From 7425927e7875f5af9298405c7d5b2ea3309abef4 Mon Sep 17 00:00:00 2001 From: Raquel Smith Date: Tue, 19 Mar 2024 16:24:18 -0700 Subject: [PATCH] remove check for org feature for dashboard descriptions --- ee/api/test/test_dashboard.py | 46 +++++------------------------ posthog/api/dashboards/dashboard.py | 10 ------- 2 files changed, 8 insertions(+), 48 deletions(-) diff --git a/ee/api/test/test_dashboard.py b/ee/api/test/test_dashboard.py index 39098247d411f..8c39a17135db0 100644 --- a/ee/api/test/test_dashboard.py +++ b/ee/api/test/test_dashboard.py @@ -4,10 +4,8 @@ from rest_framework import status from ee.api.test.base import APILicensedTest -from ee.api.test.fixtures.available_product_features import AVAILABLE_PRODUCT_FEATURES from ee.models.explicit_team_membership import ExplicitTeamMembership from ee.models.license import License -from posthog.constants import AvailableFeature from posthog.models import OrganizationMembership from posthog.models.dashboard import Dashboard from posthog.models.sharing_configuration import SharingConfiguration @@ -269,7 +267,12 @@ def test_sharing_edits_limited_to_collaborators(self): self.permission_denied_response("You don't have edit permissions for this dashboard."), ) - def test_cannot_edit_dashboard_description_when_collaboration_not_available(self): + def test_can_edit_dashboard_description_when_collaboration_not_available(self): + """ + Team collaboration feature is only available on some plans, but if the feature is + not available, the user should still be able to read/write for migration purposes. + The access to the feature is blocked in the UI, so this is unlikely to be truly abused. + """ self.client.logout() self.organization.available_features = [] @@ -288,44 +291,11 @@ def test_cannot_edit_dashboard_description_when_collaboration_not_available(self name="example dashboard", ) - response = self.client.patch( - f"/api/projects/{self.team.id}/dashboards/{dashboard.id}", - { - "description": "i should not be allowed to edit this", - "name": "even though I am allowed to edit this", - }, - ) - - self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) - - dashboard.refresh_from_db() - self.assertEqual(dashboard.description, "") - self.assertEqual(dashboard.name, "example dashboard") - - def test_can_edit_dashboard_description_when_collaboration_is_available(self): - self.client.logout() - - self.organization.available_features = [AvailableFeature.TEAM_COLLABORATION] - self.organization.available_product_features = AVAILABLE_PRODUCT_FEATURES - self.organization.save() - self.team.access_control = True - self.team.save() - - user_with_collaboration = User.objects.create_and_join( - self.organization, "no-collaboration-feature@posthog.com", None - ) - self.client.force_login(user_with_collaboration) - - dashboard: Dashboard = Dashboard.objects.create( - team=self.team, - name="example dashboard", - ) - response = self.client.patch( f"/api/projects/{self.team.id}/dashboards/{dashboard.id}", { "description": "i should be allowed to edit this", - "name": "and so also to edit this", + "name": "as well as this", }, ) @@ -333,4 +303,4 @@ def test_can_edit_dashboard_description_when_collaboration_is_available(self): dashboard.refresh_from_db() self.assertEqual(dashboard.description, "i should be allowed to edit this") - self.assertEqual(dashboard.name, "and so also to edit this") + self.assertEqual(dashboard.name, "as well as this") diff --git a/posthog/api/dashboards/dashboard.py b/posthog/api/dashboards/dashboard.py index 8524ab8618b4b..100e8745b8db1 100644 --- a/posthog/api/dashboards/dashboard.py +++ b/posthog/api/dashboards/dashboard.py @@ -7,7 +7,6 @@ from django.utils.timezone import now from rest_framework import exceptions, serializers, viewsets from rest_framework.decorators import action -from rest_framework.exceptions import PermissionDenied from rest_framework.permissions import SAFE_METHODS, BasePermission from rest_framework.request import Request from rest_framework.response import Response @@ -22,14 +21,12 @@ from posthog.api.routing import TeamAndOrgViewSetMixin from posthog.api.shared import UserBasicSerializer from posthog.api.tagged_item import TaggedItemSerializerMixin, TaggedItemViewSetMixin -from posthog.constants import AvailableFeature from posthog.event_usage import report_user_action from posthog.helpers import create_dashboard_from_template from posthog.helpers.dashboard_templates import create_from_template from posthog.models import Dashboard, DashboardTile, Insight, Text from posthog.models.dashboard_templates import DashboardTemplate from posthog.models.tagged_item import TaggedItem -from posthog.models.team.team import check_is_feature_available_for_team from posthog.models.user import User from posthog.user_permissions import UserPermissionsSerializerMixin @@ -158,13 +155,6 @@ class Meta: ] read_only_fields = ["creation_mode", "effective_restriction_level", "is_shared"] - def validate_description(self, value: str) -> str: - if value and not check_is_feature_available_for_team( - self.context["team_id"], AvailableFeature.TEAM_COLLABORATION - ): - raise PermissionDenied("You must have paid for dashboard collaboration to set the dashboard description") - return value - def validate_filters(self, value) -> Dict: if not isinstance(value, dict): raise serializers.ValidationError("Filters must be a dictionary")