From 097b936ca812981ae31195f53271ab4b439e0837 Mon Sep 17 00:00:00 2001 From: Ryan Cross Date: Sun, 9 Nov 2014 02:32:41 +0000 Subject: [PATCH] Remove secauth middleware. Replace with role_required decorators. Commit ready for merge - Legacy-Id: 8624 --- ietf/secr/announcement/views.py | 3 + ietf/secr/areas/views.py | 8 ++- ietf/secr/console/views.py | 2 + ietf/secr/drafts/views.py | 21 +++++++ ietf/secr/groups/views.py | 11 ++++ ietf/secr/ipradmin/views.py | 9 +++ ietf/secr/meetings/views.py | 21 +++++++ ietf/secr/proceedings/views.py | 57 ++++++------------- ietf/secr/roles/views.py | 3 + ietf/secr/rolodex/views.py | 7 +++ ietf/secr/sreq/views.py | 10 +++- ietf/secr/telechat/views.py | 11 +++- ietf/secr/templates/base_site.html | 7 ++- ietf/secr/templates/main.html | 3 +- .../proceedings/interim_meeting.html | 3 +- .../templates/proceedings/interim_select.html | 3 +- ietf/secr/templates/proceedings/main.html | 9 +-- ietf/secr/templates/proceedings/select.html | 3 +- ietf/secr/templates/sreq/main.1_2 | 3 +- ietf/secr/templates/sreq/main.html | 3 +- ietf/secr/utils/decorators.py | 3 +- ietf/settings.py | 10 ---- 22 files changed, 139 insertions(+), 71 deletions(-) diff --git a/ietf/secr/announcement/views.py b/ietf/secr/announcement/views.py index 84361ea7a..99f6f42a3 100644 --- a/ietf/secr/announcement/views.py +++ b/ietf/secr/announcement/views.py @@ -1,4 +1,5 @@ from django.contrib import messages +from django.contrib.auth.decorators import login_required from django.http import HttpResponseForbidden from django.shortcuts import render_to_response, redirect from django.template import RequestContext @@ -45,6 +46,7 @@ def check_access(user): # -------------------------------------------------- # this seems to cause some kind of circular problem # @check_for_cancel(reverse('home')) +@login_required @check_for_cancel('../') def main(request): ''' @@ -70,6 +72,7 @@ def main(request): RequestContext(request, {}), ) +@login_required @check_for_cancel('../') def confirm(request): diff --git a/ietf/secr/areas/views.py b/ietf/secr/areas/views.py index 79cfb6e12..b201c1ffa 100644 --- a/ietf/secr/areas/views.py +++ b/ietf/secr/areas/views.py @@ -10,6 +10,7 @@ from django.template import RequestContext from ietf.group.models import Group, GroupEvent, GroupURL, Role, ChangeStateGroupEvent from ietf.group.utils import save_group_in_history +from ietf.ietfauth.utils import role_required from ietf.person.models import Person from ietf.secr.areas.forms import AWPAddModelForm, AWPForm, AddAreaModelForm, AreaDirectorForm, AreaForm @@ -49,7 +50,7 @@ def getemails(request): # -------------------------------------------------- # STANDARD VIEW FUNCTIONS # -------------------------------------------------- - +@role_required('Secretariat') def add(request): """ Add a new IETF Area @@ -95,6 +96,7 @@ def add(request): RequestContext(request, {}), ) +@role_required('Secretariat') def edit(request, name): """ Edit IETF Areas @@ -159,6 +161,7 @@ def edit(request, name): RequestContext(request,{}), ) +@role_required('Secretariat') def list_areas(request): """ List IETF Areas @@ -180,6 +183,7 @@ def list_areas(request): RequestContext(request, {}), ) +@role_required('Secretariat') def people(request, name): """ Edit People associated with Areas, Area Directors. @@ -229,6 +233,7 @@ def people(request, name): RequestContext(request, {}), ) +@role_required('Secretariat') def modify(request, name): """ Handle state changes of Area Directors (enable voting, retire) @@ -285,6 +290,7 @@ def modify(request, name): return redirect('areas_view', name=name) +@role_required('Secretariat') def view(request, name): """ View Area information. diff --git a/ietf/secr/console/views.py b/ietf/secr/console/views.py index b0f157764..90172ec04 100644 --- a/ietf/secr/console/views.py +++ b/ietf/secr/console/views.py @@ -3,7 +3,9 @@ from django.shortcuts import render_to_response from django.template import RequestContext from ietf.doc.models import DocEvent +from ietf.ietfauth.utils import role_required +@role_required('Secretariat') def main(request): ''' Main view for the Console diff --git a/ietf/secr/drafts/views.py b/ietf/secr/drafts/views.py index ce99d03bd..ee0b9c146 100644 --- a/ietf/secr/drafts/views.py +++ b/ietf/secr/drafts/views.py @@ -15,6 +15,7 @@ from django.template.loader import render_to_string from ietf.doc.models import Document, DocumentAuthor, DocAlias, DocRelationshipName, RelatedDocument, State from ietf.doc.models import DocEvent, NewRevisionDocEvent from ietf.doc.models import save_document_in_history +from ietf.ietfauth.utils import role_required from ietf.meeting.models import Meeting from ietf.meeting.helpers import get_meeting from ietf.name.models import StreamName @@ -484,6 +485,7 @@ def report_progress_report(start_date,end_date): # ------------------------------------------------- # Standard View Functions # ------------------------------------------------- +@role_required('Secretariat') def abstract(request, id): ''' View Internet Draft Abstract @@ -503,6 +505,7 @@ def abstract(request, id): RequestContext(request, {}), ) +@role_required('Secretariat') def add(request): ''' Add Internet Draft @@ -594,6 +597,7 @@ def add(request): RequestContext(request, {}), ) +@role_required('Secretariat') def announce(request, id): ''' Schedule announcement of new Internet-Draft to I-D Announce list @@ -618,6 +622,7 @@ def announce(request, id): messages.success(request, 'Announcement scheduled successfully!') return redirect('drafts_view', id=id) +@role_required('Secretariat') def approvals(request): ''' This view handles setting Initial Approval for drafts @@ -632,6 +637,7 @@ def approvals(request): RequestContext(request, {}), ) +@role_required('Secretariat') def author_delete(request, id, oid): ''' This view deletes the specified author(email) from the draft @@ -640,6 +646,7 @@ def author_delete(request, id, oid): messages.success(request, 'The author was deleted successfully') return redirect('drafts_authors', id=id) +@role_required('Secretariat') def authors(request, id): ''' Edit Internet Draft Authors @@ -687,6 +694,7 @@ def authors(request, id): RequestContext(request, {}), ) +@role_required('Secretariat') def confirm(request, id): ''' This view displays changes that will be made and calls appropriate @@ -737,6 +745,7 @@ def confirm(request, id): RequestContext(request, {}), ) +@role_required('Secretariat') def dates(request): ''' Manage ID Submission Dates @@ -756,6 +765,7 @@ def dates(request): RequestContext(request, {}), ) +@role_required('Secretariat') def edit(request, id): ''' Since there's a lot going on in this function we are summarizing in the docstring. @@ -804,6 +814,7 @@ def edit(request, id): 'draft': draft}, ) +@role_required('Secretariat') def email(request, id): ''' This function displays the notification message and allows the @@ -849,6 +860,7 @@ def email(request, id): RequestContext(request, {}), ) +@role_required('Secretariat') def extend(request, id): ''' This view handles extending the expiration date for an Internet-Draft @@ -880,6 +892,7 @@ def extend(request, id): RequestContext(request, {}), ) +@role_required('Secretariat') def makerfc(request, id): ''' Make RFC out of Internet Draft @@ -954,6 +967,7 @@ def makerfc(request, id): RequestContext(request, {}), ) +@role_required('Secretariat') def nudge_report(request): ''' This view produces the Nudge Report, basically a list of documents that are in the IESG @@ -967,6 +981,7 @@ def nudge_report(request): RequestContext(request, {}), ) +@role_required('Secretariat') def replace(request, id): ''' This view handles replacing one Internet-Draft with another @@ -998,6 +1013,7 @@ def replace(request, id): RequestContext(request, {}), ) +@role_required('Secretariat') def resurrect(request, id): ''' This view handles resurrection of an Internet-Draft @@ -1008,6 +1024,7 @@ def resurrect(request, id): request.session['action'] = 'resurrect' return redirect('drafts_email', id=id) +@role_required('Secretariat') def revision(request, id): ''' This function presents the input form for the New Revision action. If submitted @@ -1047,6 +1064,7 @@ def revision(request, id): RequestContext(request, {}), ) +@role_required('Secretariat') def search(request): ''' Search Internet Drafts @@ -1118,6 +1136,7 @@ def search(request): RequestContext(request, {}), ) +@role_required('Secretariat') def update(request, id): ''' This view handles the Update action for an Internet-Draft @@ -1159,6 +1178,7 @@ def update(request, id): RequestContext(request, {}), ) +@role_required('Secretariat') def view(request, id): ''' View Internet Draft @@ -1219,6 +1239,7 @@ def view(request, id): RequestContext(request, {}), ) +@role_required('Secretariat') def withdraw(request, id): ''' This view handles withdrawing an Internet-Draft diff --git a/ietf/secr/groups/views.py b/ietf/secr/groups/views.py index c957442f7..90236bacd 100644 --- a/ietf/secr/groups/views.py +++ b/ietf/secr/groups/views.py @@ -5,6 +5,7 @@ from django.template import RequestContext from ietf.group.models import Group, GroupMilestone, ChangeStateGroupEvent, GroupEvent, GroupURL, Role from ietf.group.utils import save_group_in_history, get_charter_text +from ietf.ietfauth.utils import role_required from ietf.person.models import Person from ietf.secr.groups.forms import GroupModelForm, GroupMilestoneForm, RoleForm, SearchForm from ietf.secr.areas.forms import AWPForm @@ -69,6 +70,7 @@ def get_ads(request): # Standard View Functions # ------------------------------------------------- +@role_required('Secretariat') def add(request): ''' Add a new IETF or IRTF Group @@ -119,6 +121,7 @@ def add(request): RequestContext(request, {}), ) +@role_required('Secretariat') def blue_dot(request): ''' This is a report view. It returns a text/plain listing of chairs for active and bof groups. @@ -144,6 +147,7 @@ def blue_dot(request): RequestContext(request, {}), content_type="text/plain", ) +@role_required('Secretariat') def charter(request, acronym): """ View Group Charter @@ -171,6 +175,7 @@ def charter(request, acronym): RequestContext(request, {}), ) +@role_required('Secretariat') def delete_role(request, acronym, id): """ Handle deleting roles for groups (chair, editor, advisor, secretary) @@ -193,6 +198,7 @@ def delete_role(request, acronym, id): messages.success(request, 'The entry was deleted successfully') return redirect('groups_people', acronym=acronym) +@role_required('Secretariat') def edit(request, acronym): """ Edit Group details @@ -269,6 +275,7 @@ def edit(request, acronym): RequestContext(request, {}), ) +@role_required('Secretariat') def edit_gm(request, acronym): """ Edit IETF Group Goal and Milestone details @@ -305,6 +312,7 @@ def edit_gm(request, acronym): RequestContext(request, {}), ) +@role_required('Secretariat') def people(request, acronym): """ Edit Group Roles (Chairs, Secretary, etc) @@ -348,6 +356,7 @@ def people(request, acronym): RequestContext(request, {}), ) +@role_required('Secretariat') def search(request): """ Search IETF Groups @@ -426,6 +435,7 @@ def search(request): RequestContext(request, {}), ) +@role_required('Secretariat') def view(request, acronym): """ View IETF Group details @@ -449,6 +459,7 @@ def view(request, acronym): RequestContext(request, {}), ) +@role_required('Secretariat') def view_gm(request, acronym): """ View IETF Group Goals and Milestones details diff --git a/ietf/secr/ipradmin/views.py b/ietf/secr/ipradmin/views.py index 422340a6d..9529c97ad 100644 --- a/ietf/secr/ipradmin/views.py +++ b/ietf/secr/ipradmin/views.py @@ -15,12 +15,14 @@ from ietf.secr.ipradmin.managers import IprDetailManager from ietf.secr.ipradmin.forms import IprDetailForm, IPRContactFormset from ietf.secr.utils.document import get_rfc_num, is_draft +from ietf.ietfauth.utils import role_required from ietf.ipr.models import IprDetail, IprUpdate, IprContact, LICENSE_CHOICES, STDONLY_CHOICES, IprNotification from ietf.utils.mail import send_mail_text from ietf.doc.models import DocAlias from ietf.group.models import Role +@role_required('Secretariat') @template('ipradmin/list.html') def admin_list(request): queue_ipr = IprDetailManager.queue_ipr() @@ -37,6 +39,7 @@ def admin_list(request): third_party_notifications = third_party_notifications) +@role_required('Secretariat') def admin_post(request, ipr_id, from_page, command): ipr_dtl = IprDetail.objects.get(ipr_id=ipr_id) ipr_dtl.status = 1 @@ -108,6 +111,7 @@ def send_notifications(post_data, ipr_id, update=False): return None +@role_required('Secretariat') @template('ipradmin/notify.html') def admin_notify(request, ipr_id): if request.POST and 'command' in request.POST and 'do_send_notifications' == request.POST['command']: @@ -332,6 +336,7 @@ def get_wg_email_list(group): return ', '.join(result) +@role_required('Secretariat') @template('ipradmin/delete.html') def admin_delete(request, ipr_id): ipr_dtl = IprDetail.objects.get(ipr_id=ipr_id) @@ -339,6 +344,7 @@ def admin_delete(request, ipr_id): ipr_dtl.save() return redirect('ipradmin_admin_list') +@role_required('Secretariat') @template('ipradmin/notify.html') def old_submitter_notify(request, ipr_id): if request.POST and 'command' in request.POST \ @@ -401,6 +407,7 @@ def old_submitter_notify(request, ipr_id): ) # end old_submitter_notify +@role_required('Secretariat') @template('ipradmin/detail.html') def admin_detail(request, ipr_id): if request.POST and request.POST['command']: @@ -661,6 +668,7 @@ def admin_detail(request, ipr_id): ) # end admin_detail +@role_required('Secretariat') @template('ipradmin/create.html') def admin_create(request): if request.method == 'POST': @@ -686,6 +694,7 @@ def admin_create(request): ipr_contact_formset = ipr_contact_formset) # end admin_create +@role_required('Secretariat') @template('ipradmin/update.html') def admin_update(request, ipr_id): if request.method == 'POST': diff --git a/ietf/secr/meetings/views.py b/ietf/secr/meetings/views.py index da50793a6..1b2e7eed9 100644 --- a/ietf/secr/meetings/views.py +++ b/ietf/secr/meetings/views.py @@ -12,6 +12,7 @@ from django.shortcuts import render_to_response, get_object_or_404, redirect from django.template import RequestContext from django.utils.functional import curry +from ietf.ietfauth.utils import role_required from ietf.utils.mail import send_mail from ietf.meeting.helpers import get_meeting from ietf.meeting.models import Meeting, Session, Room, TimeSlot, ScheduledSession, Schedule @@ -266,6 +267,7 @@ def ajax_get_times(request, meeting_id, day): # -------------------------------------------------- # STANDARD VIEW FUNCTIONS # -------------------------------------------------- +@role_required('Secretariat') def add(request): ''' Add a new IETF Meeting. Creates Meeting and Proceeding objects. @@ -315,6 +317,7 @@ def add(request): RequestContext(request, {}), ) +@role_required('Secretariat') def blue_sheet(request, meeting_id): ''' Blue Sheet view. The user can generate blue sheets or upload scanned bluesheets @@ -340,6 +343,7 @@ def blue_sheet(request, meeting_id): RequestContext(request, {}), ) +@role_required('Secretariat') def blue_sheet_generate(request, meeting_id): ''' Generate bluesheets @@ -352,6 +356,7 @@ def blue_sheet_generate(request, meeting_id): messages.success(request, 'Blue Sheets generated') return redirect('meetings_blue_sheet', meeting_id=meeting.number) +@role_required('Secretariat') def blue_sheet_redirect(request): ''' This is the generic blue sheet URL. It gets the next IETF meeting and redirects @@ -365,6 +370,7 @@ def blue_sheet_redirect(request): meeting = Meeting.objects.filter(type='ietf').order_by('-date')[0] return redirect('meetings_blue_sheet', meeting_id=meeting.number) +@role_required('Secretariat') def edit_meeting(request, meeting_id): ''' Edit Meeting information. @@ -400,6 +406,7 @@ def edit_meeting(request, meeting_id): RequestContext(request,{}), ) +@role_required('Secretariat') def main(request): ''' In this view the user can choose a meeting to manage or elect to create a new meeting. @@ -418,6 +425,7 @@ def main(request): RequestContext(request, {}), ) +@role_required('Secretariat') def non_session(request, meeting_id, schedule_name): ''' Display and add "non-session" time slots, ie. registration, beverage and snack breaks @@ -483,6 +491,7 @@ def non_session(request, meeting_id, schedule_name): RequestContext(request, {}), ) +@role_required('Secretariat') def non_session_delete(request, meeting_id, schedule_name, slot_id): ''' This function deletes the non-session TimeSlot. For "other" and "plenary" timeslot @@ -506,6 +515,7 @@ def non_session_delete(request, meeting_id, schedule_name, slot_id): messages.success(request, 'Non-Session timeslot deleted successfully') return redirect('meetings_non_session', meeting_id=meeting_id, schedule_name=schedule_name) +@role_required('Secretariat') def non_session_edit(request, meeting_id, schedule_name, slot_id): ''' Allows the user to assign a location to this non-session timeslot @@ -555,6 +565,7 @@ def non_session_edit(request, meeting_id, schedule_name, slot_id): RequestContext(request, {}), ) +@role_required('Secretariat') def notifications(request, meeting_id): ''' Send scheduled session email notifications. Finds all groups with @@ -590,6 +601,7 @@ def notifications(request, meeting_id): RequestContext(request, {}), ) +@role_required('Secretariat') def remove_session(request, meeting_id, acronym): ''' Remove session from agenda. Disassociate session from timeslot and set status. @@ -613,6 +625,7 @@ def remove_session(request, meeting_id, acronym): messages.success(request, '%s Session removed from agenda' % (group.acronym)) return redirect('meetings_select_group', meeting_id=meeting.number) +@role_required('Secretariat') def rooms(request, meeting_id, schedule_name): ''' Display and edit MeetingRoom records for the specified meeting @@ -657,6 +670,7 @@ def rooms(request, meeting_id, schedule_name): RequestContext(request, {}), ) +@role_required('Secretariat') def schedule(request, meeting_id, schedule_name, acronym): ''' This view handles scheduling session requests to TimeSlots @@ -770,6 +784,7 @@ def schedule(request, meeting_id, schedule_name, acronym): RequestContext(request, {}), ) +@role_required('Secretariat') def select(request, meeting_id, schedule_name): ''' Options to edit Rooms & Times or schedule a session @@ -783,6 +798,7 @@ def select(request, meeting_id, schedule_name): RequestContext(request, {}), ) +@role_required('Secretariat') def select_group(request, meeting_id, schedule_name): ''' In this view the user can select the group to schedule. Only those groups that have @@ -828,6 +844,7 @@ def select_group(request, meeting_id, schedule_name): RequestContext(request, {}), ) +@role_required('Secretariat') def times(request, meeting_id, schedule_name): ''' Display and edit time slots (TimeSlots). It doesn't display every TimeSlot @@ -892,6 +909,7 @@ def times(request, meeting_id, schedule_name): RequestContext(request, {}), ) +@role_required('Secretariat') def times_edit(request, meeting_id, schedule_name, time): ''' This view handles bulk edit of timeslot details. @@ -946,6 +964,7 @@ def times_edit(request, meeting_id, schedule_name, time): RequestContext(request, {}), ) +@role_required('Secretariat') def times_delete(request, meeting_id, schedule_name, time): ''' This view handles bulk delete of all timeslots matching time (datetime) for the given @@ -961,6 +980,7 @@ def times_delete(request, meeting_id, schedule_name, time): messages.success(request, 'Timeslot deleted') return redirect('meetings_times', meeting_id=meeting_id,schedule_name=schedule_name) +@role_required('Secretariat') def unschedule(request, meeting_id, schedule_name, session_id): ''' Unschedule given session object @@ -975,6 +995,7 @@ def unschedule(request, meeting_id, schedule_name, session_id): messages.success(request, 'Session unscheduled') return redirect('meetings_select_group', meeting_id=meeting_id, schedule_name=schedule_name) +@role_required('Secretariat') def view(request, meeting_id): ''' View Meeting information. diff --git a/ietf/secr/proceedings/views.py b/ietf/secr/proceedings/views.py index eb3c11ab8..ac914d872 100644 --- a/ietf/secr/proceedings/views.py +++ b/ietf/secr/proceedings/views.py @@ -24,7 +24,7 @@ from ietf.secr.utils.group import get_my_groups, groups_by_session from ietf.secr.utils.meeting import get_upload_root, get_materials, get_timeslot from ietf.doc.models import Document, DocAlias, DocEvent, State, NewRevisionDocEvent from ietf.group.models import Group -from ietf.ietfauth.utils import has_role +from ietf.ietfauth.utils import has_role, role_required from ietf.meeting.models import Meeting, Session, TimeSlot, ScheduledSession from ietf.secr.proceedings.forms import EditSlideForm, InterimMeetingForm, RecordingForm, RecordingEditForm, ReplaceSlideForm, UnifiedUploadForm from ietf.secr.proceedings.proc_utils import ( gen_acknowledgement, gen_agenda, gen_areas, gen_attendees, @@ -34,7 +34,10 @@ from ietf.secr.proceedings.proc_utils import ( gen_acknowledgement, gen_agenda, from ietf.secr.proceedings.models import InterimMeeting # proxy model - +# ------------------------------------------------- +# Globals +# ------------------------------------------------- +AUTHORIZED_ROLES=('WG Chair','WG Secretary','RG Chair','IAB Group Chair','Area Director','Secretariat','Team Chair') # ------------------------------------------------- # Helper Functions # ------------------------------------------------- @@ -312,7 +315,7 @@ def ajax_order_slide(request): # -------------------------------------------------- # STANDARD VIEW FUNCTIONS # -------------------------------------------------- -@sec_only +@role_required('Secretariat') def build(request,meeting_num,acronym): ''' This is a utility or test view. It simply rebuilds the proceedings html for the specified @@ -364,7 +367,7 @@ def delete_material(request,slide_id): return HttpResponseRedirect(url) -@sec_only +@role_required('Secretariat') def delete_interim_meeting(request, meeting_num): ''' This view deletes the specified Interim Meeting and any material that has been @@ -430,6 +433,7 @@ def edit_slide(request, slide_id): RequestContext(request, {}), ) +@role_required(*AUTHORIZED_ROLES) def interim(request, acronym): ''' This view presents the user with a list of interim meetings for the specified group. @@ -475,8 +479,8 @@ def interim(request, acronym): RequestContext(request, {}), ) +@role_required(*AUTHORIZED_ROLES) def interim_directory(request, sortby=None): - if sortby == 'group': qs = InterimMeeting.objects.all() meetings = sorted(qs, key=lambda a: a.group.acronym) @@ -487,6 +491,7 @@ def interim_directory(request, sortby=None): 'meetings': meetings}, ) +@role_required(*AUTHORIZED_ROLES) def main(request): ''' List IETF Meetings. If the user is Secratariat list includes all meetings otherwise @@ -591,7 +596,7 @@ def process_pdfs(request, meeting_num): url = reverse('proceedings_select', kwargs={'meeting_num':meeting_num}) return HttpResponseRedirect(url) -@sec_only +@role_required('Secretariat') def progress_report(request, meeting_num): ''' This function generates the proceedings progress report for use at the Plenary. @@ -602,7 +607,7 @@ def progress_report(request, meeting_num): url = reverse('proceedings_select', kwargs={'meeting_num':meeting_num}) return HttpResponseRedirect(url) -@sec_only +@role_required('Secretariat') def recording(request, meeting_num): ''' Enter Session recording info. Creates Document and associates it with Session @@ -639,7 +644,7 @@ def recording(request, meeting_num): RequestContext(request, {}), ) -@sec_only +@role_required('Secretariat') def recording_edit(request, meeting_num, name): ''' Edit recording Document @@ -719,6 +724,7 @@ def replace_slide(request, slide_id): RequestContext(request, {}), ) +@role_required(*AUTHORIZED_ROLES) def select(request, meeting_num): ''' A screen to select which group you want to upload material for. Users of this view area @@ -810,6 +816,7 @@ def select(request, meeting_num): RequestContext(request,{}), ) +@role_required(*AUTHORIZED_ROLES) def select_interim(request): ''' A screen to select which group you want to upload Interim material for. Works for Secretariat staff @@ -819,7 +826,7 @@ def select_interim(request): redirect_url = reverse('proceedings_interim', kwargs={'acronym':request.POST['group']}) return HttpResponseRedirect(redirect_url) - if request.user_is_secretariat: + if has_role(request.user, "Secretariat"): # initialize working groups form choices = build_choices(Group.objects.active_wgs()) group_form = GroupSelectForm(choices=choices) @@ -981,35 +988,3 @@ def upload_unified(request, meeting_num, acronym=None, session_id=None): 'proceedings_url': proceedings_url}, RequestContext(request, {}), ) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/ietf/secr/roles/views.py b/ietf/secr/roles/views.py index ea6d4d6e5..4b3630ab9 100644 --- a/ietf/secr/roles/views.py +++ b/ietf/secr/roles/views.py @@ -6,6 +6,7 @@ from django.template import RequestContext from ietf.group.models import Group, Role from ietf.group.utils import save_group_in_history +from ietf.ietfauth.utils import role_required from ietf.secr.groups.forms import RoleForm from ietf.secr.sreq.forms import GroupSelectForm @@ -41,6 +42,7 @@ def ajax_get_roles(request, acronym): # -------------------------------------------------- # STANDARD VIEW FUNCTIONS # -------------------------------------------------- +@role_required('Secretariat') def delete_role(request, acronym, id): """ Handle deleting roles @@ -62,6 +64,7 @@ def delete_role(request, acronym, id): url = reverse('roles') + '?group=%s' % group.acronym return HttpResponseRedirect(url) +@role_required('Secretariat') def main(request): ''' Main view for generic Roles App diff --git a/ietf/secr/rolodex/views.py b/ietf/secr/rolodex/views.py index 38d72d17d..b2d42890e 100644 --- a/ietf/secr/rolodex/views.py +++ b/ietf/secr/rolodex/views.py @@ -6,6 +6,7 @@ from django.http import HttpResponseRedirect from django.shortcuts import render_to_response, get_object_or_404, redirect from django.template import RequestContext +from ietf.ietfauth.utils import role_required from ietf.person.models import Person, Email, Alias from ietf.secr.rolodex.forms import EditPersonForm, EmailForm, NameForm, NewPersonForm, SearchForm @@ -14,6 +15,7 @@ from ietf.secr.rolodex.forms import EditPersonForm, EmailForm, NameForm, NewPers # Views # --------------------------------------- +@role_required('Secretariat') def add(request): """ Add contact information. @@ -52,6 +54,7 @@ def add(request): RequestContext(request, {}), ) +@role_required('Secretariat') def add_proceed(request): """ Add contact information. (2nd page, allows entry of address, phone and email records) @@ -111,6 +114,7 @@ def add_proceed(request): RequestContext(request, {}), ) +@role_required('Secretariat') def delete(request, id): """ Delete contact information. @@ -144,6 +148,7 @@ def delete(request, id): RequestContext(request, {}), ) +@role_required('Secretariat') def edit(request, id): """ Edit contact information. Address, Email and Phone records are provided as inlineformsets. @@ -199,6 +204,7 @@ def edit(request, id): RequestContext(request, {}), ) +@role_required('Secretariat') def search(request): """ Search Person by any combination of name, email or tag. email matches @@ -255,6 +261,7 @@ def search(request): RequestContext(request, {}), ) +@role_required('Secretariat') def view(request, id): """ View contact information. diff --git a/ietf/secr/sreq/views.py b/ietf/secr/sreq/views.py index ea049177c..927ebec4a 100644 --- a/ietf/secr/sreq/views.py +++ b/ietf/secr/sreq/views.py @@ -7,12 +7,12 @@ from django.shortcuts import render_to_response, get_object_or_404, redirect from django.template import RequestContext from ietf.group.models import Group -from ietf.ietfauth.utils import has_role +from ietf.ietfauth.utils import has_role, role_required from ietf.meeting.models import Meeting, Session, Constraint, ResourceAssociation from ietf.meeting.helpers import get_meeting from ietf.name.models import SessionStatusName, ConstraintName from ietf.secr.sreq.forms import SessionForm, GroupSelectForm, ToolStatusForm -from ietf.secr.utils.decorators import check_permissions, sec_only +from ietf.secr.utils.decorators import check_permissions from ietf.secr.utils.group import groups_by_session from ietf.secr.utils.mail import get_ad_email_list, get_chair_email_list, get_cc_list from ietf.utils.mail import send_mail @@ -22,6 +22,7 @@ from ietf.person.models import Person # Globals # ------------------------------------------------- SESSION_REQUEST_EMAIL = 'session-request@ietf.org' +AUTHORIZED_ROLES=('WG Chair','WG Secretary','RG Chair','IAB Group Chair','Area Director','Secretariat','Team Chair') # ------------------------------------------------- # Helper Functions @@ -222,6 +223,7 @@ def cancel(request, acronym): messages.success(request, 'The %s Session Request has been canceled' % group.acronym) return redirect('sessions') +@role_required(*AUTHORIZED_ROLES) def confirm(request, acronym): ''' This view displays details of the new session that has been requested for the user @@ -466,6 +468,7 @@ def edit_mtg(request, num, acronym): RequestContext(request, {}), ) +@role_required(*AUTHORIZED_ROLES) def main(request): ''' Display list of groups the user has access to. @@ -635,7 +638,7 @@ def no_session(request, acronym): messages.success(request, 'A message was sent to notify not having a session at IETF %s' % meeting.number) return redirect('sessions') -@sec_only +@role_required('Secretariat') def tool_status(request): ''' This view handles locking and unlocking of the tool to the public. @@ -677,6 +680,7 @@ def tool_status(request): RequestContext(request, {}), ) +@role_required(*AUTHORIZED_ROLES) def view(request, acronym, num = None): ''' This view displays the session request info diff --git a/ietf/secr/telechat/views.py b/ietf/secr/telechat/views.py index 84ca8b8cb..1440052b3 100644 --- a/ietf/secr/telechat/views.py +++ b/ietf/secr/telechat/views.py @@ -13,6 +13,7 @@ from ietf.doc.lastcall import request_last_call from ietf.doc.mails import email_ad, email_state_changed from ietf.iesg.models import TelechatDate, TelechatAgendaItem, Telechat from ietf.iesg.agenda import agenda_data, get_doc_section +from ietf.ietfauth.utils import role_required from ietf.secr.telechat.forms import BallotForm, ChangeStateForm, DateSelectForm, TELECHAT_TAGS @@ -119,6 +120,7 @@ def get_first_doc(agenda): # ------------------------------------------------- # View Functions # ------------------------------------------------- +@role_required('Secretariat') def bash(request, date): agenda = agenda_data(date=date) @@ -129,6 +131,7 @@ def bash(request, date): RequestContext(request, {}), ) +@role_required('Secretariat') def doc(request, date): ''' This view redirects to doc_detail using the first document in the agenda or @@ -147,6 +150,7 @@ def doc(request, date): RequestContext(request, {}), ) +@role_required('Secretariat') def doc_detail(request, date, name): ''' This view displays the ballot information for the document, and lets the user make @@ -290,6 +294,7 @@ def doc_detail(request, date, name): RequestContext(request, {}), ) +@role_required('Secretariat') def doc_navigate(request, date, name, nav): ''' This view takes three arguments: @@ -312,6 +317,7 @@ def doc_navigate(request, date, name, nav): return redirect('telechat_doc_detail', date=date, name=target) +@role_required('Secretariat') def main(request): ''' The is the main view where the user selects an existing telechat or creates a new one. @@ -330,6 +336,7 @@ def main(request): RequestContext(request, {}), ) +@role_required('Secretariat') def management(request, date): ''' This view displays management issues and lets the user update the status @@ -345,6 +352,7 @@ def management(request, date): RequestContext(request, {}), ) +@role_required('Secretariat') def minutes(request, date): ''' This view shows a list of documents that were approved since the last telechat @@ -372,6 +380,7 @@ def minutes(request, date): RequestContext(request, {}), ) +@role_required('Secretariat') def new(request): ''' This view creates a new telechat agenda and redirects to the default view @@ -384,8 +393,8 @@ def new(request): messages.success(request,'New Telechat Agenda created') return redirect('telechat_doc', date=date) +@role_required('Secretariat') def roll_call(request, date): - agenda = agenda_data(date=date) ads = Person.objects.filter(role__name='ad', role__group__state="active") sorted_ads = sorted(ads, key = lambda a: a.name_parts()[3]) diff --git a/ietf/secr/templates/base_site.html b/ietf/secr/templates/base_site.html index 6564bc8e9..92ea7c4d2 100644 --- a/ietf/secr/templates/base_site.html +++ b/ietf/secr/templates/base_site.html @@ -1,17 +1,18 @@ {% extends "base_secr.html" %} {% load i18n %} +{% load ietf_filters %} -{% block title %}{{ title }}{% if request.user_is_secretariat %} Secretariat Dashboard {% else %} WG Chair Dashboard {% endif %}{% endblock %} +{% block title %}{{ title }}{% if user|has_role:"Secretariat" %} Secretariat Dashboard {% else %} WG Chair Dashboard {% endif %}{% endblock %} {% block branding %}
-

{% if request.user_is_secretariat %} Secretariat Dashboard {% else %} WG Chair Dashboard {% endif %}

+

{% if user|has_role:"Secretariat" %} Secretariat Dashboard {% else %} WG Chair Dashboard {% endif %}
- +
diff --git a/ietf/secr/templates/main.html b/ietf/secr/templates/main.html index 863c08543..9f67b3f15 100644 --- a/ietf/secr/templates/main.html +++ b/ietf/secr/templates/main.html @@ -1,9 +1,10 @@ {% extends "base_site.html" %} +{% load ietf_filters %} {% block content %}
-{% if request.user_is_secretariat %} +{% if user|has_role:"Secretariat" %} diff --git a/ietf/secr/templates/proceedings/interim_meeting.html b/ietf/secr/templates/proceedings/interim_meeting.html index b05e1b2ea..302b7b3de 100755 --- a/ietf/secr/templates/proceedings/interim_meeting.html +++ b/ietf/secr/templates/proceedings/interim_meeting.html @@ -1,4 +1,5 @@ {% extends "base_site.html" %} +{% load ietf_filters %} {% block title %}Interim Meetings{% endblock %} @@ -22,7 +23,7 @@
+
@@ -31,7 +32,7 @@ {% endfor %}
IETF Meeting
- {% if request.user_is_secretariat %} + {% if user|has_role:"Secretariat" %}
    • @@ -42,7 +43,7 @@
    - +
    @@ -66,7 +67,7 @@
    - {% if not request.user_is_secretariat %} + {% if not user|has_role:"Secretariat" %}

    The list(s) above includes those meetings which you can upload materials for. Click on the meeting number or interim meeting date to continue.

    diff --git a/ietf/secr/templates/proceedings/select.html b/ietf/secr/templates/proceedings/select.html index 44a46a55b..bbe891754 100755 --- a/ietf/secr/templates/proceedings/select.html +++ b/ietf/secr/templates/proceedings/select.html @@ -1,4 +1,5 @@ {% extends "base_site.html" %} +{% load ietf_filters %} {% block title %}Proceedings{% endblock %} @@ -80,7 +81,7 @@ {% endif %} - {% if request.user_is_secretariat %} + {% if user|has_role:"Secretariat" %}

    Secretariat Only Functions

    diff --git a/ietf/secr/templates/sreq/main.1_2 b/ietf/secr/templates/sreq/main.1_2 index dfde13cd1..1bcf9b7c4 100755 --- a/ietf/secr/templates/sreq/main.1_2 +++ b/ietf/secr/templates/sreq/main.1_2 @@ -1,4 +1,5 @@ {% extends "base_site.html" %} +{% load ietf_filters %} {% block title %}Sessions{% endblock %} @@ -18,7 +19,7 @@

    Sessions Request Tool: IETF {{ meeting.meeting_num }} - {% if request.user_is_secretariat %} + {% if user|has_role:"Secretariat" %} {% if is_locked %} Tool Status: Locked {% else %} diff --git a/ietf/secr/templates/sreq/main.html b/ietf/secr/templates/sreq/main.html index 8e4f328f8..d73c6cdc9 100755 --- a/ietf/secr/templates/sreq/main.html +++ b/ietf/secr/templates/sreq/main.html @@ -1,4 +1,5 @@ {% extends "base_site.html" %} +{% load ietf_filters %} {% block title %}Sessions{% endblock %} @@ -18,7 +19,7 @@

    Sessions Request Tool: IETF {{ meeting.number }} - {% if request.user_is_secretariat %} + {% if user|has_role:"Secretariat" %} {% if is_locked %} Tool Status: Locked {% else %} diff --git a/ietf/secr/utils/decorators.py b/ietf/secr/utils/decorators.py index f4dc2d044..0fdfd5a0d 100644 --- a/ietf/secr/utils/decorators.py +++ b/ietf/secr/utils/decorators.py @@ -83,11 +83,10 @@ def check_permissions(func): def sec_only(func): """ This decorator checks that the user making the request is a secretariat user. - (Based on the cusotm user_is_secretariat request attribute) """ def wrapper(request, *args, **kwargs): # short circuit. secretariat user has full access - if request.user_is_secretariat: + if has_role(request.user, "Secretariat"): return func(request, *args, **kwargs) return render_to_response('unauthorized.html',{ diff --git a/ietf/settings.py b/ietf/settings.py index 9eba928fd..4d849749b 100644 --- a/ietf/settings.py +++ b/ietf/settings.py @@ -165,7 +165,6 @@ MIDDLEWARE_CLASSES = ( 'ietf.middleware.RedirectTrailingPeriod', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'ietf.middleware.UnicodeNfkcNormalization', - 'ietf.secr.middleware.secauth.SecAuthMiddleware' ) ROOT_URLCONF = 'ietf.urls' @@ -404,15 +403,6 @@ BIBXML_BASE_PATH = '/a/www/ietf-ftp/xml2rfc' TZDATA_ICS_PATH = BASE_DIR + '/../vzic/zoneinfo/' CHANGELOG_PATH = '/www/ietf-datatracker/web/changelog' -# Secretariat Tool -# this is a tuple of regular expressions. if the incoming URL matches one of -# these, than non secretariat access is allowed. -SECR_AUTH_UNRESTRICTED_URLS = ( - #(r'^/$'), - (r'^/secr/announcement/'), - (r'^/secr/proceedings/'), - (r'^/secr/sreq/'), -) SECR_BLUE_SHEET_PATH = '/a/www/ietf-datatracker/documents/blue_sheet.rtf' SECR_BLUE_SHEET_URL = 'https://datatracker.ietf.org/documents/blue_sheet.rtf' SECR_INTERIM_LISTING_DIR = '/a/www/www6/meeting/interim'

    Interim Meeting