diff --git a/taiga/projects/tasks/api.py b/taiga/projects/tasks/api.py
index ff59da5a..74fac059 100644
--- a/taiga/projects/tasks/api.py
+++ b/taiga/projects/tasks/api.py
@@ -98,7 +98,7 @@ class TaskViewSet(OCCResourceMixin, HistoryResourceMixin, WatchedResourceMixin,
if status_id:
status = get_object_or_404(TaskStatus, id=status_id)
else:
- status = project.default_us_status
+ status = project.default_task_status
tasks = services.create_tasks_in_bulk(bulk_tasks, callback=self.post_save, project=project,
user_story=user_story, owner=request.user,
diff --git a/taiga/users/api.py b/taiga/users/api.py
index 46a2dee3..e23f1d40 100644
--- a/taiga/users/api.py
+++ b/taiga/users/api.py
@@ -190,6 +190,7 @@ class UsersViewSet(ModelCrudViewSet):
def destroy(self, request, pk=None):
user = self.get_object()
+ self.check_permissions(request, "destroy", user)
user.username = slugify_uniquely("deleted-user", models.User, slugfield="username")
user.email = "deleted-user@taiga.io"
user.is_active = False
diff --git a/tests/integration/resources_permissions/test_tasks_resources.py b/tests/integration/resources_permissions/test_tasks_resources.py
index b642d7ee..9dceb222 100644
--- a/tests/integration/resources_permissions/test_tasks_resources.py
+++ b/tests/integration/resources_permissions/test_tasks_resources.py
@@ -270,6 +270,7 @@ def test_task_action_bulk_create(client, data):
"bulkTasks": "test1\ntest2",
"usId": data.public_task.user_story.pk,
"projectId": data.public_task.project.pk,
+ "sprintId": data.public_task.milestone.pk,
})
results = helper_test_http_method(client, 'post', url, bulk_data, users)
assert results == [401, 403, 403, 200, 200]
@@ -278,6 +279,7 @@ def test_task_action_bulk_create(client, data):
"bulkTasks": "test1\ntest2",
"usId": data.private_task1.user_story.pk,
"projectId": data.private_task1.project.pk,
+ "sprintId": data.private_task1.milestone.pk,
})
results = helper_test_http_method(client, 'post', url, bulk_data, users)
assert results == [401, 403, 403, 200, 200]
@@ -286,6 +288,7 @@ def test_task_action_bulk_create(client, data):
"bulkTasks": "test1\ntest2",
"usId": data.private_task2.user_story.pk,
"projectId": data.private_task2.project.pk,
+ "sprintId": data.private_task2.milestone.pk,
})
results = helper_test_http_method(client, 'post', url, bulk_data, users)
assert results == [401, 403, 403, 200, 200]
diff --git a/tests/integration/resources_permissions/test_users_resources.py b/tests/integration/resources_permissions/test_users_resources.py
index 4eb96b3b..7d5955dc 100644
--- a/tests/integration/resources_permissions/test_users_resources.py
+++ b/tests/integration/resources_permissions/test_users_resources.py
@@ -143,6 +143,13 @@ def test_user_patch(client, data):
def test_user_action_change_password(client, data):
url = reverse('users-change-password')
+ data.registered_user.set_password("test-current-password")
+ data.registered_user.save()
+ data.other_user.set_password("test-current-password")
+ data.other_user.save()
+ data.superuser.set_password("test-current-password")
+ data.superuser.save()
+
users = [
None,
data.registered_user,
@@ -150,7 +157,8 @@ def test_user_action_change_password(client, data):
data.superuser,
]
- patch_data = json.dumps({"password": "test-password"})
+
+ patch_data = json.dumps({"current_password": "test-current-password", "password": "test-password"})
results = helper_test_http_method(client, 'post', url, patch_data, users)
assert results == [401, 204, 204, 204]
@@ -189,42 +197,3 @@ def test_user_action_password_recovery(client, data):
patch_data = json.dumps({"username": "test"})
results = helper_test_http_method(client, 'post', url, patch_data, users)
assert results == [200, 200, 200, 200]
-
-# def test_membership_retrieve(client, data):
-# assert False
-#
-#
-# def test_membership_update(client, data):
-# assert False
-#
-#
-# def test_membership_delete(client, data):
-# assert False
-#
-#
-# def test_membership_list(client, data):
-# assert False
-#
-#
-# def test_membership_patch(client, data):
-# assert False
-#
-#
-# def test_invitation_retrieve(client, data):
-# assert False
-#
-#
-# def test_invitation_update(client, data):
-# assert False
-#
-#
-# def test_invitation_delete(client, data):
-# assert False
-#
-#
-# def test_invitation_list(client, data):
-# assert False
-#
-#
-# def test_invitation_patch(client, data):
-# assert False
diff --git a/tests/integration/test_mdrender.py b/tests/integration/test_mdrender.py
index 7c05db3f..a905b4c5 100644
--- a/tests/integration/test_mdrender.py
+++ b/tests/integration/test_mdrender.py
@@ -33,7 +33,7 @@ dummy_project.slug = "test"
def test_proccessor_valid_user_mention():
factories.UserFactory(username="user1", full_name="test name")
result = render(dummy_project, "**@user1**")
- expected_result = "@user1
"
+ expected_result = "@user1
"
assert result == expected_result
diff --git a/tests/integration/test_memberships.py b/tests/integration/test_memberships.py
index 2a2f5b35..123a3e66 100644
--- a/tests/integration/test_memberships.py
+++ b/tests/integration/test_memberships.py
@@ -69,6 +69,9 @@ def test_api_invite_existing_user(client, outbox):
"Should create the invitation linked to that user"
user = f.UserFactory.create()
role = f.RoleFactory.create()
+
+ client.login(role.project.owner)
+
url = reverse("memberships-list")
data = {"role": role.pk, "project": role.project.pk, "email": user.email}