🐛(backend) fix creating/updating document accesses for teams

This use case was forgotten when the support for team accesses was added. We add tests to stabilize the feature and its security.
2025-05-07 19:52:02 +02:00
parent 50faf766c8
commit d0eb2275e5
3 changed files with 170 additions and 12 deletions
--- a/src/backend/core/api/viewsets.py
+++ b/src/backend/core/api/viewsets.py
@@ -1605,14 +1605,15 @@ class DocumentAccessViewSet(

        access = serializer.save(document_id=self.kwargs["resource_id"])

-        access.document.send_invitation_email(
-            access.user.email,
-            access.role,
-            self.request.user,
-            access.user.language
-            or self.request.user.language
-            or settings.LANGUAGE_CODE,
-        )
+        if access.user:
+            access.document.send_invitation_email(
+                access.user.email,
+                access.role,
+                self.request.user,
+                access.user.language
+                or self.request.user.language
+                or settings.LANGUAGE_CODE,
+            )

    def perform_update(self, serializer):
        """Update an access to the document and notify the collaboration server."""