Fix permission bug, secretaries should be able to request reviews

- Legacy-Id: 12191
2016-10-20 19:57:39 +00:00 · 2016-10-20 19:57:39 +00:00 · 2548153894
parent 31931ee0e8
commit 2548153894
2 changed files with 4 additions and 3 deletions
--- a/ietf/doc/tests_review.py
+++ b/ietf/doc/tests_review.py
@ -48,7 +48,7 @@ class ReviewTests(TestCase):
        review_team = review_req.team

        url = urlreverse('ietf.doc.views_review.request_review', kwargs={ "name": doc.name })
-        login_testing_unauthorized(self, "secretary", url)
+        login_testing_unauthorized(self, "reviewsecretary", url)

        # get
        r = self.client.get(url)
--- a/ietf/review/utils.py
+++ b/ietf/review/utils.py
@ -27,13 +27,14 @@ def can_request_review_of_doc(user, doc):
    if not user.is_authenticated():
        return False

-    return is_authorized_in_doc_stream(user, doc)
+    return (is_authorized_in_doc_stream(user, doc)
+            or Role.objects.filter(person__user=user, name="secr", group__in=active_review_teams).exists())

 def can_manage_review_requests_for_team(user, team, allow_non_team_personnel=True):
    if not user.is_authenticated():
        return False

-    return (Role.objects.filter(name__in=["secr", "delegate"], person__user=user, group=team).exists()
+    return (Role.objects.filter(name="secr", person__user=user, group=team).exists()
            or (allow_non_team_personnel and has_role(user, "Secretariat")))

 def review_requests_to_list_for_docs(docs):