smokephil/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2025-12-20 13:36:45 +01:00
Code Issues Projects Releases Packages Wiki Activity

Fix: remove unnecessary permission requirements for new email endpoint (#11215)

Browse source
This commit is contained in:
shamoon 2025-10-29 07:14:51 -07:00 committed by GitHub
parent 3f32ed319a
commit b60fb8ed82
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 54 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

28
src/documents/tests/test_api_email.py
View file

@ -329,6 +329,34 @@ class TestEmail(DirectoriesMixin, SampleDirMixin, APITestCase):
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_email_only_requires_view_permission(self):
"""
GIVEN:
- User having only view documents permission
WHEN:
- API request is made to bulk email documents
THEN:
- Request succeeds
"""
user1 = User.objects.create_user(username="test1")
user1.user_permissions.add(*Permission.objects.filter(codename="view_document"))
self.client.force_authenticate(user1)
response = self.client.post(
self.ENDPOINT,
json.dumps(
{
"documents": [self.doc1.pk],
"addresses": "test@example.com",
"subject": "Test",
"message": "Test message",
},
),
content_type="application/json",
)
self.assertEqual(response.status_code, status.HTTP_200_OK)
@override_settings(
EMAIL_ENABLED=True,
EMAIL_BACKEND="django.core.mail.backends.locmem.EmailBackend",