Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| f4670cd1c5 |
@@ -10,6 +10,10 @@ and this project adheres to
|
||||
|
||||
- 💄(frontend) improve comments highlights #1961
|
||||
|
||||
### Fixed
|
||||
|
||||
- 🐛(backend) create_for_owner: add accesses before saving doc content #2124
|
||||
|
||||
## [v4.8.3] - 2026-03-23
|
||||
|
||||
### Changed
|
||||
|
||||
@@ -507,7 +507,6 @@ class ServerCreateDocumentSerializer(serializers.Serializer):
|
||||
|
||||
document = models.Document.add_root(
|
||||
title=validated_data["title"],
|
||||
content=document_content,
|
||||
creator=user,
|
||||
)
|
||||
|
||||
@@ -526,6 +525,9 @@ class ServerCreateDocumentSerializer(serializers.Serializer):
|
||||
role=models.RoleChoices.OWNER,
|
||||
)
|
||||
|
||||
document.content = document_content
|
||||
document.save()
|
||||
|
||||
self._send_email_notification(document, validated_data, email, language)
|
||||
return document
|
||||
|
||||
|
||||
@@ -594,6 +594,43 @@ def test_api_documents_create_for_owner_with_converter_exception(
|
||||
assert response.json() == {"content": ["Could not convert content"]}
|
||||
|
||||
|
||||
@override_settings(SERVER_TO_SERVER_API_TOKENS=["DummyToken"])
|
||||
def test_api_documents_create_for_owner_access_before_content():
|
||||
"""
|
||||
Accesses must exist before content is saved to object storage so the owner
|
||||
has access to the very first version of the document.
|
||||
"""
|
||||
user = factories.UserFactory()
|
||||
accesses_at_save_time = []
|
||||
|
||||
original_save_content = Document.save_content
|
||||
|
||||
def capturing_save_content(self, content):
|
||||
accesses_at_save_time.extend(
|
||||
list(self.accesses.values_list("user__sub", "role"))
|
||||
)
|
||||
return original_save_content(self, content)
|
||||
|
||||
data = {
|
||||
"title": "My Document",
|
||||
"content": "Document content",
|
||||
"sub": str(user.sub),
|
||||
"email": user.email,
|
||||
}
|
||||
|
||||
with patch.object(Document, "save_content", capturing_save_content):
|
||||
response = APIClient().post(
|
||||
"/api/v1.0/documents/create-for-owner/",
|
||||
data,
|
||||
format="json",
|
||||
HTTP_AUTHORIZATION="Bearer DummyToken",
|
||||
)
|
||||
|
||||
assert response.status_code == 201
|
||||
# The owner access must already exist when save_content is called
|
||||
assert (str(user.sub), "owner") in accesses_at_save_time
|
||||
|
||||
|
||||
@override_settings(SERVER_TO_SERVER_API_TOKENS=["DummyToken"])
|
||||
def test_api_documents_create_for_owner_with_empty_content():
|
||||
"""The content should not be empty or a 400 error should be raised."""
|
||||
|
||||
Reference in New Issue
Block a user