diff --git a/apiserver/plane/api/serializers/issue.py b/apiserver/plane/api/serializers/issue.py index 275ebeb0760..82969efe7e0 100644 --- a/apiserver/plane/api/serializers/issue.py +++ b/apiserver/plane/api/serializers/issue.py @@ -80,6 +80,7 @@ def validate(self, data): data["assignees"] = ProjectMember.objects.filter( project_id=self.context.get("project_id"), is_active=True, + role__gte=15, member_id__in=data["assignees"], ).values_list("member_id", flat=True) @@ -158,8 +159,13 @@ def create(self, validated_data): pass else: try: - # Then assign it to default assignee - if default_assignee_id is not None: + # Then assign it to default assignee, if it is a valid assignee + if default_assignee_id is not None and ProjectMember.objects.filter( + member_id=default_assignee_id, + project_id=project_id, + role__gte=15, + is_active=True + ).exists(): IssueAssignee.objects.create( assignee_id=default_assignee_id, issue=issue, diff --git a/apiserver/plane/app/serializers/issue.py b/apiserver/plane/app/serializers/issue.py index 2fb7c035d5d..4f7087fa50c 100644 --- a/apiserver/plane/app/serializers/issue.py +++ b/apiserver/plane/app/serializers/issue.py @@ -36,6 +36,7 @@ State, IssueVersion, IssueDescriptionVersion, + ProjectMember, ) @@ -119,6 +120,17 @@ def validate(self, data): raise serializers.ValidationError("Start date cannot exceed target date") return data + def get_valid_assignees(self, assignees, project_id): + if not assignees: + return [] + + return ProjectMember.objects.filter( + project_id=project_id, + role__gte=15, + is_active=True, + member_id__in=assignees + ).values_list('member_id', flat=True) + def create(self, validated_data): assignees = validated_data.pop("assignee_ids", None) labels = validated_data.pop("label_ids", None) @@ -134,27 +146,33 @@ def create(self, validated_data): created_by_id = issue.created_by_id updated_by_id = issue.updated_by_id - if assignees is not None and len(assignees): + valid_assignee_ids = self.get_valid_assignees(assignees, project_id) + if valid_assignee_ids is not None and len(valid_assignee_ids): try: IssueAssignee.objects.bulk_create( [ IssueAssignee( - assignee=user, + assignee_id=user_id, issue=issue, project_id=project_id, workspace_id=workspace_id, created_by_id=created_by_id, updated_by_id=updated_by_id, ) - for user in assignees + for user_id in valid_assignee_ids ], batch_size=10, ) except IntegrityError: pass else: - # Then assign it to default assignee - if default_assignee_id is not None: + # Then assign it to default assignee, if it is a valid assignee + if default_assignee_id is not None and ProjectMember.objects.filter( + member_id=default_assignee_id, + project_id=project_id, + role__gte=15, + is_active=True + ).exists(): try: IssueAssignee.objects.create( assignee_id=default_assignee_id, @@ -198,20 +216,21 @@ def update(self, instance, validated_data): created_by_id = instance.created_by_id updated_by_id = instance.updated_by_id - if assignees is not None: + valid_assignee_ids = self.get_valid_assignees(assignees, project_id) + if valid_assignee_ids is not None and len(valid_assignee_ids): IssueAssignee.objects.filter(issue=instance).delete() try: IssueAssignee.objects.bulk_create( [ IssueAssignee( - assignee=user, + assignee_id=user_id, issue=instance, project_id=project_id, workspace_id=workspace_id, created_by_id=created_by_id, updated_by_id=updated_by_id, ) - for user in assignees + for user_id in valid_assignee_ids ], batch_size=10, ignore_conflicts=True,