -108,17 +108,34 @@ def test_api_invite_existing_user(client, outbox):
assert message.to == [user.email] assert message.to == [user.email]
assert "Added to the project" in message.subject assert "Added to the project" in message.subject
def test_api_create_invalid_membership(client):
"Should create the invitation linked to that user" def test_api_create_invalid_membership_email_failing(client):
"Should not create the invitation linked to that user"
user = f.UserFactory.create() user = f.UserFactory.create()
role = f.RoleFactory.create() role = f.RoleFactory.create()
client.login(role.project.owner) client.login(role.project.owner)
url = reverse("memberships-list") url = reverse("memberships-list")
data = {"role": role.pk, "project": role.project.pk} data = {"role": role.pk, "project": role.project.pk}
response = client.json.post(url, data) response = client.json.post(url, json.dumps(data))
assert response.status_code == 400, response.data assert response.status_code == 400, response.data
assert user.memberships.count() == 0 assert user.memberships.count() == 0
def test_api_create_invalid_membership_role_doesnt_exist_in_the_project(client):
"Should not create the invitation linked to that user"
user = f.UserFactory.create()
role = f.RoleFactory.create()
project = f.ProjectFactory.create()
client.login(project.owner)
url = reverse("memberships-list")
data = {"role": role.pk, "project": project.pk, "email": user.email}
response = client.json.post(url, json.dumps(data))
assert response.status_code == 400, response.data
assert response.data["role"][0] == "Invalid role for the project"
assert user.memberships.count() == 0