Fix role constraint

4 years ago · 963679ac15
2 changed files with 7 additions and 4 deletions
--- a/app/api/managers.py
+++ b/app/api/managers.py
@ -36,7 +36,7 @@ class Seq2seqAnnotationManager(Manager):

 class RoleMappingManager(Manager):

-    def can_update(self, project, new_role_id):
+    def can_update(self, project: int, mapping_id: int, rolename: str):
        queryset = self.filter(
            project=project, role__name=settings.ROLE_PROJECT_ADMIN
        )
@ -44,4 +44,6 @@ class RoleMappingManager(Manager):
            return True
        else:
            mapping = queryset.first()
-            return mapping.role == new_role_id
+            if mapping.id == mapping_id and rolename != settings.ROLE_PROJECT_ADMIN:
+                return False
+            return True
--- a/app/api/views/role.py
+++ b/app/api/views/role.py
@ -47,8 +47,9 @@ class RoleMappingDetail(generics.RetrieveUpdateDestroyAPIView):

    def perform_update(self, serializer):
        project_id = self.kwargs['project_id']
-        role_id = serializer.validated_data['role']
-        if RoleMapping.objects.can_update(project_id, role_id):
+        id = self.kwargs['rolemapping_id']
+        role = serializer.validated_data['role']
+        if RoleMapping.objects.can_update(project_id, id, role.name):
            super().perform_update(serializer)
        else:
            raise RoleConstraintException