Give HS user permissions (#727)

* Give HS user permissions

* Fix

CHANGELOG.md

@@ -13,6 +13,7 @@
 ---
 
 ## Neste versjon
+- ⚡ **Brukere** HS kan styre medlemmer
 - ✨ **Bannere** Filtrering på bannere
 - ✨ **Spørreskjemaer** NOK medlemmer kan lage spørreskjema.
 - ⚡ **Bruker** Nå kan ikke HS lenger endre eller slette brukere.

app/content/models/user.py

@@ -56,7 +56,7 @@ def create_superuser(self, user_id, password):
 
 
 class User(AbstractBaseUser, PermissionsMixin, BaseModel, OptionalImage):
-    write_access = [AdminGroup.INDEX]
+    write_access = AdminGroup.admin()
     read_access = [Groups.TIHLDE]
 
     user_id = models.CharField(max_length=15, primary_key=True)
@@ -161,7 +161,6 @@ def has_unanswered_evaluations_for(self, event):
         return self.get_unanswered_evaluations().filter(event=event).exists()
 
     def get_unanswered_evaluations(self):
-
         from app.forms.models.forms import EventForm, EventFormType
 
         date_30_days_ago = now() - timedelta(days=30)

app/tests/content/test_user_integration.py

@@ -182,7 +182,6 @@ def test_filter_only_users_with_active_strikes(
     ],
 )
 def test_user_actions_self(url, status_code, member, api_client):
-
     url = f"{API_USER_BASE_URL}me{url}"
     client = api_client(user=member)
 
@@ -341,7 +340,7 @@ def test_update_other_user_as_hs_user(member, user, api_client):
     url = _get_user_detail_url(user)
     response = client.put(url, data)
 
-    assert response.status_code == status.HTTP_403_FORBIDDEN
+    assert response.status_code == status.HTTP_200_OK
 
 
 def test_update_other_user_as_index_user(member, user, api_client):
@@ -459,7 +458,7 @@ def test_destroy_other_user_as_hs_user(member, user, api_client):
     url = _get_user_detail_url(user)
     response = client.delete(url)
 
-    assert response.status_code == status.HTTP_403_FORBIDDEN
+    assert response.status_code == status.HTTP_200_OK
 
 
 def test_destroy_other_user_as_index_user(member, user, api_client):