Only add users to stores if they are in the region
Closes #20 (closed)
What does this MR do?
Foodsavers can be added to a store by store managers / ambassadors without a request. This MR adds a check in the backend that only allows adding a user if that user is already in the region. This is already restricted in the frontend but the backend does not check it yet. It is important for privacy because everyone in the store can see details like your phone number.
How confident are you it won't break things if deployed?
Absolutely. This does not change the usual way of requesting team membership in a store. And I added a unit test.
Links to related issues
How to test
Hardly testable, because it is already restricted in the frontend. But the unit tests cover it.
Screenshots (if applicable)
Checklist
-
added a test, or explain why one is not needed/possible... -
no unrelated changes -
asked someone for a code review -
set a "for:" label to indicate who will be affected by this change -
added to the next milestone (see https://gitlab.com/foodsharing-dev/foodsharing/-/milestones, unless it has a "for:Dev" label) -
added an entry to CHANGELOG.md -
added a short text in the release notes to /release-notes/YYYY-MM.md -
Once your MR has been merged, you are responsible to create a testing issue in the Beta Testing forum: https://foodsharing.de/region?bid=734&sub=forum. Please change the MRs label to "state:Beta testing". - Consider writing a detailed description in German.
- Describe in a few sentences, what should be tested from a user perspective.
- Also mention different settings (e.g. different browsers, roles, ...) how this change can be tested.
- Be aware, that also non technical people should understand.
Closes #20 (closed)