feat(controller): allow shared users domain access

Author: Matthew Fisher

controller/api/tests/test_domain.py

@@ -65,14 +65,14 @@ def test_manage_domain_invalid_app(self):
         response = self.client.get(url, content_type='application/json')
         self.assertEqual(response.status_code, 404)
 
-    def test_manage_domain_no_perms_on_app(self):
+    def test_manage_domain_perms_on_app(self):
         self.client.logout()
         self.assertTrue(
             self.client.login(username='autotest2', password='password'))
         url = '/api/apps/{app_id}/domains'.format(app_id=self.app_id)
         body = {'domain': 'test-domain2.example.com'}
         response = self.client.post(url, json.dumps(body), content_type='application/json')
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 201)
 
     def test_manage_domain_invalid_domain(self):
         url = '/api/apps/{app_id}/domains'.format(app_id=self.app_id)

controller/api/views.py

@@ -466,9 +466,6 @@ class DomainViewSet(OwnerViewSet):
 
     def create(self, request, *args, **kwargs):
         app = get_object_or_404(models.App, id=self.kwargs['id'])
-        # TODO: allow non-owners to manage domains
-        if request.user != app.owner:
-            return Response(status=status.HTTP_403_FORBIDDEN)
         request._data = request.DATA.copy()
         request.DATA['app'] = app
         return super(DomainViewSet, self).create(request, *args, **kwargs)