thunderstrike/plane
thunderstrike/plane
2
0
Fork 0
forked from github/plane
Code Pull Requests Activity

fix: role updation (#1110)

Browse Source
This commit is contained in:
pablohashescobar 2023-05-25 12:27:04 +05:30 committed by GitHub
parent af2d7d6f75
commit 5beb50fa76
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 23 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
apiserver/plane/api/views/project.py
View File

@ -104,13 +104,15 @@ class ProjectViewSet(BaseViewSet):
.values("count") .values("count")
) )
.annotate( .annotate(
total_cycles=Cycle.objects.filter(project_id=OuterRef("id")) total_cycles=Cycle.objects.filter(
project_id=OuterRef("id"))
.order_by() .order_by()
.annotate(count=Func(F("id"), function="Count")) .annotate(count=Func(F("id"), function="Count"))
.values("count") .values("count")
) )
.annotate( .annotate(
total_modules=Module.objects.filter(project_id=OuterRef("id")) total_modules=Module.objects.filter(
project_id=OuterRef("id"))
.order_by() .order_by()
.annotate(count=Func(F("id"), function="Count")) .annotate(count=Func(F("id"), function="Count"))
.values("count") .values("count")
@ -134,12 +136,12 @@ class ProjectViewSet(BaseViewSet):
if serializer.is_valid(): if serializer.is_valid():
serializer.save() serializer.save()
## Add the user as Administrator to the project # Add the user as Administrator to the project
ProjectMember.objects.create( ProjectMember.objects.create(
project_id=serializer.data["id"], member=request.user, role=20 project_id=serializer.data["id"], member=request.user, role=20
) )
## Default states # Default states
states = [ states = [
{ {
"name": "Backlog", "name": "Backlog",
@ -320,7 +322,8 @@ class InviteProjectEndpoint(BaseAPIView):
) )
return Response( return Response(
ProjectMemberSerializer(project_member).data, status=status.HTTP_200_OK ProjectMemberSerializer(
project_member).data, status=status.HTTP_200_OK
) )
except ValidationError: except ValidationError:
@ -374,7 +377,7 @@ class UserProjectInvitationsViewset(BaseViewSet):
] ]
) )
## Delete joined project invites # Delete joined project invites
project_invitations.delete() project_invitations.delete()
return Response(status=status.HTTP_200_OK) return Response(status=status.HTTP_200_OK)
@ -412,14 +415,16 @@ class ProjectMemberViewSet(BaseViewSet):
def partial_update(self, request, slug, project_id, pk): def partial_update(self, request, slug, project_id, pk):
try: try:
project_member = ProjectMember.objects.get(pk=pk, workspace__slug=slug, project_id=project_id) project_member = ProjectMember.objects.get(
pk=pk, workspace__slug=slug, project_id=project_id)
if request.user.id == project_member.member_id: if request.user.id == project_member.member_id:
return Response( return Response(
{"error": "You cannot update your own role"}, {"error": "You cannot update your own role"},
status=status.HTTP_400_BAD_REQUEST, status=status.HTTP_400_BAD_REQUEST,
) )
# Check while updating user roles
if request.data.get("role", 10) > project_member.role: requested_project_member = ProjectMember.objects.get(project_id=project_id, workspace__slug=slug, member=request.user)
if "role" in request.data and request.data.get("role", project_member.role) > requested_project_member.role:
return Response( return Response(
{ {
"error": "You cannot update a role that is higher than your own role" "error": "You cannot update a role that is higher than your own role"
@ -472,7 +477,6 @@ class ProjectMemberViewSet(BaseViewSet):
capture_exception(e) capture_exception(e)
return Response({"error": "Something went wrong please try again later"}) return Response({"error": "Something went wrong please try again later"})
class AddMemberToProjectEndpoint(BaseAPIView): class AddMemberToProjectEndpoint(BaseAPIView):
permission_classes = [ permission_classes = [
ProjectBasePermission, ProjectBasePermission,
@ -665,7 +669,8 @@ class ProjectIdentifierEndpoint(BaseAPIView):
status=status.HTTP_400_BAD_REQUEST, status=status.HTTP_400_BAD_REQUEST,
) )
ProjectIdentifier.objects.filter(name=name, workspace__slug=slug).delete() ProjectIdentifier.objects.filter(
name=name, workspace__slug=slug).delete()
return Response( return Response(
status=status.HTTP_204_NO_CONTENT, status=status.HTTP_204_NO_CONTENT,
@ -741,7 +746,8 @@ class ProjectUserViewsEndpoint(BaseAPIView):
view_props = project_member.view_props view_props = project_member.view_props
default_props = project_member.default_props default_props = project_member.default_props
project_member.view_props = request.data.get("view_props", view_props) project_member.view_props = request.data.get(
"view_props", view_props)
project_member.default_props = request.data.get( project_member.default_props = request.data.get(
"default_props", default_props "default_props", default_props
) )

6
apiserver/plane/api/views/workspace.py
View File

@ -440,7 +440,11 @@ class WorkSpaceMemberViewSet(BaseViewSet):
status=status.HTTP_400_BAD_REQUEST, status=status.HTTP_400_BAD_REQUEST,
) )
if request.data.get("role", 10) > workspace_member.role: # Get the requested user role
requested_workspace_member = WorkspaceMember.objects.get(workspace__slug=slug, member=request.user)
# Check if role is being updated
# One cannot update role higher than his own role
if "role" in request.data and request.data.get("role", workspace_member.role) > requested_workspace_member.role:
return Response( return Response(
{ {
"error": "You cannot update a role that is higher than your own role" "error": "You cannot update a role that is higher than your own role"