Skip to content

fix(arhcived-project-tasks): only superuser can edit tasks of archived projects #668

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

fix(arhcived-project-tasks): only superuser can edit tasks of archived projects #668

wants to merge 3 commits into from

Conversation

MitanOmar
Copy link
Member

@MitanOmar MitanOmar commented Mar 24, 2025
edited
Loading

fix #513

@MitanOmar MitanOmar requested review from a team as code owners March 24, 2025 15:07
@MitanOmar MitanOmar force-pushed the stop-updating-or-adding-tasks-to-an-archived-project branch from d8ec624 to 44db493 Compare March 24, 2025 15:09
winged
winged previously approved these changes Mar 24, 2025
View reviewed changes
Copy link
Member

@winged winged left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

trowik
trowik requested changes Mar 24, 2025
View reviewed changes
Copy link
Member

@trowik trowik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a test for that!

backend/timed/permissions.py Outdated
@@ -65,6 +65,13 @@ def has_object_permission(self, request, view, _obj):
return self.has_permission(request, view)


class IsProjectActive(BasePermission):
"""Allow Only the project that is not archived."""
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"""Allow Only the project that is not archived."""
"""Allows access to object only if a project is not archived."""

backend/timed/projects/views.py Outdated
Comment on lines 181 to 184
# only superuser can update tasks of archived projects
| (IsUpdateOnly & IsProjectActive)
# managers may edit all tasks
| IsManager
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The order is wrong!
This means that anyone who isn't a superuser can update a task if the project is active.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right - and wrong. It's not the order, but the full expression for the permission

Suggested change
# only superuser can update tasks of archived projects
| (IsUpdateOnly & IsProjectActive)
# managers may edit all tasks
| IsManager
# only superuser can update tasks of archived projects
| (IsUpdateOnly & IsProjectActive & IsManager)

@MitanOmar MitanOmar force-pushed the stop-updating-or-adding-tasks-to-an-archived-project branch from 442b694 to e50fd22 Compare March 25, 2025 11:27
@MitanOmar MitanOmar requested review from winged and trowik March 25, 2025 11:32
@MitanOmar
Copy link
Member Author

the backend tests is failing not because of this PR, and the fix will be #669

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@winged winged Awaiting requested review from winged

@trowik trowik Awaiting requested review from trowik

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[BUG]: I can edit tasks in an archived project
3 participants
@MitanOmar @winged @trowik