Commit b69641e0 by Oláh István Gergely

dashboard: checking user when deleting group

parent 4d7140f3
...@@ -551,6 +551,7 @@ class GroupDetailTest(LoginMixin, TestCase): ...@@ -551,6 +551,7 @@ class GroupDetailTest(LoginMixin, TestCase):
self.u1.delete() self.u1.delete()
self.u2.delete() self.u2.delete()
self.us.delete() self.us.delete()
self.u3.delete()
self.g1.delete() self.g1.delete()
def test_404_superuser_group_page(self): def test_404_superuser_group_page(self):
...@@ -624,7 +625,7 @@ class GroupDetailTest(LoginMixin, TestCase): ...@@ -624,7 +625,7 @@ class GroupDetailTest(LoginMixin, TestCase):
c = Client() c = Client()
self.login(c, 'user3') self.login(c, 'user3')
response = c.post('/dashboard/group/delete/1/') response = c.post('/dashboard/group/delete/1/')
self.assertEqual(response.status_code, 302) self.assertEqual(response.status_code, 403)
self.assertEqual(Group.objects.count(), num_of_groups) self.assertEqual(Group.objects.count(), num_of_groups)
def test_acl_group_delete(self): def test_acl_group_delete(self):
......
...@@ -1102,7 +1102,8 @@ class GroupDelete(CheckedDetailView, DeleteView): ...@@ -1102,7 +1102,8 @@ class GroupDelete(CheckedDetailView, DeleteView):
# github.com/django/django/blob/master/django/views/generic/edit.py#L245 # github.com/django/django/blob/master/django/views/generic/edit.py#L245
def delete(self, request, *args, **kwargs): def delete(self, request, *args, **kwargs):
object = self.get_object() object = self.get_object()
if not object.profile.has_level(request.user, 'operator'):
raise PermissionDenied()
object.delete() object.delete()
success_url = self.get_success_url() success_url = self.get_success_url()
success_message = _("Group successfully deleted!") success_message = _("Group successfully deleted!")
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment