Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Make event-invoices endpoint admin only #7096

Merged
merged 4 commits into from
Jun 30, 2020
Merged

fix: Make event-invoices endpoint admin only #7096

merged 4 commits into from
Jun 30, 2020

Conversation

Haider8
Copy link
Contributor

@Haider8 Haider8 commented Jun 30, 2020

Fixes #7063

Short description of what this resolves:

Currently /event-invoices endpoint requires the event_id param in url or expects the user to be admin, which is not the case for this endpoint.

Changes proposed in this pull request:

Remove decorators is_organizer and is_admin.

Checklist

  • I have read the Contribution & Best practices Guide and my PR follows them.
  • My branch is up-to-date with the Upstream development branch.
  • The unit tests pass locally with my changes
  • [] I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)
  • All the functions created/modified in this PR contain relevant docstrings.

@auto-label auto-label bot added the fix label Jun 30, 2020
@codecov
Copy link

codecov bot commented Jun 30, 2020
edited
Loading

Codecov Report

Merging #7096 into development will decrease coverage by 0.00%.
The diff coverage is 41.66%.

Impacted file tree graph

@@               Coverage Diff               @@
##           development    #7096      +/-   ##
===============================================
- Coverage        62.01%   62.00%   -0.01%     
===============================================
  Files              262      262              
  Lines            12995    13000       +5     
===============================================
+ Hits              8059     8061       +2     
- Misses            4936     4939       +3
Impacted Files Coverage Δ
app/api/event_invoices.py 47.87% <40.00%> (-1.02%) ⬇️
app/api/helpers/permission_manager.py 36.71% <42.85%> (+0.22%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1169f10...a4982d8. Read the comment docs.

iamareebjamal
iamareebjamal requested changes Jun 30, 2020
View reviewed changes
Copy link
Member

@iamareebjamal iamareebjamal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now everyone can edit and delete invoices

@Haider8
Copy link
Contributor Author

Haider8 commented Jun 30, 2020

@iamareebjamal Please review

iamareebjamal
iamareebjamal requested changes Jun 30, 2020
View reviewed changes
app/api/event_invoices.py Outdated
@@ -39,6 +40,10 @@ def query(self, view_kwargs):
:param view_kwargs:
:return:
"""
user = current_user
if not user.is_admin and not user.is_super_admin:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is_staff

iamareebjamal
iamareebjamal reviewed Jun 30, 2020
View reviewed changes
app/api/helpers/permission_manager.py Outdated
@@ -61,8 +61,9 @@ def is_organizer(view, view_args, view_kwargs, *args, **kwargs):
if user.is_staff:
return view(*view_args, **view_kwargs)

if user.is_owner(kwargs['event_id']) or user.is_organizer(kwargs['event_id']):
return view(*view_args, **view_kwargs)
if kwargs.get('event_id'):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This can be extracted in a variable and reused

@niranjan94
Copy link
Member

Codacy Here is an overview of what got changed by this pull request:

Complexity increasing per file
==============================
- app/api/event_invoices.py  1

See the complete overview on Codacy

iamareebjamal
iamareebjamal approved these changes Jun 30, 2020
View reviewed changes
Copy link
Member

@iamareebjamal iamareebjamal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perfect, please change PR name to what you have currently done

@iamareebjamal
Copy link
Member

Ignore remaining deepsource issues. We should only fix code related to issue. Don't revert the already made changes though

@Haider8 Haider8 changed the title fix: Remove decorators is_organizer and is_admin for event-invoices endpoint fix: Make event-invoices endpoint admin only Jun 30, 2020
@iamareebjamal iamareebjamal merged commit 2d36e03 into fossasia:development Jun 30, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iamareebjamal iamareebjamal iamareebjamal approved these changes

Assignees
No one assigned
Labels
fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

event-invoices endpoint failing
3 participants
@Haider8 @niranjan94 @iamareebjamal