Fix: feature owners

novakzaballa · novakzaballa · commit d2ff80e79ebb · 2023-09-11T16:57:45.000-04:00
diff --git a/api/features/multivariate/views.py b/api/features/multivariate/views.py
@@ -1,7 +1,6 @@
 from drf_yasg.utils import swagger_auto_schema
 from rest_framework import status, viewsets
 from rest_framework.decorators import api_view
-from rest_framework.exceptions import PermissionDenied
 from rest_framework.generics import get_object_or_404
 from rest_framework.response import Response
 
@@ -36,9 +35,7 @@ def get_permissions(self):
 
     def create(self, request, *args, **kwargs):
         feature_pk = self.kwargs.get("feature_pk")
-        feature = get_object_or_404(Feature, pk=feature_pk)
-        if request.user not in feature.owners.all():
-            raise PermissionDenied("You do not have permission to perform this action.")
+        get_object_or_404(Feature, pk=feature_pk)
 
         serializer = self.get_serializer(data=request.data)
         if serializer.is_valid():
diff --git a/api/tests/integration/features/multivariate/test_integration_multivariate.py b/api/tests/integration/features/multivariate/test_integration_multivariate.py
@@ -4,10 +4,12 @@
 from django.urls import reverse
 from pytest_lazyfixture import lazy_fixture
 from rest_framework import status
+from rest_framework.test import APIClient
 
 from features.models import Feature
 from organisations.models import Organisation
 from projects.models import Project
+from users.models import FFAdminUser
 
 
 @pytest.mark.parametrize(
@@ -68,12 +70,9 @@ def test_cannot_create_mv_option_when_feature_id_invalid(client, feature_id, pro
     assert response.status_code == status.HTTP_404_NOT_FOUND
 
 
-@pytest.mark.parametrize(
-    "client",
-    [lazy_fixture("admin_client")],
-)
-def test_cannot_create_mv_option_when_user_is_not_owner_of_the_feature(client, project):
+def test_cannot_create_mv_option_when_user_is_not_owner_of_the_feature(project):
     # Given
+    new_user = FFAdminUser.objects.create(email="testuser@mail.com")
     organisation = Organisation.objects.create(name="Test Org")
     new_project = Project.objects.create(name="Test project", organisation=organisation)
     feature = Feature.objects.create(
@@ -91,6 +90,8 @@ def test_cannot_create_mv_option_when_user_is_not_owner_of_the_feature(client, p
         "string_value": "bigger",
         "default_percentage_allocation": 50,
     }
+    client = APIClient()
+    client.force_authenticate(user=new_user)
     # When
     response = client.post(
         url,
