Merge pull request #956 from eciis/fix-delete-event

Fix delete event
eciis · Apr 3, 2018 · 5093484 · 5093484
2 parents 3876a82 + dbb4bb6
commit 5093484
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 7 deletions.
diff --git a/backend/handlers/event_handler.py b/backend/handlers/event_handler.py
@@ -45,11 +45,17 @@ def get(self, user, url_string):
 
     @json_response
     @login_required
-    @is_event_author
     def delete(self, user, key):
         """Change event state from 'published' to 'deleted'."""
         event_key = ndb.Key(urlsafe=key)
         event = event_key.get()
+
+        is_admin = user.has_permission("remove_posts", event.institution_key.urlsafe())
+        is_author = user.key == event.author_key
+
+        Utils._assert(not is_admin and not is_author,
+                      "The user can not remove this event", NotAuthorizedException)
+
         event.state = 'deleted'
         event.last_modified_by = user.key
         event.last_modified_by_name = user.name

diff --git a/backend/test/event_handler_test.py b/backend/test/event_handler_test.py
@@ -49,8 +49,8 @@ def setUp(cls):
         cls.event = mocks.create_event(cls.user, cls.institution)
 
     @patch('utils.verify_token', return_value={'email': '[email protected]'})
-    def test_delete(self, verify_token):
-        """Test the event_handler's delete method."""
+    def test_delete_by_author(self, verify_token):
+        """Test the event_handler's delete method when user is author."""
         # Call the delete method
         self.testapp.delete("/api/events/%s" %
                             self.event.key.urlsafe())
@@ -71,6 +71,32 @@ def test_delete(self, verify_token):
             self.testapp.delete("/api/events/%s" %
                                 self.event.key.urlsafe())
 
+    @patch('utils.verify_token', return_value={'email': '[email protected]'})
+    def test_delete_by_admin(self, verify_token):
+        """Test the event_handler's delete method when user is admin."""
+        # Call the delete method and assert that it raises an exception,
+        # because the user doesn't have the permission yet.
+        with self.assertRaises(Exception) as raises_context:
+            self.testapp.delete("/api/events/%s" %
+                                self.event.key.urlsafe())
+        message = self.get_message_exception(str(raises_context.exception))
+        self.assertEquals(message, "Error! The user can not remove this event")
+
+        #Add permission of admin
+        self.second_user.add_permissions(["remove_posts"], self.event.institution_key.urlsafe())
+
+        # Call the delete method
+        self.testapp.delete("/api/events/%s" %
+                            self.event.key.urlsafe())
+        # Refresh event
+        self.event = self.event.key.get()
+        # Verify if after delete the state of event is deleted
+        self.assertEqual(self.event.state, "deleted",
+                         "The state expected was deleted.")
+        # Verify if after delete the last_modified
+        self.assertEqual(self.event.last_modified_by, self.second_user.key,
+                         "The last_modified_by expected was user.")
+
     @patch('utils.verify_token', return_value={'email': '[email protected]'})
     def test_patch(self, verify_token):
         """Test the post_handler's patch method."""

diff --git a/frontend/event/eventDetailsDirective.js b/frontend/event/eventDetailsDirective.js
@@ -58,7 +58,7 @@
             }
         };
 
-        eventCtrl.canDelete = function canDelete(event) {
+        eventCtrl.canChange = function canChange(event) {
             return eventCtrl.isEventAuthor(event) || isInstitutionAdmin(event);
         };
 
@@ -150,4 +150,4 @@
             }
         };
     });
-})();
+})();
diff --git a/frontend/event/event_details.html b/frontend/event/event_details.html
@@ -33,13 +33,13 @@ <h3 md-colors="{color:'default-teal-400'}" ng-if="!eventDetailsCtrl.endInOtherMo
       </md-card-content>
       <md-card-content ng-if="eventDetailsCtrl.isEventPage" hide-xs>
         <md-card-actions layout="row">
-          <md-menu md-offset="-165 45" ng-if="eventDetailsCtrl.isEventAuthor(eventDetailsCtrl.event)">
+          <md-menu md-offset="-165 45" ng-if="eventDetailsCtrl.canChange(eventDetailsCtrl.event)">
             <md-button class="md-icon-button" title="Opções" hide-xs
             style="margin-top: 25px;" ng-click="$mdMenu.open(ev)">
               <md-icon style="color: white;">more_vert</md-icon>
             </md-button>
             <md-menu-content>
-              <md-menu-item>
+              <md-menu-item ng-if="eventCtrl.canEdit(eventDetailsCtrl.event)">
                 <md-button ng-click="eventDetailsCtrl.editEvent($event, eventDetailsCtrl.event)">
                   <md-icon>edit</md-icon>
                   Editar evento
-Original file line number
+Diff line change
@@ Expand Up / @@ -58,7 +58,7 @@ @@
                 }
             };
-            eventCtrl.canDelete = function canDelete(event) {
+            eventCtrl.canChange = function canChange(event) {
                 return eventCtrl.isEventAuthor(event) || isInstitutionAdmin(event);
             };
@@ Expand Down Expand Up / @@ -150,4 +150,4 @@ @@
                 }
             };
         });
-    })();
+    })();