Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: allows only owner and organizer to delete role-invites #6190

Merged
merged 1 commit into from
Jul 16, 2019
Merged

fix: allows only owner and organizer to delete role-invites #6190

merged 1 commit into from
Jul 16, 2019

Conversation

shreyanshdwivedi
Copy link
Member

Fixes #6152

Short description of what this resolves:

Currently, a user with coorganizer access to an event can delete other organizers/coorganizers/owners too.

Changes proposed in this pull request:

  • Allows only owner and organizers to delete role invites other than owner role. For owner role, user must have owner access to delete it

Checklist

  • I have read the Contribution & Best practices Guide and my PR follows them.
  • My branch is up-to-date with the Upstream development branch.
  • The unit tests pass locally with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)
  • All the functions created/modified in this PR contain relevant docstrings.

@auto-label auto-label bot added the fix label Jul 13, 2019
@codecov
Copy link

codecov bot commented Jul 13, 2019

Codecov Report

Merging #6190 into development will decrease coverage by 0.02%.
The diff coverage is 0%.

Impacted file tree graph

@@               Coverage Diff               @@
##           development    #6190      +/-   ##
===============================================
- Coverage           66%   65.97%   -0.03%     
===============================================
  Files              288      288              
  Lines            14521    14526       +5     
===============================================
  Hits              9584     9584              
- Misses            4937     4942       +5
Impacted Files Coverage Δ
app/api/role_invites.py 42.98% <0%> (-1.98%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update faf208e...40d5003. Read the comment docs.

@codecov
Copy link

codecov bot commented Jul 13, 2019
edited
Loading

Codecov Report

Merging #6190 into development will decrease coverage by 0.02%.
The diff coverage is 0%.

Impacted file tree graph

@@               Coverage Diff               @@
##           development    #6190      +/-   ##
===============================================
- Coverage           66%   65.97%   -0.03%     
===============================================
  Files              288      288              
  Lines            14521    14526       +5     
===============================================
  Hits              9584     9584              
- Misses            4937     4942       +5
Impacted Files Coverage Δ
app/api/role_invites.py 42.98% <0%> (-1.98%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8a01b62...ddc4be1. Read the comment docs.

Anupam-dagar
Anupam-dagar previously approved these changes Jul 14, 2019
View reviewed changes
prateekj117
prateekj117 previously approved these changes Jul 15, 2019
View reviewed changes
iamareebjamal
iamareebjamal reviewed Jul 15, 2019
View reviewed changes
app/api/role_invites.py Outdated
@@ -135,6 +135,11 @@ def before_update_object(self, role_invite, data, view_kwargs):
if not has_access('is_organizer', event_id=role_invite.event_id) and (len(list(data.keys())) > 1 or
'status' not in data):
raise UnprocessableEntity({'source': ''}, "You can only change your status")
if 'deleted_at' in data and data['deleted_at']:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not simply do data.get('deleted-at')

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated it @iamareebjamal

@fossasia fossasia deleted a comment Jul 15, 2019
@iamareebjamal iamareebjamal merged commit 4ea611e into fossasia:development Jul 16, 2019
iamareebjamal pushed a commit to iamareebjamal/open-event-server that referenced this pull request Aug 2, 2019
@shreyanshdwivedi @iamareebjamal
fix: allows only owner and organizer to delete role-invites (fossasia…
420fdbc 
…#6190)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iamareebjamal iamareebjamal iamareebjamal approved these changes

@Anupam-dagar Anupam-dagar Anupam-dagar left review comments

@prateekj117 prateekj117 prateekj117 left review comments

Assignees
No one assigned
Labels
fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

User with organizer or coorganizer role can delete other roles too
4 participants
@shreyanshdwivedi @iamareebjamal @Anupam-dagar @prateekj117