fix: workspace and project member user deletion (#1241)

* fix: workspace and project member user deletion

* fix: workspace member deletion

* dev: add comments
This commit is contained in:
pablohashescobar 2023-06-08 00:14:41 +05:30 committed by GitHub
parent 42fceb4dcd
commit 754142afa2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 103 additions and 33 deletions

View File

@ -46,7 +46,7 @@ from plane.db.models import (
IssueViewFavorite,
Page,
IssueAssignee,
ModuleMember
ModuleMember,
)
@ -104,15 +104,13 @@ class ProjectViewSet(BaseViewSet):
.values("count")
)
.annotate(
total_cycles=Cycle.objects.filter(
project_id=OuterRef("id"))
total_cycles=Cycle.objects.filter(project_id=OuterRef("id"))
.order_by()
.annotate(count=Func(F("id"), function="Count"))
.values("count")
)
.annotate(
total_modules=Module.objects.filter(
project_id=OuterRef("id"))
total_modules=Module.objects.filter(project_id=OuterRef("id"))
.order_by()
.annotate(count=Func(F("id"), function="Count"))
.values("count")
@ -322,8 +320,7 @@ class InviteProjectEndpoint(BaseAPIView):
)
return Response(
ProjectMemberSerializer(
project_member).data, status=status.HTTP_200_OK
ProjectMemberSerializer(project_member).data, status=status.HTTP_200_OK
)
except ValidationError:
@ -416,15 +413,22 @@ class ProjectMemberViewSet(BaseViewSet):
def partial_update(self, request, slug, project_id, pk):
try:
project_member = ProjectMember.objects.get(
pk=pk, workspace__slug=slug, project_id=project_id)
pk=pk, workspace__slug=slug, project_id=project_id
)
if request.user.id == project_member.member_id:
return Response(
{"error": "You cannot update your own role"},
status=status.HTTP_400_BAD_REQUEST,
)
# Check while updating user roles
requested_project_member = ProjectMember.objects.get(project_id=project_id, workspace__slug=slug, member=request.user)
if "role" in request.data and int(request.data.get("role", project_member.role)) > requested_project_member.role:
requested_project_member = ProjectMember.objects.get(
project_id=project_id, workspace__slug=slug, member=request.user
)
if (
"role" in request.data
and int(request.data.get("role", project_member.role))
> requested_project_member.role
):
return Response(
{
"error": "You cannot update a role that is higher than your own role"
@ -447,36 +451,72 @@ class ProjectMemberViewSet(BaseViewSet):
)
except Exception as e:
capture_exception(e)
return Response({"error": "Something went wrong please try again later"}, status=status.HTTP_400_BAD_REQUEST)
return Response(
{"error": "Something went wrong please try again later"},
status=status.HTTP_400_BAD_REQUEST,
)
def destroy(self, request, slug, project_id, pk):
try:
project_member = ProjectMember.objects.get(
workspace__slug=slug, project_id=project_id, pk=pk
)
# check requesting user role
requesting_project_member = ProjectMember.objects.get(
workspace__slug=slug, member=request.user, project_id=project_id
)
if requesting_project_member.role < project_member.role:
return Response(
{"error": "You cannot remove a user having role higher than yourself"},
status=status.HTTP_400_BAD_REQUEST,
)
# Remove all favorites
ProjectFavorite.objects.filter(workspace__slug=slug, project_id=project_id, user=project_member.member).delete()
CycleFavorite.objects.filter(workspace__slug=slug, project_id=project_id, user=project_member.member).delete()
ModuleFavorite.objects.filter(workspace__slug=slug, project_id=project_id, user=project_member.member).delete()
PageFavorite.objects.filter(workspace__slug=slug, project_id=project_id, user=project_member.member).delete()
IssueViewFavorite.objects.filter(workspace__slug=slug, project_id=project_id, user=project_member.member).delete()
ProjectFavorite.objects.filter(
workspace__slug=slug, project_id=project_id, user=project_member.member
).delete()
CycleFavorite.objects.filter(
workspace__slug=slug, project_id=project_id, user=project_member.member
).delete()
ModuleFavorite.objects.filter(
workspace__slug=slug, project_id=project_id, user=project_member.member
).delete()
PageFavorite.objects.filter(
workspace__slug=slug, project_id=project_id, user=project_member.member
).delete()
IssueViewFavorite.objects.filter(
workspace__slug=slug, project_id=project_id, user=project_member.member
).delete()
# Also remove issue from issue assigned
IssueAssignee.objects.filter(
workspace__slug=slug, project_id=project_id, assignee=project_member.member
workspace__slug=slug,
project_id=project_id,
assignee=project_member.member,
).delete()
# Remove if module member
ModuleMember.objects.filter(workspace__slug=slug, project_id=project_id, member=project_member.member).delete()
ModuleMember.objects.filter(
workspace__slug=slug,
project_id=project_id,
member=project_member.member,
).delete()
# Delete owned Pages
Page.objects.filter(workspace__slug=slug, project_id=project_id, owned_by=project_member.member).delete()
Page.objects.filter(
workspace__slug=slug,
project_id=project_id,
owned_by=project_member.member,
).delete()
project_member.delete()
return Response(status=status.HTTP_204_NO_CONTENT)
except ProjectMember.DoesNotExist:
return Response({"error": "Project Member does not exist"}, status=status.HTTP_400)
return Response(
{"error": "Project Member does not exist"}, status=status.HTTP_400
)
except Exception as e:
capture_exception(e)
return Response({"error": "Something went wrong please try again later"})
class AddMemberToProjectEndpoint(BaseAPIView):
permission_classes = [
ProjectBasePermission,
@ -669,8 +709,7 @@ class ProjectIdentifierEndpoint(BaseAPIView):
status=status.HTTP_400_BAD_REQUEST,
)
ProjectIdentifier.objects.filter(
name=name, workspace__slug=slug).delete()
ProjectIdentifier.objects.filter(name=name, workspace__slug=slug).delete()
return Response(
status=status.HTTP_204_NO_CONTENT,
@ -746,8 +785,7 @@ class ProjectUserViewsEndpoint(BaseAPIView):
view_props = project_member.view_props
default_props = project_member.default_props
project_member.view_props = request.data.get(
"view_props", view_props)
project_member.view_props = request.data.get("view_props", view_props)
project_member.default_props = request.data.get(
"default_props", default_props
)

View File

@ -442,10 +442,16 @@ class WorkSpaceMemberViewSet(BaseViewSet):
)
# Get the requested user role
requested_workspace_member = WorkspaceMember.objects.get(workspace__slug=slug, member=request.user)
requested_workspace_member = WorkspaceMember.objects.get(
workspace__slug=slug, member=request.user
)
# Check if role is being updated
# One cannot update role higher than his own role
if "role" in request.data and int(request.data.get("role", workspace_member.role)) > requested_workspace_member.role:
if (
"role" in request.data
and int(request.data.get("role", workspace_member.role))
> requested_workspace_member.role
):
return Response(
{
"error": "You cannot update a role that is higher than your own role"
@ -475,26 +481,52 @@ class WorkSpaceMemberViewSet(BaseViewSet):
def destroy(self, request, slug, pk):
try:
# Check the user role who is deleting the user
workspace_member = WorkspaceMember.objects.get(workspace__slug=slug, pk=pk)
# check requesting user role
requesting_workspace_member = WorkspaceMember.objects.get(
workspace__slug=slug, member=request.user
)
if requesting_workspace_member.role < workspace_member.role:
return Response(
{"error": "You cannot remove a user having role higher than you"},
status=status.HTTP_400_BAD_REQUEST,
)
# Delete the user also from all the projects
ProjectMember.objects.filter(
workspace__slug=slug, member=workspace_member.member
).delete()
# Remove all favorites
ProjectFavorite.objects.filter(workspace__slug=slug, user=workspace_member.member).delete()
CycleFavorite.objects.filter(workspace__slug=slug, user=workspace_member.member).delete()
ModuleFavorite.objects.filter(workspace__slug=slug, user=workspace_member.member).delete()
PageFavorite.objects.filter(workspace__slug=slug, user=workspace_member.member).delete()
IssueViewFavorite.objects.filter(workspace__slug=slug, user=workspace_member.member).delete()
ProjectFavorite.objects.filter(
workspace__slug=slug, user=workspace_member.member
).delete()
CycleFavorite.objects.filter(
workspace__slug=slug, user=workspace_member.member
).delete()
ModuleFavorite.objects.filter(
workspace__slug=slug, user=workspace_member.member
).delete()
PageFavorite.objects.filter(
workspace__slug=slug, user=workspace_member.member
).delete()
IssueViewFavorite.objects.filter(
workspace__slug=slug, user=workspace_member.member
).delete()
# Also remove issue from issue assigned
IssueAssignee.objects.filter(
workspace__slug=slug, assignee=workspace_member.member
).delete()
# Remove if module member
ModuleMember.objects.filter(workspace__slug=slug, member=workspace_member.member).delete()
ModuleMember.objects.filter(
workspace__slug=slug, member=workspace_member.member
).delete()
# Delete owned Pages
Page.objects.filter(workspace__slug=slug, owned_by=workspace_member.member).delete()
Page.objects.filter(
workspace__slug=slug, owned_by=workspace_member.member
).delete()
workspace_member.delete()
return Response(status=status.HTTP_204_NO_CONTENT)