diff --git a/hc/accounts/tests/test_project.py b/hc/accounts/tests/test_project.py index 97f16c5c..5b3da446 100644 --- a/hc/accounts/tests/test_project.py +++ b/hc/accounts/tests/test_project.py @@ -93,6 +93,17 @@ class ProfileTestCase(BaseTestCase): self.bobs_profile.refresh_from_db() self.assertEqual(self.bobs_profile.current_project, None) + def test_it_checks_membership_when_removing_team_member(self): + self.client.login(username="charlie@example.org", password="password") + + url = "/projects/%s/settings/" % self.charlies_project.code + form = {"remove_team_member": "1", "email": "alice@example.org"} + r = self.client.post(url, form) + self.assertEqual(r.status_code, 400) + + self.profile.refresh_from_db() + self.assertIsNotNone(self.profile.current_project) + def test_it_sets_project_name(self): self.client.login(username="alice@example.org", password="password") diff --git a/hc/accounts/views.py b/hc/accounts/views.py index 4c4a1a2f..49b74f4e 100644 --- a/hc/accounts/views.py +++ b/hc/accounts/views.py @@ -283,16 +283,20 @@ def project(request, code): elif "remove_team_member" in request.POST: form = RemoveTeamMemberForm(request.POST) if form.is_valid(): + q = User.objects + q = q.filter(email=form.cleaned_data["email"]) + q = q.filter(memberships__project=project) + farewell_user = q.first() + if farewell_user is None: + return HttpResponseBadRequest() - email = form.cleaned_data["email"] - farewell_user = User.objects.get(email=email) farewell_user.profile.current_project = None farewell_user.profile.save() Member.objects.filter(project=project, user=farewell_user).delete() - ctx["team_member_removed"] = email + ctx["team_member_removed"] = form.cleaned_data["email"] ctx["team_status"] = "info" elif "set_project_name" in request.POST: form = ProjectNameForm(request.POST)