Update role mapping constraints to prevent user from assigning already assigned user

3 years ago · 9f5dfa439f
5 changed files with 38 additions and 6 deletions
--- a/app/api/exceptions.py
+++ b/app/api/exceptions.py
@ -44,3 +44,8 @@ class LabelValidationError(APIException):
 class RoleConstraintException(APIException):
    status_code = status.HTTP_400_BAD_REQUEST
    default_detail = 'The project needs at least one administrator.'
+
+
+class RoleAlreadyAssignedException(APIException):
+    status_code = status.HTTP_400_BAD_REQUEST
+    default_detail = 'This user is already assigned to a role in this project.'
--- a/app/api/migrations/0007_auto_20210301_0302.py
+++ b/app/api/migrations/0007_auto_20210301_0302.py
@ -0,0 +1,19 @@
+# Generated by Django 3.1.6 on 2021-03-01 03:02
+
+from django.conf import settings
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('api', '0006_merge_20210221_1258'),
+    ]
+
+    operations = [
+        migrations.AlterUniqueTogether(
+            name='rolemapping',
+            unique_together={('user', 'project')},
+        ),
+    ]
--- a/app/api/models.py
+++ b/app/api/models.py
@ -308,7 +308,7 @@ class RoleMapping(models.Model):
            raise ValidationError('This user is already assigned to a role in this project.')

    class Meta:
-        unique_together = ("user", "project", "role")
+        unique_together = ("user", "project")


@receiver(post_save, sender=RoleMapping)
--- a/app/api/serializers.py
+++ b/app/api/serializers.py
@ -68,6 +68,7 @@ class CommentSerializer(serializers.ModelSerializer):
        fields = ('id', 'user', 'username', 'document', 'document_text', 'text', 'created_at', )
        read_only_fields = ('user', 'document')

+
 class DocumentSerializer(serializers.ModelSerializer):
    annotations = serializers.SerializerMethodField()
    annotation_approver = serializers.SerializerMethodField()
--- a/app/api/views/role.py
+++ b/app/api/views/role.py
@ -1,9 +1,10 @@
+from django.db import IntegrityError
 from django.shortcuts import get_object_or_404
 from rest_framework import generics, status
 from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response

-from ..exceptions import RoleConstraintException
+from ..exceptions import RoleConstraintException, RoleAlreadyAssignedException
 from ..models import Project, Role, RoleMapping
 from ..permissions import IsProjectAdmin
 from ..serializers import RoleMappingSerializer, RoleSerializer
@ -29,7 +30,10 @@ class RoleMappingList(generics.ListCreateAPIView):
        return self.project.role_mappings

    def perform_create(self, serializer):
-        serializer.save(project=self.project)
+        try:
+            serializer.save(project=self.project)
+        except IntegrityError:
+            raise RoleAlreadyAssignedException

    def delete(self, request, *args, **kwargs):
        delete_ids = request.data['ids']
@ -49,7 +53,10 @@ class RoleMappingDetail(generics.RetrieveUpdateDestroyAPIView):
        project_id = self.kwargs['project_id']
        id = self.kwargs['rolemapping_id']
        role = serializer.validated_data['role']
-        if RoleMapping.objects.can_update(project_id, id, role.name):
-            super().perform_update(serializer)
-        else:
+        if not RoleMapping.objects.can_update(project_id, id, role.name):
            raise RoleConstraintException
+        try:
+            super().perform_update(serializer)
+        except IntegrityError:
+            raise RoleAlreadyAssignedException
+