diff --git a/seahub/api2/endpoints/groups.py b/seahub/api2/endpoints/groups.py index d21c784280..94222f14a5 100644 --- a/seahub/api2/endpoints/groups.py +++ b/seahub/api2/endpoints/groups.py @@ -236,6 +236,9 @@ class Groups(APIView): logger.error(e) error_msg = _(u'Internal Server Error') return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) + else: + error_msg = _('You can not transfer a group to yourself') + return api_error(status.HTTP_400_BAD_REQUEST, error_msg) else: error_msg = _(u'Operation can only be rename or transfer.') return api_error(status.HTTP_400_BAD_REQUEST, error_msg) diff --git a/tests/api/endpoints/test_groups.py b/tests/api/endpoints/test_groups.py index 66ff20411f..4812d46be1 100644 --- a/tests/api/endpoints/test_groups.py +++ b/tests/api/endpoints/test_groups.py @@ -126,6 +126,14 @@ class GroupsTest(BaseTestCase): json_resp = json.loads(resp.content) assert json_resp['creator'] == new_creator + def test_can_not_transfer_group_to_myself(self): + new_creator = self.user.email + url = reverse('api-v2.1-group', args=[self.group_id]) + data = 'operation=transfer&email=%s' % new_creator + + resp = self.client.put(url, data, 'application/x-www-form-urlencoded') + self.assertEqual(400, resp.status_code) + def test_can_delete_group(self): url = reverse('api-v2.1-group', args=[self.group_id]) resp = self.client.delete(url) diff --git a/tests/seahub/views/test_sysadmin.py b/tests/seahub/views/test_sysadmin.py index cbfd7452c7..891a9cb939 100644 --- a/tests/seahub/views/test_sysadmin.py +++ b/tests/seahub/views/test_sysadmin.py @@ -198,6 +198,8 @@ class UserInfoTest(BaseTestCase): self.admin_repo_id = r.id # set common user as staff in admin user's group + ccnet_threaded_rpc.group_add_member(self.admin_group_1_id, + self.admin.email, self.user.email) ccnet_threaded_rpc.group_set_admin(self.admin_group_1_id, self.user.email) # add common user to admin user's another group