Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Order of any kind should not be deleted except by admin #6573

Merged
merged 4 commits into from Dec 24, 2019
Merged

fix: Order of any kind should not be deleted except by admin #6573

merged 4 commits into from Dec 24, 2019

Conversation

prateekj117
Copy link
Member

Fixes #6567

Short description of what this resolves:

An Order cannot be deleted.

Checklist

  • I have read the Contribution & Best practices Guide and my PR follows them.
  • My branch is up-to-date with the Upstream development branch.
  • The unit tests pass locally with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)
  • All the functions created/modified in this PR contain relevant docstrings.

@codecov
Copy link

codecov bot commented Nov 4, 2019
edited

Codecov Report

❗ No coverage uploaded for pull request base (development@d19294b). Click here to learn what that means.
The diff coverage is 100%.

Impacted file tree graph

@@              Coverage Diff               @@
##             development    #6573   +/-   ##
==============================================
  Coverage               ?   65.44%           
==============================================
  Files                  ?      300           
  Lines                  ?    15297           
  Branches               ?        0           
==============================================
  Hits                   ?    10011           
  Misses                 ?     5286           
  Partials               ?        0
Impacted Files Coverage Δ
app/api/orders.py 26.9% <100%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d19294b...14c935f. Read the comment docs.

iamareebjamal
iamareebjamal reviewed Nov 4, 2019
View reviewed changes
app/api/orders.py Outdated Show resolved Hide resolved
@prateekj117
Copy link
Member Author

@iamareebjamal Please review.

@fossasia fossasia deleted a comment Nov 5, 2019
@prateekj117
Copy link
Member Author

@iamareebjamal Please review this.

@iamareebjamal
Copy link
Member

This can only be finalized when frontend roles are checked to have no discrepancies. So, for now, create a PR allowing only admin to delete the orders

@prateekj117
Copy link
Member Author

@iamareebjamal Please review.

iamareebjamal
iamareebjamal reviewed Nov 18, 2019
View reviewed changes
app/api/orders.py Outdated Show resolved Hide resolved
@prateekj117
Copy link
Member Author

@iamareebjamal Done.

iamareebjamal
iamareebjamal reviewed Nov 18, 2019
View reviewed changes
app/api/orders.py Outdated Show resolved Hide resolved
iamareebjamal
iamareebjamal reviewed Nov 18, 2019
View reviewed changes
app/api/orders.py Outdated Show resolved Hide resolved
iamareebjamal
iamareebjamal reviewed Nov 20, 2019
View reviewed changes
app/api/orders.py
@@ -438,8 +434,7 @@ def after_update_object(self, order, data, view_kwargs):
order.event.name, order.identifier)

# This is to ensure that the permissions manager runs and hence changes the kwarg from order identifier to id.
decorators = (jwt_required, api.has_permission(
'auth_required', methods="PATCH,DELETE", model=Order),)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You've now removed the option of patching orders

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@iamareebjamal Nopes. Tested.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested what? Can a user PATCH an order created by itself and only itself?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@iamareebjamal Yes.

open-event-server/app/api/orders.py

Line 324 in 931127b

if (not has_access('is_coorganizer', event_id=order.event_id)) and (not current_user.id == order.user_id):

@iamareebjamal iamareebjamal changed the title fix: Order of any kind should not be deleted fix: Order of any kind should not be deleted except by admin Nov 20, 2019
@auto-label auto-label bot added the fix label Nov 20, 2019
@iamareebjamal
Copy link
Member

@kushthedude Please review

@kushthedude
Copy link
Member

@kushthedude Please review

Can admin still delete orders ?

@iamareebjamal
Copy link
Member

Yes, please see the code in File changes

@iamareebjamal
Copy link
Member

@kushthedude Ping

@iamareebjamal iamareebjamal merged commit f27e08d into fossasia:development Dec 24, 2019
@codedsun codedsun mentioned this pull request Dec 31, 2019
Closed
iamareebjamal added a commit that referenced this pull request Dec 31, 2019
@iamareebjamal
Revert "fix: Order of any kind should not be deleted except by admin (#…
66ae529 
…6573)"

This reverts commit f27e08d.
@iamareebjamal iamareebjamal mentioned this pull request Dec 31, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iamareebjamal iamareebjamal iamareebjamal approved these changes

Assignees
No one assigned
Labels
fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Remove functionality of deleting an order
3 participants
@prateekj117 @iamareebjamal @kushthedude