Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: ensure MANAGE_TAGS permission allows create tag #4678

Merged
merged 2 commits into from
Oct 2, 2024
Merged

fix: ensure MANAGE_TAGS permission allows create tag #4678

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
24ba4c6
Ensure users with MANAGE_TAGS have permission to create tags
matthewelwell Oct 1, 2024
99ce47b
Fix test
matthewelwell Oct 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 4 additions & 8 deletions api/projects/tags/permissions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,14 +11,10 @@ def has_permission(self, request, view):
return False
project = Project.objects.get(pk=project_pk)

if request.user.is_project_admin(project):
return True

if view.action in ["list", "get_by_uuid"]:
return request.user.has_project_permission(VIEW_PROJECT, project)

# move on to object specific permissions
return view.detail
permission = (
VIEW_PROJECT if view.action in ("list", "get_by_uuid") else MANAGE_TAGS
)
return request.user.has_project_permission(permission, project) or view.detail

def has_object_permission(self, request, view, obj):
project = obj.project
Expand Down
44 changes: 44 additions & 0 deletions api/tests/unit/projects/tags/test_unit_projects_tags_permissions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,50 @@ def test_project_user_has_detail_permission(
assert result is True


def test_project_user_with_manage_tags_has_permission_to_create(
staff_user: FFAdminUser,
project: Project,
with_project_permissions: WithProjectPermissionsCallable,
) -> None:
# Given
with_project_permissions([VIEW_PROJECT, MANAGE_TAGS])
mock_request = mock.MagicMock(user=staff_user)
mock_view = mock.MagicMock(
action="create",
kwargs={"project_pk": project.id},
detail=False,
)
permissions = TagPermissions()

# When
result = permissions.has_permission(mock_request, mock_view)

# Then
assert result is True


def test_project_user_with_view_project_does_not_have_permission_to_create(
staff_user: FFAdminUser,
project: Project,
with_project_permissions: WithProjectPermissionsCallable,
) -> None:
# Given
with_project_permissions([VIEW_PROJECT])
mock_request = mock.MagicMock(user=staff_user)
mock_view = mock.MagicMock(
action="create",
kwargs={"project_pk": project.id},
detail=False,
)
permissions = TagPermissions()

# When
result = permissions.has_permission(mock_request, mock_view)

# Then
assert result is False


def test_project_user_with_manage_tags_has_detail_permission(
staff_user: FFAdminUser,
project: Project,
Expand Down
Loading