diff --git a/apps/challenges/views.py b/apps/challenges/views.py index 89d670f4d8..58886a37d8 100644 --- a/apps/challenges/views.py +++ b/apps/challenges/views.py @@ -336,16 +336,18 @@ def add_participant_team_to_challenge( # Check if user is in allowed list. user_email = request.user.email if len(challenge.allowed_email_domains) > 0: - if not is_user_in_allowed_email_domains(user_email, challenge_pk): - message = "Sorry, users with {} email domain(s) are only allowed to participate in this challenge." - domains = "" - for domain in challenge.allowed_email_domains: - domains = "{}{}{}".format(domains, "/", domain) - domains = domains[1:] - response_data = {"error": message.format(domains)} - return Response( - response_data, status=status.HTTP_406_NOT_ACCEPTABLE - ) + domains = "" + for domain in challenge.allowed_email_domains: + domains = "{}{}{}".format(domains, "/", domain) + domains = domains[1:] + for participant_email in participant_team.get_all_participants_email(): + if not is_user_in_allowed_email_domains(participant_email, challenge_pk): + message = "Sorry, team consisting of users with non-{} email domain(s) are not allowed \ + to participate in this challenge." + response_data = {"error": message.format(domains)} + return Response( + response_data, status=status.HTTP_406_NOT_ACCEPTABLE + ) # Check if user is in blocked list. if is_user_in_blocked_email_domains(user_email, challenge_pk): diff --git a/tests/unit/challenges/test_views.py b/tests/unit/challenges/test_views.py index b199bddd0b..584d614996 100644 --- a/tests/unit/challenges/test_views.py +++ b/tests/unit/challenges/test_views.py @@ -632,6 +632,13 @@ def setUp(self): verified=True, ) + EmailAddress.objects.create( + user=self.user2, + email="user2@example2.com", + primary=True, + verified=True, + ) + self.challenge_host_team2 = ChallengeHostTeam.objects.create( team_name="Some Test Challenge Host Team", created_by=self.user2 ) @@ -695,6 +702,16 @@ def setUp(self): team=self.participant_team3, ) + self.participant_team4 = ParticipantTeam.objects.create( + team_name="Some Participant Team 2 by User 2", created_by=self.user2 + ) + + self.participant5 = Participant.objects.create( + user=self.user3, + status=Participant.ACCEPTED, + team=self.participant_team4, + ) + def test_registration_is_closed_for_a_particular_challenge(self): self.challenge2.is_registration_open = False self.challenge2.save() @@ -781,7 +798,7 @@ def test_particular_participant_team_for_mapping_with_challenge_does_not_exist( "challenges:add_participant_team_to_challenge", kwargs={ "challenge_pk": self.challenge.pk, - "participant_team_pk": self.participant_team.pk + 3, + "participant_team_pk": self.participant_team.pk + 4, }, ) expected = {"error": "ParticipantTeam does not exist"} @@ -853,7 +870,28 @@ def test_participation_when_participant_is_not_in_allowed_list(self): ) response = self.client.post(self.url, {}) - message = "Sorry, users with {} email domain(s) are only allowed to participate in this challenge." + message = "Sorry, team consisting of users with non-{} email domain(s) are not allowed \ + to participate in this challenge." + expected = {"error": message.format("example1/example2")} + + self.assertEqual(response.data, expected) + self.assertEqual(response.status_code, status.HTTP_406_NOT_ACCEPTABLE) + + def test_participation_when_participant_team_member_is_not_in_allowed_list(self): + self.client.force_authenticate(user=self.participant_team4.created_by) + self.challenge2.allowed_email_domains.extend(["example1", "example2"]) + self.challenge2.save() + self.url = reverse_lazy( + "challenges:add_participant_team_to_challenge", + kwargs={ + "challenge_pk": self.challenge2.pk, + "participant_team_pk": self.participant_team4.pk, + }, + ) + + response = self.client.post(self.url, {}) + message = "Sorry, team consisting of users with non-{} email domain(s) are not allowed \ + to participate in this challenge." expected = {"error": message.format("example1/example2")} self.assertEqual(response.data, expected)