fixed author permission on issue

This commit is contained in:
yann 2025-06-12 09:44:43 +02:00
parent 8778a088e6
commit e442eac8a5

View File

@ -59,7 +59,7 @@ class ProjectViewSet(ModelViewSet):
then save changes and returns project details then save changes and returns project details
""" """
project = self.get_object() project = self.get_object()
if not request.user == project.author: if request.user != project.author:
raise PermissionDenied() raise PermissionDenied()
serialized = ProjectDetailSerializer(project, serialized = ProjectDetailSerializer(project,
data=request.data, data=request.data,
@ -98,7 +98,7 @@ class ProjectViewSet(ModelViewSet):
if serializer.is_valid(): if serializer.is_valid():
serializer.save() serializer.save()
response = {"detail": f"User {user} " response = {"detail": f"User {user} "
f"added to project ''{project}''"} f"added to project '{project}'"}
return Response(response, status=status.HTTP_202_ACCEPTED) return Response(response, status=status.HTTP_202_ACCEPTED)
response = {"detail": "This user is already contributing"} response = {"detail": "This user is already contributing"}
return Response(response, status=status.HTTP_226_IM_USED) return Response(response, status=status.HTTP_226_IM_USED)
@ -108,7 +108,7 @@ class ProjectViewSet(ModelViewSet):
class IssueViewSet(ModelViewSet): class IssueViewSet(ModelViewSet):
permission_classes = [IsAuthenticated] permission_classes = [IsAuthenticatedOrReadOnly]
serializer_class = IssueSerializer serializer_class = IssueSerializer
detail_serializer_class = IssueDetailSerializer detail_serializer_class = IssueDetailSerializer
@ -133,20 +133,31 @@ class IssueViewSet(ModelViewSet):
# query on a list # query on a list
return Issue.objects.filter(project__in=projects) return Issue.objects.filter(project__in=projects)
def perform_update(self, serializer): def partial_update(self, request, *args, **kwargs):
""" """
Check if requestor is author allows him to partial update Check if requestor is author allows him to partial update
change the author to assign issue change the author to assign issue
""" """
issue = self.get_object() issue = self.get_object()
if not self.request.user == issue.author: requested_author = ""
if self.request.user != issue.author:
raise PermissionDenied() raise PermissionDenied()
if serializer.is_valid(raise_exception=True): #if serializer.is_valid(raise_exception=True):
if self.request.data['author']: serializer = IssueSerializer(issue,
requested_author = User.objects.get( data=request.data,
username=self.request.data['author']) partial=True)
serializer.save(author=requested_author) if serializer.is_valid():
if 'author' in request.data:
try:
author = User.objects.get(username=request.data['author'])
serializer.save(author=author)
except User.DoesNotExist:
response = {
"detail": "Requested author isn't a valid user"}
return Response(response, status=status.HTTP_404_NOT_FOUND)
serializer.save()
return Response(serializer.data) return Response(serializer.data)
response = {"detail": "Data error"} response = {"detail": "Data error"}
return Response(response, status=status.HTTP_400_BAD_REQUEST) return Response(response, status=status.HTTP_400_BAD_REQUEST)