forked from github/plane
chore: inbox issue permissions (#1341)
* chore: inbox issue permissions * dev: update delete endpoint
This commit is contained in:
parent
537cd2f5dd
commit
bfac39f1bc
@ -22,7 +22,7 @@ from plane.db.models import (
|
|||||||
State,
|
State,
|
||||||
IssueLink,
|
IssueLink,
|
||||||
IssueAttachment,
|
IssueAttachment,
|
||||||
IssueActivity,
|
ProjectMember,
|
||||||
)
|
)
|
||||||
from plane.api.serializers import (
|
from plane.api.serializers import (
|
||||||
IssueSerializer,
|
IssueSerializer,
|
||||||
@ -246,13 +246,28 @@ class InboxIssueViewSet(BaseViewSet):
|
|||||||
inbox_issue = InboxIssue.objects.get(
|
inbox_issue = InboxIssue.objects.get(
|
||||||
pk=pk, workspace__slug=slug, project_id=project_id, inbox_id=inbox_id
|
pk=pk, workspace__slug=slug, project_id=project_id, inbox_id=inbox_id
|
||||||
)
|
)
|
||||||
|
# Get the project member
|
||||||
|
project_member = ProjectMember.objects.get(workspace__slug=slug, project_id=project_id, member=request.user)
|
||||||
|
# Only project members admins and created_by users can access this endpoint
|
||||||
|
if project_member.role <= 10 and str(inbox_issue.created_by_id) != str(request.user.id):
|
||||||
|
return Response({"error": "You cannot edit inbox issues"}, status=status.HTTP_400_BAD_REQUEST)
|
||||||
|
|
||||||
|
# Get issue data
|
||||||
issue_data = request.data.pop("issue", False)
|
issue_data = request.data.pop("issue", False)
|
||||||
|
|
||||||
if bool(issue_data):
|
if bool(issue_data):
|
||||||
issue = Issue.objects.get(
|
issue = Issue.objects.get(
|
||||||
pk=inbox_issue.issue_id, workspace__slug=slug, project_id=project_id
|
pk=inbox_issue.issue_id, workspace__slug=slug, project_id=project_id
|
||||||
)
|
)
|
||||||
|
# Only allow guests and viewers to edit name and description
|
||||||
|
if project_member <= 10:
|
||||||
|
# viewers and guests since only viewers and guests
|
||||||
|
issue_data = {
|
||||||
|
"name": issue_data.get("name", issue.name),
|
||||||
|
"description_html": issue_data.get("description_html", issue.description_html),
|
||||||
|
"description": issue_data.get("description", issue.description)
|
||||||
|
}
|
||||||
|
|
||||||
issue_serializer = IssueCreateSerializer(
|
issue_serializer = IssueCreateSerializer(
|
||||||
issue, data=issue_data, partial=True
|
issue, data=issue_data, partial=True
|
||||||
)
|
)
|
||||||
@ -279,46 +294,50 @@ class InboxIssueViewSet(BaseViewSet):
|
|||||||
issue_serializer.errors, status=status.HTTP_400_BAD_REQUEST
|
issue_serializer.errors, status=status.HTTP_400_BAD_REQUEST
|
||||||
)
|
)
|
||||||
|
|
||||||
serializer = InboxIssueSerializer(
|
# Only project admins and members can edit inbox issue attributes
|
||||||
inbox_issue, data=request.data, partial=True
|
if project_member.role > 10:
|
||||||
)
|
serializer = InboxIssueSerializer(
|
||||||
|
inbox_issue, data=request.data, partial=True
|
||||||
|
)
|
||||||
|
|
||||||
if serializer.is_valid():
|
if serializer.is_valid():
|
||||||
serializer.save()
|
serializer.save()
|
||||||
# Update the issue state if the issue is rejected or marked as duplicate
|
# Update the issue state if the issue is rejected or marked as duplicate
|
||||||
if serializer.data["status"] in [-1, 2]:
|
if serializer.data["status"] in [-1, 2]:
|
||||||
issue = Issue.objects.get(
|
issue = Issue.objects.get(
|
||||||
pk=inbox_issue.issue_id,
|
pk=inbox_issue.issue_id,
|
||||||
workspace__slug=slug,
|
workspace__slug=slug,
|
||||||
project_id=project_id,
|
project_id=project_id,
|
||||||
)
|
)
|
||||||
state = State.objects.filter(
|
|
||||||
group="cancelled", workspace__slug=slug, project_id=project_id
|
|
||||||
).first()
|
|
||||||
if state is not None:
|
|
||||||
issue.state = state
|
|
||||||
issue.save()
|
|
||||||
|
|
||||||
# Update the issue state if it is accepted
|
|
||||||
if serializer.data["status"] in [1]:
|
|
||||||
issue = Issue.objects.get(
|
|
||||||
pk=inbox_issue.issue_id,
|
|
||||||
workspace__slug=slug,
|
|
||||||
project_id=project_id,
|
|
||||||
)
|
|
||||||
|
|
||||||
# Update the issue state only if it is in triage state
|
|
||||||
if issue.state.name == "Triage":
|
|
||||||
# Move to default state
|
|
||||||
state = State.objects.filter(
|
state = State.objects.filter(
|
||||||
workspace__slug=slug, project_id=project_id, default=True
|
group="cancelled", workspace__slug=slug, project_id=project_id
|
||||||
).first()
|
).first()
|
||||||
if state is not None:
|
if state is not None:
|
||||||
issue.state = state
|
issue.state = state
|
||||||
issue.save()
|
issue.save()
|
||||||
|
|
||||||
return Response(serializer.data, status=status.HTTP_200_OK)
|
# Update the issue state if it is accepted
|
||||||
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
|
if serializer.data["status"] in [1]:
|
||||||
|
issue = Issue.objects.get(
|
||||||
|
pk=inbox_issue.issue_id,
|
||||||
|
workspace__slug=slug,
|
||||||
|
project_id=project_id,
|
||||||
|
)
|
||||||
|
|
||||||
|
# Update the issue state only if it is in triage state
|
||||||
|
if issue.state.name == "Triage":
|
||||||
|
# Move to default state
|
||||||
|
state = State.objects.filter(
|
||||||
|
workspace__slug=slug, project_id=project_id, default=True
|
||||||
|
).first()
|
||||||
|
if state is not None:
|
||||||
|
issue.state = state
|
||||||
|
issue.save()
|
||||||
|
|
||||||
|
return Response(serializer.data, status=status.HTTP_200_OK)
|
||||||
|
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
|
||||||
|
else:
|
||||||
|
return Response(InboxIssueSerializer(inbox_issue).data, status=status.HTTP_200_OK)
|
||||||
except InboxIssue.DoesNotExist:
|
except InboxIssue.DoesNotExist:
|
||||||
return Response(
|
return Response(
|
||||||
{"error": "Inbox Issue does not exist"},
|
{"error": "Inbox Issue does not exist"},
|
||||||
@ -347,3 +366,25 @@ class InboxIssueViewSet(BaseViewSet):
|
|||||||
{"error": "Something went wrong please try again later"},
|
{"error": "Something went wrong please try again later"},
|
||||||
status=status.HTTP_400_BAD_REQUEST,
|
status=status.HTTP_400_BAD_REQUEST,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
def destroy(self, request, slug, project_id, inbox_id, pk):
|
||||||
|
try:
|
||||||
|
inbox_issue = InboxIssue.objects.get(
|
||||||
|
pk=pk, workspace__slug=slug, project_id=project_id, inbox_id=inbox_id
|
||||||
|
)
|
||||||
|
# Get the project member
|
||||||
|
project_member = ProjectMember.objects.get(workspace__slug=slug, project_id=project_id, member=request.user)
|
||||||
|
|
||||||
|
if project_member.role <= 10 and str(inbox_issue.created_by_id) != str(request.user.id):
|
||||||
|
return Response({"error": "You cannot delete inbox issue"}, status=status.HTTP_400_BAD_REQUEST)
|
||||||
|
|
||||||
|
inbox_issue.delete()
|
||||||
|
return Response(status=status.HTTP_204_NO_CONTENT)
|
||||||
|
except InboxIssue.DoesNotExist:
|
||||||
|
return Response({"error": "Inbox Issue does not exists"}, status=status.HTTP_400_BAD_REQUEST)
|
||||||
|
except Exception as e:
|
||||||
|
capture_exception(e)
|
||||||
|
return Response(
|
||||||
|
{"error": "Something went wrong please try again later"},
|
||||||
|
status=status.HTTP_400_BAD_REQUEST,
|
||||||
|
)
|
Loading…
Reference in New Issue
Block a user