diff --git a/seahub/api2/endpoints/admin/groups.py b/seahub/api2/endpoints/admin/groups.py index d26785114f..0f9862992b 100644 --- a/seahub/api2/endpoints/admin/groups.py +++ b/seahub/api2/endpoints/admin/groups.py @@ -1,21 +1,20 @@ import logging -from django.utils.translation import ugettext as _ - from rest_framework.authentication import SessionAuthentication from rest_framework.permissions import IsAdminUser from rest_framework.response import Response from rest_framework.views import APIView from rest_framework import status +from django.utils.translation import ugettext as _ + from seaserv import seafile_api, ccnet_api from pysearpc import SearpcError from seahub.base.accounts import User from seahub.utils import is_valid_username from seahub.utils.timeutils import timestamp_to_isoformat_timestr -from seahub.group.utils import is_group_member, is_group_admin, \ - is_group_owner +from seahub.group.utils import is_group_member, is_group_admin from seahub.api2.utils import api_error from seahub.api2.throttling import UserRateThrottle @@ -103,11 +102,6 @@ class AdminGroup(APIView): error_msg = 'new_owner %s invalid.' % new_owner return api_error(status.HTTP_400_BAD_REQUEST, error_msg) - old_owner = request.data.get('old_owner', None) - if not old_owner or not is_valid_username(old_owner): - error_msg = 'old_owner %s invalid.' % old_owner - return api_error(status.HTTP_400_BAD_REQUEST, error_msg) - # recourse check group_id = int(group_id) # Checked by URL Conf group = ccnet_api.get_group(group_id) @@ -123,16 +117,8 @@ class AdminGroup(APIView): error_msg = 'User %s not found.' % new_owner return api_error(status.HTTP_404_NOT_FOUND, error_msg) + old_owner = group.creator_name if new_owner == old_owner: - error_msg = 'new_owner %s is the same as old_owner %s.' % \ - (new_owner, old_owner) - return api_error(status.HTTP_400_BAD_REQUEST, error_msg) - - if not is_group_owner(group_id, old_owner): - error_msg = _(u'User %s is not group owner.') % old_owner - return api_error(status.HTTP_400_BAD_REQUEST, error_msg) - - if is_group_owner(group_id, new_owner): error_msg = _(u'User %s is already group owner.') % new_owner return api_error(status.HTTP_400_BAD_REQUEST, error_msg) diff --git a/static/scripts/sysadmin-app/views/group.js b/static/scripts/sysadmin-app/views/group.js index f787310824..37e1b59ba4 100644 --- a/static/scripts/sysadmin-app/views/group.js +++ b/static/scripts/sysadmin-app/views/group.js @@ -93,8 +93,7 @@ define([ dataType: 'json', beforeSend: Common.prepareCSRFToken, data: { - 'new_owner': email, - 'old_owner': cur_owner + 'new_owner': email }, success: function() { $.modal.close(); diff --git a/tests/api/endpoints/admin/test_groups.py b/tests/api/endpoints/admin/test_groups.py index 686c9fa7e0..1eb4c3e2a4 100644 --- a/tests/api/endpoints/admin/test_groups.py +++ b/tests/api/endpoints/admin/test_groups.py @@ -37,7 +37,7 @@ class GroupTest(BaseTestCase): self.login_as(self.admin) url = reverse('api-v2.1-admin-group', args=[self.group_id]) - data = 'old_owner=%s&new_owner=%s' % (self.user_name, self.admin_name) + data = 'new_owner=%s' % self.admin_name resp = self.client.put(url, data, 'application/x-www-form-urlencoded') self.assertEqual(200, resp.status_code) @@ -49,7 +49,7 @@ class GroupTest(BaseTestCase): self.login_as(self.user) url = reverse('api-v2.1-admin-group', args=[self.group_id]) - data = 'old_owner=%s&new_owner=%s' % (self.user_name, self.admin_name) + data = 'new_owner=%s' % self.admin_name resp = self.client.put(url, data, 'application/x-www-form-urlencoded') self.assertEqual(403, resp.status_code) @@ -58,33 +58,15 @@ class GroupTest(BaseTestCase): self.login_as(self.admin) - # invalid old owner - url = reverse('api-v2.1-admin-group', args=[self.group_id]) - data = 'invalid_old_owner=%s&new_owner=%s' % (self.user_name, self.admin_name) - resp = self.client.put(url, data, 'application/x-www-form-urlencoded') - self.assertEqual(400, resp.status_code) - # invalid new owner url = reverse('api-v2.1-admin-group', args=[self.group_id]) - data = 'old_owner=%s&invalid_new_owner=%s' % (self.user_name, self.admin_name) - resp = self.client.put(url, data, 'application/x-www-form-urlencoded') - self.assertEqual(400, resp.status_code) - - # new_owner is the same as old_owner - url = reverse('api-v2.1-admin-group', args=[self.group_id]) - data = 'old_owner=%s&new_owner=%s' % (self.user_name, self.user_name) - resp = self.client.put(url, data, 'application/x-www-form-urlencoded') - self.assertEqual(400, resp.status_code) - - # old_owner is not group owner. - url = reverse('api-v2.1-admin-group', args=[self.group_id]) - data = 'old_owner=%s&new_owner=%s' % (self.admin_name, self.admin_name) + data = 'invalid_new_owner=%s' % self.admin_name resp = self.client.put(url, data, 'application/x-www-form-urlencoded') self.assertEqual(400, resp.status_code) # new owner not exist url = reverse('api-v2.1-admin-group', args=[self.group_id]) - data = 'old_owner=%s&new_owner=%s' % (self.user_name, 'invalid@user.com') + data = 'new_owner=invalid@email.com' resp = self.client.put(url, data, 'application/x-www-form-urlencoded') self.assertEqual(404, resp.status_code)