-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Validate user as admin of subproject when adding it to project
It was previously possible to add subprojects without beeing admin of them. It should be required to be a admin. Otherwise people end up getting incorporated into a project without knowing it or beeing asked. Related to #1122
- Loading branch information
1 parent
71c3b2b
commit 0e93ce4
Showing
4 changed files
with
82 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
from django.contrib.auth.models import User | ||
from django.test import TestCase | ||
from projects.forms import SubprojectForm | ||
from django_dynamic_fixture import G | ||
|
||
from projects.models import Project | ||
|
||
|
||
class SubprojectFormTests(TestCase): | ||
def test_name_validation(self): | ||
user = G(User) | ||
project = G(Project, slug='mainproject') | ||
|
||
form = SubprojectForm({}, | ||
parent=project, user=user) | ||
form.full_clean() | ||
self.assertTrue('subproject' in form.errors) | ||
|
||
form = SubprojectForm({'name': 'not-existent'}, | ||
parent=project, user=user) | ||
form.full_clean() | ||
self.assertTrue('subproject' in form.errors) | ||
|
||
def test_adding_subproject_fails_when_user_is_not_admin(self): | ||
# Make sure that a user cannot add a subproject that he is not the | ||
# admin of. | ||
|
||
user = G(User) | ||
project = G(Project, slug='mainproject') | ||
project.users.add(user) | ||
subproject = G(Project, slug='subproject') | ||
|
||
form = SubprojectForm({'subproject': subproject.slug}, | ||
parent=project, user=user) | ||
# Fails because user does not own subproject. | ||
form.full_clean() | ||
self.assertTrue('subproject' in form.errors) | ||
|
||
def test_admin_of_subproject_can_add_it(self): | ||
user = G(User) | ||
project = G(Project, slug='mainproject') | ||
project.users.add(user) | ||
subproject = G(Project, slug='subproject') | ||
subproject.users.add(user) | ||
|
||
# Works now as user is admin of subproject. | ||
form = SubprojectForm({'subproject': subproject.slug}, | ||
parent=project, user=user) | ||
# Fails because user does not own subproject. | ||
form.full_clean() | ||
self.assertTrue(form.is_valid()) | ||
form.save() | ||
|
||
self.assertEqual( | ||
[r.child for r in project.subprojects.all()], | ||
[subproject]) |