From 1ddbf1fa528f844e96775f3bea6981acf30ffc66 Mon Sep 17 00:00:00 2001 From: "Thomas H. Svendal" Date: Mon, 23 Oct 2023 20:35:21 +0200 Subject: [PATCH] Give HS user permissions (#727) * Give HS user permissions * Fix --- CHANGELOG.md | 1 + app/content/models/user.py | 3 +-- app/tests/content/test_user_integration.py | 5 ++--- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2288f591c..d83476be1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ --- ## Neste versjon +- ⚡ **Brukere** HS kan styre medlemmer - ✨ **Bannere** Filtrering på bannere - ✨ **Spørreskjemaer** NOK medlemmer kan lage spørreskjema. - ⚡ **Bruker** Nå kan ikke HS lenger endre eller slette brukere. diff --git a/app/content/models/user.py b/app/content/models/user.py index 57555e9f8..26e3a4b9a 100644 --- a/app/content/models/user.py +++ b/app/content/models/user.py @@ -56,7 +56,7 @@ def create_superuser(self, user_id, password): class User(AbstractBaseUser, PermissionsMixin, BaseModel, OptionalImage): - write_access = [AdminGroup.INDEX] + write_access = AdminGroup.admin() read_access = [Groups.TIHLDE] user_id = models.CharField(max_length=15, primary_key=True) @@ -161,7 +161,6 @@ def has_unanswered_evaluations_for(self, event): return self.get_unanswered_evaluations().filter(event=event).exists() def get_unanswered_evaluations(self): - from app.forms.models.forms import EventForm, EventFormType date_30_days_ago = now() - timedelta(days=30) diff --git a/app/tests/content/test_user_integration.py b/app/tests/content/test_user_integration.py index d572c2f4e..27930833c 100644 --- a/app/tests/content/test_user_integration.py +++ b/app/tests/content/test_user_integration.py @@ -182,7 +182,6 @@ def test_filter_only_users_with_active_strikes( ], ) def test_user_actions_self(url, status_code, member, api_client): - url = f"{API_USER_BASE_URL}me{url}" client = api_client(user=member) @@ -341,7 +340,7 @@ def test_update_other_user_as_hs_user(member, user, api_client): url = _get_user_detail_url(user) response = client.put(url, data) - assert response.status_code == status.HTTP_403_FORBIDDEN + assert response.status_code == status.HTTP_200_OK def test_update_other_user_as_index_user(member, user, api_client): @@ -459,7 +458,7 @@ def test_destroy_other_user_as_hs_user(member, user, api_client): url = _get_user_detail_url(user) response = client.delete(url) - assert response.status_code == status.HTTP_403_FORBIDDEN + assert response.status_code == status.HTTP_200_OK def test_destroy_other_user_as_index_user(member, user, api_client):