Fix history on delete comments

taiga/projects/history/api.py

@@ -59,11 +59,11 @@ class HistoryViewSet(ReadOnlyListViewSet):
     @detail_route(methods=['post'])
     def delete_comment(self, request, pk):
         obj = self.get_object()
-        self.check_permissions(request, 'delete_comment', obj)
-
         comment_id = request.QUERY_PARAMS.get('id', None)
         comment = services.get_history_queryset_by_model_instance(obj).filter(id=comment_id).first()
 
+        self.check_permissions(request, 'delete_comment', comment)
+
         if comment is None:
             return Response(status=status.HTTP_404_NOT_FOUND)
 
@@ -71,18 +71,18 @@ class HistoryViewSet(ReadOnlyListViewSet):
             return Response({"error": "Comment already deleted"}, status=status.HTTP_400_BAD_REQUEST)
 
         comment.delete_comment_date = timezone.now()
-        comment.delete_comment_user = request.user
+        comment.delete_comment_user = {"pk": request.user.pk, "name": request.user.get_full_name()}
         comment.save()
         return Response(status=status.HTTP_200_OK)
 
     @detail_route(methods=['post'])
     def undelete_comment(self, request, pk):
         obj = self.get_object()
-        self.check_permissions(request, 'undelete_comment', obj)
-
         comment_id = request.QUERY_PARAMS.get('id', None)
         comment = services.get_history_queryset_by_model_instance(obj).filter(id=comment_id).first()
 
+        self.check_permissions(request, 'undelete_comment', comment)
+
         if comment is None:
             return Response(status=status.HTTP_404_NOT_FOUND)
 

taiga/projects/history/migrations/0003_auto_20140917_1405.py

@@ -0,0 +1,44 @@
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.db import models, migrations
+from django.conf import settings
+import django_pgjson.fields
+
+def change_fk_with_tuple_pk_and_name(apps, schema_editor):
+    HistoryEntry = apps.get_model("history", "HistoryEntry")
+
+    for item in HistoryEntry.objects.all():
+        if item.delete_comment_user_old:
+            item.delete_comment_user = {"pk": item.delete_comment_user_old.pk, "name": item.delete_comment_user_old.name}
+        else:
+            item.delete_comment_user = None
+        item.save()
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('history', '0002_auto_20140916_0936'),
+    ]
+
+    operations = [
+        migrations.RenameField(
+            model_name='historyentry',
+            old_name='delete_comment_user',
+            new_name='delete_comment_user_old',
+        ),
+        migrations.AddField(
+            model_name='historyentry',
+            name='delete_comment_user',
+            field=django_pgjson.fields.JsonField(null=True, blank=True, default=None),
+            preserve_default=True,
+        ),
+
+        migrations.RunPython(change_fk_with_tuple_pk_and_name),
+
+        migrations.RemoveField(
+            model_name='historyentry',
+            name='delete_comment_user_old',
+        ),
+    ]

taiga/projects/history/models.py

@@ -66,8 +66,7 @@ class HistoryEntry(models.Model):
     comment_html = models.TextField(blank=True)
 
     delete_comment_date = models.DateTimeField(null=True, blank=True, default=None)
-    delete_comment_user = models.ForeignKey(settings.AUTH_USER_MODEL, null=True, blank=True, default=None,
+    delete_comment_user = JsonField(blank=True, default=None, null=True)
-                             related_name="deleted_comments")
 
     @cached_property
     def is_comment(self):

taiga/projects/history/permissions.py

@@ -21,28 +21,32 @@ from taiga.base.api.permissions import (TaigaResourcePermission, HasProjectPerm,
 
 class IsCommentDeleter(PermissionComponent):
     def check_permissions(self, request, view, obj=None):
-        return obj.delete_comment_user == request.user
+        return obj.delete_comment_user and obj.delete_comment_user.get("pk", "not-pk") == request.user.pk
+
+class IsCommentOwner(PermissionComponent):
+    def check_permissions(self, request, view, obj=None):
+        return obj.user and obj.user.get("pk", "not-pk") == request.user.pk
 
 
 class UserStoryHistoryPermission(TaigaResourcePermission):
     retrieve_perms = HasProjectPerm('view_project')
-    delete_comment_perms = IsProjectOwner() | IsObjectOwner()
+    delete_comment_perms = IsProjectOwner() | IsCommentOwner()
     undelete_comment_perms = IsProjectOwner() | IsCommentDeleter()
 
 
 class TaskHistoryPermission(TaigaResourcePermission):
     retrieve_perms = HasProjectPerm('view_project')
-    delete_comment_perms = IsProjectOwner() | IsObjectOwner()
+    delete_comment_perms = IsProjectOwner() | IsCommentOwner()
     undelete_comment_perms = IsProjectOwner() | IsCommentDeleter()
 
 
 class IssueHistoryPermission(TaigaResourcePermission):
     retrieve_perms = HasProjectPerm('view_project')
-    delete_comment_perms = IsProjectOwner() | IsObjectOwner()
+    delete_comment_perms = IsProjectOwner() | IsCommentOwner()
     undelete_comment_perms = IsProjectOwner() | IsCommentDeleter()
 
 
 class WikiHistoryPermission(TaigaResourcePermission):
     retrieve_perms = HasProjectPerm('view_project')
-    delete_comment_perms = IsProjectOwner() | IsObjectOwner()
+    delete_comment_perms = IsProjectOwner() | IsCommentOwner()
     undelete_comment_perms = IsProjectOwner() | IsCommentDeleter()

taiga/projects/history/serializers.py

@@ -26,6 +26,7 @@ class HistoryEntrySerializer(serializers.ModelSerializer):
     values = JsonField()
     values_diff = JsonField()
     user = JsonField()
+    delete_comment_user = JsonField()
 
     class Meta:
         model = models.HistoryEntry