From f0083ed0becb8d8548b7ffd8b42052dd3ac2daea Mon Sep 17 00:00:00 2001 From: "nrvikas@gmail.com" Date: Thu, 5 Mar 2020 15:35:59 +1100 Subject: [PATCH] [SDESK-5106] Cannot remove assignments --- client/actions/assignments/ui.js | 2 +- server/features/assignments_delete.feature | 17 +++++++++++++++-- server/planning/assignments/assignments.py | 18 ++++-------------- 3 files changed, 20 insertions(+), 17 deletions(-) diff --git a/client/actions/assignments/ui.js b/client/actions/assignments/ui.js index 2e2cc9f78..466593170 100644 --- a/client/actions/assignments/ui.js +++ b/client/actions/assignments/ui.js @@ -865,7 +865,7 @@ const removeAssignment = (assignment) => ( notify.error( getErrorMessage(error, 'Failed to remove the Assignment') ); - + dispatch(self.unlockAssignment(assignment)); return Promise.reject(error); }) ) diff --git a/server/features/assignments_delete.feature b/server/features/assignments_delete.feature index 91a3cd831..b437b27b3 100644 --- a/server/features/assignments_delete.feature +++ b/server/features/assignments_delete.feature @@ -53,7 +53,7 @@ Feature: Assignments Delete @auth @notification - Scenario: Cannot delete an Assignment without Assignment and Planning locks by same user + Scenario: Cannot delete an Assignment if assignment is not locked When we delete "/assignments/#assignmentId#" Then we get error 403 When we post to "/assignments/#assignmentId#/lock" @@ -61,8 +61,21 @@ Feature: Assignments Delete {"lock_action": "remove_assignment"} """ Then we get OK response + When we delete "/assignments/#assignmentId#" + Then we get OK response + When we get "/assignments/#assignmentId#" + Then we get error 404 + + @auth + @notification + Scenario: Can delete an Assignment if planning item is locked by the same user and session When we delete "/assignments/#assignmentId#" Then we get error 403 + When we post to "/assignments/#assignmentId#/lock" + """ + {"lock_action": "remove_assignment"} + """ + Then we get OK response When we post to "/planning/#planning._id#/lock" """ {"lock_action": "remove_assignment"} @@ -105,7 +118,7 @@ Feature: Assignments Delete }] """ - @auth @today + @auth Scenario: Deleting an Assignment removes the assignment id from the Archive item When we post to "/archive" """ diff --git a/server/planning/assignments/assignments.py b/server/planning/assignments/assignments.py index 80332a501..76c513853 100644 --- a/server/planning/assignments/assignments.py +++ b/server/planning/assignments/assignments.py @@ -938,21 +938,11 @@ def on_delete(self, doc): # Also make sure the Planning item is locked by this user and session planning_service = get_resource_service('planning') planning_item = planning_service.find_one(req=None, _id=doc.get('planning_item')) - planning_item_state = (planning_item or {}).get('state') - if planning_item_state != WORKFLOW_STATE.SPIKED: - if not self.is_associated_planning_or_event_locked(planning_item): - raise SuperdeskApiError.forbiddenError( - message='Lock is not obtained on the associated Planning item or Event' - ) - - # Make sure the Assignment is locked by this user and session - assignment_locked = is_locked_in_this_session(doc) - if planning_item_state in [WORKFLOW_STATE.KILLED, WORKFLOW_STATE.SPIKED] and\ - (not doc.get('lock_user') or assignment_locked): - assignment_locked = True - - if not assignment_locked: + # Make sure the Assignment is locked by this user and session unless when removing + # assignments during spiking/unposting planning items + if not is_locked_in_this_session(doc) and planning_item.get('state') not in [WORKFLOW_STATE.KILLED, + WORKFLOW_STATE.SPIKED]: raise SuperdeskApiError.forbiddenError( message='Lock is not obtained on the Assignment item' )