From 359889c1f7583cc2ac31a3545852b7f4a8a60559 Mon Sep 17 00:00:00 2001
From: Robert Sparks <rjsparks@nostrum.com>
Date: Thu, 22 Jul 2021 18:34:57 +0000
Subject: [PATCH] Changed the signature of can_manage_all_groups_of_type to
 only take a type_id. Removed the logic that tried to distinguish permissions
 for teams by parent - that should be modeled as separate type_ids instead.
 Commit ready for merge.  - Legacy-Id: 19258

---
 ietf/doc/views_charter.py |  6 +++---
 ietf/doc/views_doc.py     |  2 +-
 ietf/group/milestones.py  |  2 +-
 ietf/group/utils.py       | 11 +++--------
 ietf/group/views.py       |  6 +++---
 5 files changed, 11 insertions(+), 16 deletions(-)

diff --git a/ietf/doc/views_charter.py b/ietf/doc/views_charter.py
index 7bba25061..447c72889 100644
--- a/ietf/doc/views_charter.py
+++ b/ietf/doc/views_charter.py
@@ -70,7 +70,7 @@ def change_state(request, name, option=None):
     charter = get_object_or_404(Document, type="charter", name=name)
     group = charter.group
 
-    if not can_manage_all_groups_of_type(request.user, group):
+    if not can_manage_all_groups_of_type(request.user, group.type_id):
         permission_denied(request, "You don't have permission to access this view.")
 
     chartering_type = get_chartering_type(charter)
@@ -261,7 +261,7 @@ def change_title(request, name, option=None):
     logging the title as a comment."""
     charter = get_object_or_404(Document, type="charter", name=name)
     group = charter.group
-    if not can_manage_all_groups_of_type(request.user, group):
+    if not can_manage_all_groups_of_type(request.user, group.type_id):
         permission_denied(request, "You don't have permission to access this view.")
     by = request.user.person
     if request.method == 'POST':
@@ -374,7 +374,7 @@ def submit(request, name, option=None):
         charter_canonical_name = name
         charter_rev = "00-00"
 
-    if not can_manage_all_groups_of_type(request.user, group) or not group.features.has_chartering_process:
+    if not can_manage_all_groups_of_type(request.user, group.type_id) or not group.features.has_chartering_process:
         permission_denied(request, "You don't have permission to access this view.")
 
 
diff --git a/ietf/doc/views_doc.py b/ietf/doc/views_doc.py
index f09ff7c92..b16c0a89a 100644
--- a/ietf/doc/views_doc.py
+++ b/ietf/doc/views_doc.py
@@ -510,7 +510,7 @@ def document_main(request, name, rev=None):
         if chartering and not snapshot:
             milestones = doc.group.groupmilestone_set.filter(state="charter")
 
-        can_manage = can_manage_all_groups_of_type(request.user, doc.group)
+        can_manage = can_manage_all_groups_of_type(request.user, doc.group.type_id)
 
         return render(request, "doc/document_charter.html",
                                   dict(doc=doc,
diff --git a/ietf/group/milestones.py b/ietf/group/milestones.py
index d368ed6d5..43748a1f2 100644
--- a/ietf/group/milestones.py
+++ b/ietf/group/milestones.py
@@ -112,7 +112,7 @@ def edit_milestones(request, acronym, group_type=None, milestone_set="current"):
     needs_review = False
     if can_manage_group(request.user, group):
         can_change_uses_milestone_dates = True
-        if not can_manage_all_groups_of_type(request.user, group):
+        if not can_manage_all_groups_of_type(request.user, group.type_id):
             # The user is chair or similar, not AD:
             can_change_uses_milestone_dates = False
             if milestone_set == "current":
diff --git a/ietf/group/utils.py b/ietf/group/utils.py
index 5dd7b5e1a..6563b10f5 100644
--- a/ietf/group/utils.py
+++ b/ietf/group/utils.py
@@ -106,21 +106,16 @@ def save_milestone_in_history(milestone):
     return h
 
 # TODO: rework this using features.groupman_authroles
-def can_manage_all_groups_of_type(user, group, type_id=None):
+def can_manage_all_groups_of_type(user, type_id):
     if not user.is_authenticated:
         return False
-    if type_id is None:
-        type_id = group.type_id
     log.assertion("isinstance(type_id, (type(''), type(u'')))")
     if type_id == "rg":
         return has_role(user, ('IRTF Chair', 'Secretariat'))
     elif type_id == "wg":
         return has_role(user, ('Area Director', 'Secretariat'))
     elif type_id == "team":
-        if group and group.is_decendant_of("ietf"):
-            return has_role(user, ('Area Director', 'Secretariat'))
-        elif group and group.is_decendant_of("irtf"):
-            return has_role(user, ('IRTF Chair', 'Secretariat'))
+        return has_role(user, ('Area Director', 'Secretariat'))
     elif type_id == "program":
         return has_role(user, ('IAB', 'Secretariat',))        
     return has_role(user, ('Secretariat'))
@@ -261,7 +256,7 @@ def construct_group_menu_context(request, group, selected, group_type, others):
     if group.features.customize_workflow and can_manage:
         actions.append(("Customize workflow", urlreverse("ietf.group.views.customize_workflow", kwargs=kwargs)))
 
-    if group.state_id in ("active", "dormant") and group.type_id in ["wg", "rg", ] and can_manage_all_groups_of_type(request.user, group):
+    if group.state_id in ("active", "dormant") and group.type_id in ["wg", "rg", ] and can_manage_all_groups_of_type(request.user, group.type_id):
         actions.append(("Request closing group", urlreverse("ietf.group.views.conclude", kwargs=kwargs)))
 
     d = {
diff --git a/ietf/group/views.py b/ietf/group/views.py
index fd30b258a..2d72f0352 100644
--- a/ietf/group/views.py
+++ b/ietf/group/views.py
@@ -392,7 +392,7 @@ def chartering_groups(request):
 
     for t in group_types:
         t.chartering_groups = Group.objects.filter(type=t, charter__states__in=charter_states,state_id__in=('active','bof','proposed','dormant')).select_related("state", "charter").order_by("acronym")
-        t.can_manage = can_manage_all_groups_of_type(request.user, None, t.slug)
+        t.can_manage = can_manage_all_groups_of_type(request.user, t.slug)
 
         for g in t.chartering_groups:
             g.chartering_type = get_chartering_type(g.charter)
@@ -523,7 +523,7 @@ def group_about(request, acronym, group_type=None):
     if group.state_id == "conclude":
         e = group.latest_event(type='closing_note')
 
-    can_manage = can_manage_all_groups_of_type(request.user, group)
+    can_manage = can_manage_all_groups_of_type(request.user, group.type_id)
     charter_submit_url = "" 
     if group.features.has_chartering_process: 
         charter_submit_url = urlreverse('ietf.doc.views_charter.submit', kwargs={ "name": charter_name_for_group(group) }) 
@@ -1077,7 +1077,7 @@ def conclude(request, acronym, group_type=None):
     """Request the closing of group, prompting for instructions."""
     group = get_group_or_404(acronym, group_type)
 
-    if not can_manage_all_groups_of_type(request.user, group):
+    if not can_manage_all_groups_of_type(request.user, group.type_id):
         permission_denied(request, "You don't have permission to access this view")
 
     if request.method == 'POST':