From 5eba25be58b2cc3385798c8e47d0bb0b5117fd4f Mon Sep 17 00:00:00 2001
From: Saurabh Kumar <theskumar@users.noreply.github.com>
Date: Wed, 26 Jun 2024 12:18:06 +0530
Subject: [PATCH] Fix editing comment updates the comment visibility (#4005)

Editing a comment which is for internal team changes it's visibility to
applicant + staff

How to reproduce:
- Login as staff
- Add a comment and then edit the same comment
- Refresh the page and see the visibility becomes Applicant + staff

When editing the comment, I didn't see staff getting a UI to update the
visibility so not allowing the visibility change in the commit edit api
seems to be the right thing to do as well
---
 hypha/apply/api/v1/serializers.py      | 1 +
 hypha/apply/api/v1/tests/test_views.py | 4 ++--
 hypha/apply/api/v1/views.py            | 4 +---
 3 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/hypha/apply/api/v1/serializers.py b/hypha/apply/api/v1/serializers.py
index d80715f24..b366e8486 100644
--- a/hypha/apply/api/v1/serializers.py
+++ b/hypha/apply/api/v1/serializers.py
@@ -450,6 +450,7 @@ class CommentEditSerializer(CommentCreateSerializer):
     class Meta(CommentCreateSerializer.Meta):
         read_only_fields = (
             "timestamp",
+            "visibility",
             "edited",
         )
 
diff --git a/hypha/apply/api/v1/tests/test_views.py b/hypha/apply/api/v1/tests/test_views.py
index e5f8a2f24..53c2e0b2b 100644
--- a/hypha/apply/api/v1/tests/test_views.py
+++ b/hypha/apply/api/v1/tests/test_views.py
@@ -78,7 +78,7 @@ class TestCommentEdit(TestCase):
 
         self.assertEqual(Activity.objects.count(), 1)
 
-    def test_staff_can_change_visibility(self):
+    def test_staff_can_not_change_visibility(self):
         user = StaffFactory()
         comment = CommentFactory(user=user, visibility=APPLICANT)
         self.client.force_login(user)
@@ -93,7 +93,7 @@ class TestCommentEdit(TestCase):
         )
 
         self.assertEqual(response.status_code, 200, response.json())
-        self.assertEqual(response.json()["visibility"], ALL)
+        self.assertEqual(response.json()["visibility"], APPLICANT)
 
     def test_out_of_order_does_nothing(self):
         user = ApplicantFactory()  # any role assigned user
diff --git a/hypha/apply/api/v1/views.py b/hypha/apply/api/v1/views.py
index 84b090670..af2929f35 100644
--- a/hypha/apply/api/v1/views.py
+++ b/hypha/apply/api/v1/views.py
@@ -384,9 +384,7 @@ class CommentViewSet(viewsets.GenericViewSet):
         serializer = self.get_serializer(comment_to_edit, data=request.data)
         serializer.is_valid(raise_exception=True)
 
-        if (serializer.validated_data["message"] != comment_to_update.message) or (
-            serializer.validated_data["visibility"] != comment_to_update.visibility
-        ):
+        if serializer.validated_data["message"] != comment_to_update.message:
             self.perform_create(serializer)
             comment_to_update.current = False
             comment_to_update.save()
-- 
GitLab