Adding permissions and testing for resend-invitation service

2014-07-31 14:09:09 +02:00 · 2014-07-31 14:09:09 +02:00 · dd7d478d05
parent 883fd81d06
commit dd7d478d05
4 changed files with 42 additions and 1 deletions
--- a/taiga/projects/api.py
+++ b/taiga/projects/api.py
@ -196,7 +196,11 @@ class MembershipViewSet(ModelCrudViewSet):

    @detail_route(methods=["POST"])
    def resend_invitation(self, request, **kwargs):
-        services.send_invitation(invitation=self.get_object())
+        invitation = self.get_object()
+
+        self.check_permissions(request, 'resend_invitation', invitation.project)
+
+        services.send_invitation(invitation=invitation)
        return Response(status=status.HTTP_204_NO_CONTENT)

    def pre_save(self, object):
--- a/taiga/projects/permissions.py
+++ b/taiga/projects/permissions.py
@ -42,6 +42,7 @@ class MembershipPermission(ResourcePermission):
    destroy_perms = IsProjectOwner()
    list_perms = AllowAny()
    bulk_create_perms = IsProjectOwner()
+    resend_invitation_perms = IsProjectOwner()


 # User Stories
--- a/tests/factories.py
+++ b/tests/factories.py
@ -128,6 +128,15 @@ class MembershipFactory(Factory):
    user = factory.SubFactory("tests.factories.UserFactory")


+class InvitationFactory(Factory):
+    FACTORY_FOR = get_model("projects", "Membership")
+
+    token = factory.LazyAttribute(lambda obj: str(uuid.uuid1()))
+    project = factory.SubFactory("tests.factories.ProjectFactory")
+    role = factory.SubFactory("tests.factories.RoleFactory")
+    email = factory.Sequence(lambda n: "user{}@email.com".format(n))
+
+
 class StorageEntryFactory(Factory):
    FACTORY_FOR = get_model("userstorage", "StorageEntry")

--- a/tests/integration/resources_permissions/test_projects_choices_resources.py
+++ b/tests/integration/resources_permissions/test_projects_choices_resources.py
@ -1551,6 +1551,33 @@ def test_membership_action_bulk_create(client, data):
    assert results == [401, 403, 403, 403, 200]


+def test_membership_action_resend_invitation(client, data):
+    public_invitation = f.InvitationFactory(project=data.public_project, role__project=data.public_project)
+    private_invitation1 = f.InvitationFactory(project=data.private_project1, role__project=data.private_project1)
+    private_invitation2 = f.InvitationFactory(project=data.private_project2, role__project=data.private_project2)
+
+    public_url = reverse('memberships-resend-invitation', kwargs={"pk": public_invitation.pk})
+    private1_url = reverse('memberships-resend-invitation', kwargs={"pk": private_invitation1.pk})
+    private2_url = reverse('memberships-resend-invitation', kwargs={"pk": private_invitation2.pk})
+
+    users = [
+        None,
+        data.registered_user,
+        data.project_member_without_perms,
+        data.project_member_with_perms,
+        data.project_owner
+    ]
+
+    results = helper_test_http_method(client, 'post', public_url, None, users)
+    assert results == [401, 403, 403, 403, 204]
+
+    results = helper_test_http_method(client, 'post', private1_url, None, users)
+    assert results == [401, 403, 403, 403, 204]
+
+    results = helper_test_http_method(client, 'post', private2_url, None, users)
+    assert results == [404, 404, 403, 403, 204]
+
+
 def test_project_template_retrieve(client, data):
    url = reverse('project-templates-detail', kwargs={"pk": data.project_template.pk})