From b4ac9f83f1d0ddef9e1702f31589d172132111e4 Mon Sep 17 00:00:00 2001 From: Robert Sparks Date: Thu, 16 Jan 2020 21:19:29 +0000 Subject: [PATCH] Restrict the ability to change whether a group uses milestone dates to the ADs and the secretariat. Fixes #2869. Commit ready for merge. - Legacy-Id: 17234 --- ietf/group/milestones.py | 29 ++++++++++++++--------- ietf/group/tests_info.py | 23 ++++++++++++++---- ietf/static/ietf/js/edit-milestones.js | 9 +++++-- ietf/templates/group/edit_milestones.html | 16 +++++++------ 4 files changed, 53 insertions(+), 24 deletions(-) diff --git a/ietf/group/milestones.py b/ietf/group/milestones.py index 0190eba47..84e039217 100644 --- a/ietf/group/milestones.py +++ b/ietf/group/milestones.py @@ -6,6 +6,7 @@ import calendar from django import forms from django.contrib import messages +from django.core.exceptions import PermissionDenied from django.http import HttpResponseForbidden, HttpResponseBadRequest, HttpResponseRedirect, Http404 from django.shortcuts import render, redirect from django.contrib.auth.decorators import login_required @@ -107,8 +108,10 @@ def edit_milestones(request, acronym, group_type=None, milestone_set="current"): needs_review = False if can_manage_group(request.user, group): + can_change_uses_milestone_dates = True if not can_manage_group_type(request.user, group): # The user is chair or similar, not AD: + can_change_uses_milestone_dates = False if milestone_set == "current": needs_review = True else: @@ -299,17 +302,20 @@ def edit_milestones(request, acronym, group_type=None, milestone_set="current"): action = request.POST.get("action", "review") if action == "switch": - if group.uses_milestone_dates: - group.uses_milestone_dates=False - group.save() - for order, milestone in enumerate(group.groupmilestone_set.filter(state_id='active').order_by('due','id')): - milestone.order = order - milestone.save() + if can_change_uses_milestone_dates: + if group.uses_milestone_dates: + group.uses_milestone_dates=False + group.save() + for order, milestone in enumerate(group.groupmilestone_set.filter(state_id='active').order_by('due','id')): + milestone.order = order + milestone.save() + else: + group.uses_milestone_dates=True + group.save() + for m in milestones: + forms.append(MilestoneForm(needs_review, reviewer, instance=m, uses_dates=group.uses_milestone_dates)) else: - group.uses_milestone_dates=True - group.save() - for m in milestones: - forms.append(MilestoneForm(needs_review, reviewer, instance=m, uses_dates=group.uses_milestone_dates)) + raise PermissionDenied else: # parse out individual milestone forms for prefix in request.POST.getlist("prefix"): @@ -383,7 +389,8 @@ def edit_milestones(request, acronym, group_type=None, milestone_set="current"): milestone_set=milestone_set, needs_review=needs_review, reviewer=reviewer, - can_reset=can_reset)) + can_reset=can_reset, + can_change_uses_milestone_dates=can_change_uses_milestone_dates)) @login_required def reset_charter_milestones(request, group_type, acronym): diff --git a/ietf/group/tests_info.py b/ietf/group/tests_info.py index e2b87946b..1a103c1a3 100644 --- a/ietf/group/tests_info.py +++ b/ietf/group/tests_info.py @@ -1063,7 +1063,9 @@ class MilestoneTests(TestCase): class DatelessMilestoneTests(TestCase): def test_switch_to_dateless(self): - ms = DatedGroupMilestoneFactory() + ad_role = RoleFactory(group__type_id='area',name_id='ad') + ms = DatedGroupMilestoneFactory(group__parent=ad_role.group) + ad = ad_role.person chair = RoleFactory(group=ms.group,name_id='chair').person url = urlreverse('ietf.group.milestones.edit_milestones;current', kwargs=dict(acronym=ms.group.acronym)) @@ -1072,6 +1074,18 @@ class DatelessMilestoneTests(TestCase): r = self.client.get(url) self.assertEqual(r.status_code, 200) q = PyQuery(r.content) + self.assertEqual(len(q('#switch-date-use-form')),0) + + r = self.client.post(url, dict(action="switch")) + self.assertEqual(r.status_code, 403) + + self.client.logout() + self.client.login(username=ad.user.username, password='%s+password' % ad.user.username) + + r = self.client.get(url) + self.assertEqual(r.status_code, 200) + q = PyQuery(r.content) + self.assertEqual(len(q('#switch-date-use-form')),1) self.assertEqual(len(q('#uses_milestone_dates')),1) r = self.client.post(url, dict(action="switch")) @@ -1085,11 +1099,12 @@ class DatelessMilestoneTests(TestCase): self.assertEqual(len(q('#uses_milestone_dates')),0) def test_switch_to_dated(self): - ms = DatelessGroupMilestoneFactory() - chair = RoleFactory(group=ms.group,name_id='chair').person + ad_role = RoleFactory(group__type_id='area',name_id='ad') + ms = DatelessGroupMilestoneFactory(group__parent=ad_role.group) + ad = ad_role.person url = urlreverse('ietf.group.milestones.edit_milestones;current', kwargs=dict(acronym=ms.group.acronym)) - login_testing_unauthorized(self, chair.user.username, url) + login_testing_unauthorized(self, ad.user.username, url) r = self.client.get(url) self.assertEqual(r.status_code, 200) diff --git a/ietf/static/ietf/js/edit-milestones.js b/ietf/static/ietf/js/edit-milestones.js index ed52eed02..0165bbf8e 100644 --- a/ietf/static/ietf/js/edit-milestones.js +++ b/ietf/static/ietf/js/edit-milestones.js @@ -3,6 +3,7 @@ $(document).ready(function () { var milestonesForm = $('#milestones-form'); var group_uses_milestone_dates = ( $('#uses_milestone_dates').length > 0 ); var milestone_order_has_changed = false; + var switch_date_use_form = $("#switch-date-use-form") // make sure we got the lowest number for idCounter milestonesForm.find('.edit-milestone input[name$="-id"]').each(function () { @@ -14,7 +15,9 @@ $(document).ready(function () { function setChanged() { $(this).closest(".edit-milestone").addClass("changed"); setSubmitButtonState(); - $("#switch-date-use-form").hide(); + if (switch_date_use_form) { + switch_date_use_form.hide(); + } } milestonesForm.on("change", '.edit-milestone select,.edit-milestone input,.edit-milestone textarea', setChanged); @@ -166,7 +169,9 @@ $(document).ready(function () { milestone_order_has_changed = true; setSubmitButtonState(); setOrderControlValue(); - $("#switch-date-use-form").hide(); + if (switch_date_use_form) { + switch_date_use_form.hide(); + } } diff --git a/ietf/templates/group/edit_milestones.html b/ietf/templates/group/edit_milestones.html index 1cff88311..18926ce73 100644 --- a/ietf/templates/group/edit_milestones.html +++ b/ietf/templates/group/edit_milestones.html @@ -26,13 +26,15 @@

-
-
{% csrf_token %} - -
-
+ {% if can_change_uses_milestone_dates %} +
+
{% csrf_token %} + +
+
+ {% endif %}