fix: Non-admin users cannot link a feature to a GH Issue/PR (#4336)

Flagsmith · Jul 16, 2024 · 56e6390 · 56e6390
1 parent 057ec13
commit 56e6390
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 2 deletions.
diff --git a/api/organisations/permissions/permissions.py b/api/organisations/permissions/permissions.py
@@ -8,6 +8,7 @@
 from rest_framework.exceptions import PermissionDenied, ValidationError
 from rest_framework.permissions import BasePermission, IsAuthenticated
 from rest_framework.request import Request
+from rest_framework.viewsets import GenericViewSet
 
 from organisations.models import Organisation
 from users.models import FFAdminUser
@@ -189,18 +190,22 @@ def has_object_permission(self, request, view, obj):
 
 
 class GithubIsAdminOrganisation(NestedIsOrganisationAdminPermission):
- def has_permission(self, request, view):
+ def has_permission(self, request: Request, view: GenericViewSet) -> bool:
  organisation_pk = view.kwargs.get("organisation_pk")
 
  with suppress(ObjectDoesNotExist):
+ if hasattr(view, "action") and view.action == "list":
+ return True
  if isinstance(request.user, FFAdminUser):
  return request.user.is_organisation_admin(
  Organisation.objects.get(pk=organisation_pk)
  )
  else:
  return request.user.is_master_api_key_user
 
- def has_object_permission(self, request, view, obj):
+ def has_object_permission(
+ self, request: Request, view: GenericViewSet, obj
+ ) -> bool:
  organisation_pk = view.kwargs.get("organisation_pk")
  if isinstance(request.user, FFAdminUser):
  return request.user.is_organisation_admin(

diff --git a/api/tests/unit/integrations/github/test_unit_github_views.py b/api/tests/unit/integrations/github/test_unit_github_views.py
@@ -54,6 +54,25 @@ def test_get_github_configuration(
  assert response.status_code == status.HTTP_200_OK
 
 
+def test_non_admin_user_get_github_configuration(
+ staff_client: APIClient,
+ organisation: Organisation,
+ github_configuration: GithubConfiguration,
+) -> None:
+ # Given
+ url = reverse(
+ "api-v1:organisations:integrations-github-list",
+ kwargs={"organisation_pk": organisation.id},
+ )
+ # When
+ response = staff_client.get(url)
+ # Then
+ github_configuration_res = response.json()["results"][0]
+ assert response.status_code == status.HTTP_200_OK
+ assert github_configuration_res["installation_id"] == "1234567"
+ assert github_configuration_res["id"] == 1
+
+
 def test_create_github_configuration(
  admin_client_new: APIClient,
  organisation: Organisation,