def test_can_remove_video(self):
user, team = self.user, self.team
# Policy: members.
team.video_policy = Team.VP_MEMBER
team.save()
for r in [ROLE_CONTRIBUTOR, ROLE_MANAGER, ROLE_ADMIN, ROLE_OWNER]:
with self.role(r):
self.assertTrue(can_remove_video(self.nonproject_video, user))
self.assertFalse(can_remove_video(self.nonproject_video,
self.outsider))
# Policy: managers.
team.video_policy = Team.VP_MANAGER
team.save()
for r in [ROLE_MANAGER, ROLE_ADMIN, ROLE_OWNER]:
with self.role(r):
self.assertTrue(can_remove_video(self.nonproject_video, user))
with self.role(ROLE_CONTRIBUTOR):
self.assertFalse(can_remove_video(self.nonproject_video, user))
self.assertFalse(can_remove_video(self.nonproject_video,
self.outsider))
# Make sure narrowings are taken into account.
with self.role(ROLE_MANAGER, self.test_project):
self.assertFalse(can_remove_video(self.nonproject_video, user))
self.assertTrue(can_remove_video(self.project_video, user))
# Policy: admins.
team.video_policy = Team.VP_ADMIN
team.save()
for r in [ROLE_ADMIN, ROLE_OWNER]:
with self.role(r):
self.assertTrue(can_remove_video(self.nonproject_video, user))
for r in [ROLE_CONTRIBUTOR, ROLE_MANAGER]:
with self.role(r):
self.assertFalse(can_remove_video(self.nonproject_video, user))
self.assertFalse(can_remove_video(self.nonproject_video,
self.outsider))
def check_update_permissions(self, serializer):
video = serializer.instance
team_video = video.get_team_video()
workflow = video.get_workflow()
if not workflow.user_can_edit_video(self.request.user):
raise PermissionDenied()
if serializer.will_remove_video_from_team():
if not team_perms.can_remove_video(team_video, self.request.user):
raise PermissionDenied()
def check_save_permissions(self, serializer):
team = serializer.validated_data.get('team')
project = serializer.validated_data.get('project')
if serializer.will_add_video_to_team():
if not team_perms.can_add_video(team, self.request.user, project):
raise PermissionDenied()
if serializer.will_remove_video_from_team():
team_video = serializer.instance.get_team_video()
if not team_perms.can_remove_video(team_video, self.request.user):
raise PermissionDenied()
def clean(self):
team_video = self.cleaned_data.get('team_video')
team = self.cleaned_data.get('team')
project = self.cleaned_data.get('project')
if not team_video or not team:
return
if project and project.team != team:
raise forms.ValidationError(
u"That project does not belong to that team.")
if team_video.team.pk == team.pk:
raise forms.ValidationError(u"That video is already in that team.")
if not can_add_video(team, self.user):
raise forms.ValidationError(u"You can't add videos to that team.")
if not can_remove_video(team_video, self.user):
raise forms.ValidationError(
u"You can't remove that video from its team.")
return self.cleaned_data