Description
Two related gaps in the Project feature:
project_edit view has no permission check — any authenticated user can edit any project- Project FK on HoldList uses
SET_NULL — deleting a project with active hold lists silently detaches them instead of blocking the deletion
Spec Sections: S10A (US-SA-079, US-SA-146)
Severity: LOW
MoSCoW: SHOULD
Xfail Test Coverage (3 tests)
| File |
Test |
Reason |
test_system_admin.py |
TestUS_SA_079::test_project_edit_restricted |
project_edit view has no permission check (US-SA-079-2) |
test_system_admin.py |
TestUS_SA_079::test_project_cannot_delete_with_active_holds |
Project FK on HoldList uses SET_NULL (US-SA-079-3) |
test_system_admin.py |
TestUS_SA_146::test_project_cannot_delete_with_active_holds |
Project FK on HoldList uses SET_NULL (US-SA-146-2) |
Branch: feature/test-reorganisation-and-functional-suite (PR #37)
Description
Two related gaps in the Project feature:
project_editview has no permission check — any authenticated user can edit any projectSET_NULL— deleting a project with active hold lists silently detaches them instead of blocking the deletionSpec Sections: S10A (US-SA-079, US-SA-146)
Severity: LOW
MoSCoW: SHOULD
Xfail Test Coverage (3 tests)
test_system_admin.pyTestUS_SA_079::test_project_edit_restrictedproject_editview has no permission check (US-SA-079-2)test_system_admin.pyTestUS_SA_079::test_project_cannot_delete_with_active_holdsSET_NULL(US-SA-079-3)test_system_admin.pyTestUS_SA_146::test_project_cannot_delete_with_active_holdsSET_NULL(US-SA-146-2)Branch:
feature/test-reorganisation-and-functional-suite(PR #37)