diff --git a/taiga/projects/history/api.py b/taiga/projects/history/api.py index 622946ae..ad011af9 100644 --- a/taiga/projects/history/api.py +++ b/taiga/projects/history/api.py @@ -59,11 +59,11 @@ class HistoryViewSet(ReadOnlyListViewSet): @detail_route(methods=['post']) def delete_comment(self, request, pk): obj = self.get_object() - self.check_permissions(request, 'delete_comment', obj) - comment_id = request.QUERY_PARAMS.get('id', None) comment = services.get_history_queryset_by_model_instance(obj).filter(id=comment_id).first() + self.check_permissions(request, 'delete_comment', comment) + if comment is None: return Response(status=status.HTTP_404_NOT_FOUND) @@ -71,18 +71,18 @@ class HistoryViewSet(ReadOnlyListViewSet): return Response({"error": "Comment already deleted"}, status=status.HTTP_400_BAD_REQUEST) comment.delete_comment_date = timezone.now() - comment.delete_comment_user = request.user + comment.delete_comment_user = {"pk": request.user.pk, "name": request.user.get_full_name()} comment.save() return Response(status=status.HTTP_200_OK) @detail_route(methods=['post']) def undelete_comment(self, request, pk): obj = self.get_object() - self.check_permissions(request, 'undelete_comment', obj) - comment_id = request.QUERY_PARAMS.get('id', None) comment = services.get_history_queryset_by_model_instance(obj).filter(id=comment_id).first() + self.check_permissions(request, 'undelete_comment', comment) + if comment is None: return Response(status=status.HTTP_404_NOT_FOUND) diff --git a/taiga/projects/history/migrations/0003_auto_20140917_1405.py b/taiga/projects/history/migrations/0003_auto_20140917_1405.py new file mode 100644 index 00000000..bb4378fa --- /dev/null +++ b/taiga/projects/history/migrations/0003_auto_20140917_1405.py @@ -0,0 +1,44 @@ +# -*- coding: utf-8 -*- +from __future__ import unicode_literals + +from django.db import models, migrations +from django.conf import settings +import django_pgjson.fields + +def change_fk_with_tuple_pk_and_name(apps, schema_editor): + HistoryEntry = apps.get_model("history", "HistoryEntry") + + for item in HistoryEntry.objects.all(): + if item.delete_comment_user_old: + item.delete_comment_user = {"pk": item.delete_comment_user_old.pk, "name": item.delete_comment_user_old.name} + else: + item.delete_comment_user = None + item.save() + +class Migration(migrations.Migration): + + dependencies = [ + migrations.swappable_dependency(settings.AUTH_USER_MODEL), + ('history', '0002_auto_20140916_0936'), + ] + + operations = [ + migrations.RenameField( + model_name='historyentry', + old_name='delete_comment_user', + new_name='delete_comment_user_old', + ), + migrations.AddField( + model_name='historyentry', + name='delete_comment_user', + field=django_pgjson.fields.JsonField(null=True, blank=True, default=None), + preserve_default=True, + ), + + migrations.RunPython(change_fk_with_tuple_pk_and_name), + + migrations.RemoveField( + model_name='historyentry', + name='delete_comment_user_old', + ), + ] diff --git a/taiga/projects/history/models.py b/taiga/projects/history/models.py index a6ae8b15..40cb5448 100644 --- a/taiga/projects/history/models.py +++ b/taiga/projects/history/models.py @@ -66,8 +66,7 @@ class HistoryEntry(models.Model): comment_html = models.TextField(blank=True) delete_comment_date = models.DateTimeField(null=True, blank=True, default=None) - delete_comment_user = models.ForeignKey(settings.AUTH_USER_MODEL, null=True, blank=True, default=None, - related_name="deleted_comments") + delete_comment_user = JsonField(blank=True, default=None, null=True) @cached_property def is_comment(self): diff --git a/taiga/projects/history/permissions.py b/taiga/projects/history/permissions.py index d81cbbe8..6b97d078 100644 --- a/taiga/projects/history/permissions.py +++ b/taiga/projects/history/permissions.py @@ -21,28 +21,32 @@ from taiga.base.api.permissions import (TaigaResourcePermission, HasProjectPerm, class IsCommentDeleter(PermissionComponent): def check_permissions(self, request, view, obj=None): - return obj.delete_comment_user == request.user + return obj.delete_comment_user and obj.delete_comment_user.get("pk", "not-pk") == request.user.pk + +class IsCommentOwner(PermissionComponent): + def check_permissions(self, request, view, obj=None): + return obj.user and obj.user.get("pk", "not-pk") == request.user.pk class UserStoryHistoryPermission(TaigaResourcePermission): retrieve_perms = HasProjectPerm('view_project') - delete_comment_perms = IsProjectOwner() | IsObjectOwner() + delete_comment_perms = IsProjectOwner() | IsCommentOwner() undelete_comment_perms = IsProjectOwner() | IsCommentDeleter() class TaskHistoryPermission(TaigaResourcePermission): retrieve_perms = HasProjectPerm('view_project') - delete_comment_perms = IsProjectOwner() | IsObjectOwner() + delete_comment_perms = IsProjectOwner() | IsCommentOwner() undelete_comment_perms = IsProjectOwner() | IsCommentDeleter() class IssueHistoryPermission(TaigaResourcePermission): retrieve_perms = HasProjectPerm('view_project') - delete_comment_perms = IsProjectOwner() | IsObjectOwner() + delete_comment_perms = IsProjectOwner() | IsCommentOwner() undelete_comment_perms = IsProjectOwner() | IsCommentDeleter() class WikiHistoryPermission(TaigaResourcePermission): retrieve_perms = HasProjectPerm('view_project') - delete_comment_perms = IsProjectOwner() | IsObjectOwner() + delete_comment_perms = IsProjectOwner() | IsCommentOwner() undelete_comment_perms = IsProjectOwner() | IsCommentDeleter() diff --git a/taiga/projects/history/serializers.py b/taiga/projects/history/serializers.py index 07fb84cd..8f7a62c0 100644 --- a/taiga/projects/history/serializers.py +++ b/taiga/projects/history/serializers.py @@ -26,6 +26,7 @@ class HistoryEntrySerializer(serializers.ModelSerializer): values = JsonField() values_diff = JsonField() user = JsonField() + delete_comment_user = JsonField() class Meta: model = models.HistoryEntry