From 963679ac15fa7279354040f7a31478c4676f873c Mon Sep 17 00:00:00 2001
From: Hironsan <light.tree.1.13@gmail.com>
Date: Mon, 1 Mar 2021 11:54:58 +0900
Subject: [PATCH] Fix role constraint

---
 app/api/managers.py   | 6 ++++--
 app/api/views/role.py | 5 +++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/app/api/managers.py b/app/api/managers.py
index 132e1dcb..57f26ee2 100644
--- a/app/api/managers.py
+++ b/app/api/managers.py
@@ -36,7 +36,7 @@ class Seq2seqAnnotationManager(Manager):
 
 class RoleMappingManager(Manager):
 
-    def can_update(self, project, new_role_id):
+    def can_update(self, project: int, mapping_id: int, rolename: str):
         queryset = self.filter(
             project=project, role__name=settings.ROLE_PROJECT_ADMIN
         )
@@ -44,4 +44,6 @@ class RoleMappingManager(Manager):
             return True
         else:
             mapping = queryset.first()
-            return mapping.role == new_role_id
+            if mapping.id == mapping_id and rolename != settings.ROLE_PROJECT_ADMIN:
+                return False
+            return True
diff --git a/app/api/views/role.py b/app/api/views/role.py
index 9a04574c..31789df3 100644
--- a/app/api/views/role.py
+++ b/app/api/views/role.py
@@ -47,8 +47,9 @@ class RoleMappingDetail(generics.RetrieveUpdateDestroyAPIView):
 
     def perform_update(self, serializer):
         project_id = self.kwargs['project_id']
-        role_id = serializer.validated_data['role']
-        if RoleMapping.objects.can_update(project_id, role_id):
+        id = self.kwargs['rolemapping_id']
+        role = serializer.validated_data['role']
+        if RoleMapping.objects.can_update(project_id, id, role.name):
             super().perform_update(serializer)
         else:
             raise RoleConstraintException