Skip to content

Commit

Permalink
remove check for org feature for dashboard descriptions
Browse files Browse the repository at this point in the history
  • Loading branch information
raquelmsmith committed Mar 19, 2024
1 parent c70fc7b commit 7425927
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 48 deletions.
46 changes: 8 additions & 38 deletions ee/api/test/test_dashboard.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,8 @@
from rest_framework import status

from ee.api.test.base import APILicensedTest
from ee.api.test.fixtures.available_product_features import AVAILABLE_PRODUCT_FEATURES
from ee.models.explicit_team_membership import ExplicitTeamMembership
from ee.models.license import License
from posthog.constants import AvailableFeature
from posthog.models import OrganizationMembership
from posthog.models.dashboard import Dashboard
from posthog.models.sharing_configuration import SharingConfiguration
Expand Down Expand Up @@ -269,7 +267,12 @@ def test_sharing_edits_limited_to_collaborators(self):
self.permission_denied_response("You don't have edit permissions for this dashboard."),
)

def test_cannot_edit_dashboard_description_when_collaboration_not_available(self):
def test_can_edit_dashboard_description_when_collaboration_not_available(self):
"""
Team collaboration feature is only available on some plans, but if the feature is
not available, the user should still be able to read/write for migration purposes.
The access to the feature is blocked in the UI, so this is unlikely to be truly abused.
"""
self.client.logout()

self.organization.available_features = []
Expand All @@ -288,49 +291,16 @@ def test_cannot_edit_dashboard_description_when_collaboration_not_available(self
name="example dashboard",
)

response = self.client.patch(
f"/api/projects/{self.team.id}/dashboards/{dashboard.id}",
{
"description": "i should not be allowed to edit this",
"name": "even though I am allowed to edit this",
},
)

self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)

dashboard.refresh_from_db()
self.assertEqual(dashboard.description, "")
self.assertEqual(dashboard.name, "example dashboard")

def test_can_edit_dashboard_description_when_collaboration_is_available(self):
self.client.logout()

self.organization.available_features = [AvailableFeature.TEAM_COLLABORATION]
self.organization.available_product_features = AVAILABLE_PRODUCT_FEATURES
self.organization.save()
self.team.access_control = True
self.team.save()

user_with_collaboration = User.objects.create_and_join(
self.organization, "[email protected]", None
)
self.client.force_login(user_with_collaboration)

dashboard: Dashboard = Dashboard.objects.create(
team=self.team,
name="example dashboard",
)

response = self.client.patch(
f"/api/projects/{self.team.id}/dashboards/{dashboard.id}",
{
"description": "i should be allowed to edit this",
"name": "and so also to edit this",
"name": "as well as this",
},
)

self.assertEqual(response.status_code, status.HTTP_200_OK)

dashboard.refresh_from_db()
self.assertEqual(dashboard.description, "i should be allowed to edit this")
self.assertEqual(dashboard.name, "and so also to edit this")
self.assertEqual(dashboard.name, "as well as this")
10 changes: 0 additions & 10 deletions posthog/api/dashboards/dashboard.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@
from django.utils.timezone import now
from rest_framework import exceptions, serializers, viewsets
from rest_framework.decorators import action
from rest_framework.exceptions import PermissionDenied
from rest_framework.permissions import SAFE_METHODS, BasePermission
from rest_framework.request import Request
from rest_framework.response import Response
Expand All @@ -22,14 +21,12 @@
from posthog.api.routing import TeamAndOrgViewSetMixin
from posthog.api.shared import UserBasicSerializer
from posthog.api.tagged_item import TaggedItemSerializerMixin, TaggedItemViewSetMixin
from posthog.constants import AvailableFeature
from posthog.event_usage import report_user_action
from posthog.helpers import create_dashboard_from_template
from posthog.helpers.dashboard_templates import create_from_template
from posthog.models import Dashboard, DashboardTile, Insight, Text
from posthog.models.dashboard_templates import DashboardTemplate
from posthog.models.tagged_item import TaggedItem
from posthog.models.team.team import check_is_feature_available_for_team
from posthog.models.user import User
from posthog.user_permissions import UserPermissionsSerializerMixin

Expand Down Expand Up @@ -158,13 +155,6 @@ class Meta:
]
read_only_fields = ["creation_mode", "effective_restriction_level", "is_shared"]

def validate_description(self, value: str) -> str:
if value and not check_is_feature_available_for_team(
self.context["team_id"], AvailableFeature.TEAM_COLLABORATION
):
raise PermissionDenied("You must have paid for dashboard collaboration to set the dashboard description")
return value

def validate_filters(self, value) -> Dict:
if not isinstance(value, dict):
raise serializers.ValidationError("Filters must be a dictionary")
Expand Down

0 comments on commit 7425927

Please sign in to comment.