binarybeach/bb-plane-fork
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[WEB-2043] chore: updated permissions for delete operation (#5231)

Browse source 
* chore: added permission for delete operation

* chore: added permission for external apis

* chore: condition changes

* chore: minor changes
This commit is contained in:
Bavisetti Narayan 2024-07-26 16:42:51 +05:30 committed by GitHub
parent dfcba4dfc1
commit 2c609670c8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
11 changed files with 197 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

14
apiserver/plane/app/views/page/base.py
View file

@ -333,6 +333,20 @@ class PageViewSet(BaseViewSet):
pk=pk, workspace__slug=slug, projects__id=project_id
)
if not page.owned_by_id != request.user.id and not (
ProjectMember.objects.filter(
workspace__slug=slug,
member=request.user,
role=20,
project_id=project_id,
is_active=True,
).exists()
):
return Response(
{"error": "Only admin or owner can delete the page"},
status=status.HTTP_403_FORBIDDEN,
)
# only the owner and admin can delete the page
if (
ProjectMember.objects.filter(