altf4arnold/datatracker
1
0
Fork 0
Code Issues Pull requests Actions 3 Packages Projects Releases Wiki Activity

Check if the user has permission to edit a liaison. See #577

Browse source 
- Legacy-Id: 2785
This commit is contained in:
Emilio A. Sánchez López 2011-02-01 17:21:04 +00:00
parent 31ae2edb8f
commit 79785fe75b
3 changed files with 51 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
ietf/liaisons/accounts.py
View file

@ -3,6 +3,7 @@ from ietf.idtracker.models import Role, PersonOrOrgInfo
LIAISON_EDIT_GROUPS = ['Secretariat']
def get_ietf_chair():
person = PersonOrOrgInfo.objects.filter(role=Role.IETF_CHAIR)
return person and person[0] or None
@ -96,3 +97,44 @@ def can_add_incoming_liaison(user):
def can_add_liaison(user):
return can_add_incoming_liaison(user) or can_add_outgoing_liaison(user)
def is_sdo_manager_for_outgoing_liaison(person, liaison):
from ietf.liaisons.utils import IETFHM, SDOEntity
from ietf.liaisons.models import SDOs
from_entity = IETFHM.get_entity_by_key(liaison.from_raw_code)
sdo = None
if not from_entity:
sdo = SDOs.objects.get(sdo_name=liaison.from_body())
elif isinstance(from_entity, SDOEntity):
sdo = from_entity.obj
if sdo:
return bool(sdo.liaisonmanagers_set.filter(person=person))
return False
def is_sdo_manager_for_incoming_liaison(person, liaison):
from ietf.liaisons.utils import IETFHM, SDOEntity
from ietf.liaisons.models import SDOs
to_entity = IETFHM.get_entity_by_key(liaison.to_raw_code)
sdo = None
if not to_entity:
try:
sdo = SDOs.objects.get(sdo_name=liaison.to_body)
except SDOs.DoesNotExist:
pass
elif isinstance(to_entity, SDOEntity):
sdo = to_entity.obj
if sdo:
return bool(sdo.liaisonmanagers_set.filter(person=person))
return False
def can_edit_liaison(user, liaison):
if is_secretariat(user):
return True
person = get_person_for_user(user)
if is_sdo_liaison_manager(person):
return (is_sdo_manager_for_outgoing_liaison(person, liaison) or
is_sdo_manager_for_incoming_liaison(person, liaison))
return False

2
ietf/liaisons/utils.py
View file

@ -321,6 +321,8 @@ class IETFHierarchyManager(object):
}
def get_entity_by_key(self, entity_id):
if not entity_id:
return None
id_list = entity_id.split('_', 1)
key = id_list[0]
pk = None

10
ietf/liaisons/views.py
View file

@ -6,7 +6,7 @@ from django.conf import settings
from django.core.urlresolvers import reverse
from django.db.models import Q
from django.forms.fields import email_re
from django.http import HttpResponse, HttpResponseRedirect
from django.http import HttpResponse, HttpResponseRedirect, HttpResponseForbidden
from django.shortcuts import render_to_response, get_object_or_404
from django.template import RequestContext
from django.utils import simplejson
@ -14,7 +14,8 @@ from django.views.generic.list_detail import object_list, object_detail
from ietf.liaisons.accounts import (get_person_for_user, can_add_outgoing_liaison,
can_add_incoming_liaison, LIAISON_EDIT_GROUPS,
is_ietfchair, is_iabchair, is_iab_executive_director)
is_ietfchair, is_iabchair, is_iab_executive_director,
can_edit_liaison)
from ietf.liaisons.decorators import can_submit_liaison
from ietf.liaisons.forms import liaison_form_factory
from ietf.liaisons.models import LiaisonDetail, OutgoingLiaisonApproval
@ -210,7 +211,7 @@ def liaison_detail(request, object_id):
can_edit = False
user = request.user
can_take_care = _can_take_care(liaison, user)
if user.is_authenticated() and user.groups.filter(name__in=LIAISON_EDIT_GROUPS):
if user.is_authenticated() and can_edit_liaison(user, liaison):
can_edit = True
if request.method == 'POST' and request.POST.get('do_taken_care', None) and can_take_care:
liaison.taken_care = True
@ -227,6 +228,9 @@ def liaison_detail(request, object_id):
def liaison_edit(request, object_id):
liaison = get_object_or_404(LiaisonDetail, pk=object_id)
user = request.user
if not (user.is_authenticated() and can_edit_liaison(user, liaison)):
return HttpResponseForbidden('You have no permission to edit this liaison')
return add_liaison(request, liaison=liaison)
def ajax_liaison_list(request):