Merged in [19030] from mark@painless-security.com:

First swipe at making past sessions unchangable for official schedules This change locks down the schedule of any meeting that is fully in the past. It leaves open sessions that have finished for meetings that have not yet finished. Addresses (partially) issue #3083. - Legacy-Id: 19063 Note: SVN reference [19030] has been migrated to Git commit e3ee370981
2021-06-02 18:32:28 +00:00 · 2021-06-02 18:32:28 +00:00 · 96602e1eb9
parent 11d420bf69 e3ee370981
commit 96602e1eb9
5 changed files with 65 additions and 3 deletions
--- a/ietf/meeting/helpers.py
+++ b/ietf/meeting/helpers.py
@ -358,7 +358,7 @@ def schedule_permissions(meeting, schedule, user):

    if user_is_person(user, schedule.owner):
        cansee = True
-        canedit = True
+        canedit = not schedule.is_official_record

    return cansee, canedit, secretariat

--- a/ietf/meeting/models.py
+++ b/ietf/meeting/models.py
@ -684,6 +684,11 @@ class Schedule(models.Model):
    def is_official(self):
        return (self.meeting.schedule == self)

+    @property
+    def is_official_record(self):
+        return (self.is_official and
+                self.meeting.end_date() <= datetime.date.today() )
+
    # returns a dictionary {group -> [schedtimesessassignment+]}
    # and it has [] if the session is not placed.
    # if there is more than one session for that group,
--- a/ietf/meeting/tests_views.py
+++ b/ietf/meeting/tests_views.py
@ -1221,7 +1221,55 @@ class EditTests(TestCase):
        self.client.login(username="secretary", password="secretary+password")
        r = self.client.get(urlreverse("ietf.meeting.views.edit_schedule", kwargs=dict(num=meeting.number)))
        self.assertContains(r, "load_assignments")
- 
+
+    def test_official_record_schedule_is_read_only(self):
+        def _set_date_offset_and_retrieve_page(meeting, days_offset, client):
+            meeting.date = datetime.date.today() + datetime.timedelta(days=days_offset)
+            meeting.save()
+            client.login(username="secretary", password="secretary+password")
+            url = urlreverse("ietf.meeting.views.edit_meeting_schedule", kwargs=dict(num=meeting.number)) 
+            r = client.get(url)
+            q = PyQuery(r.content)
+            return(r, q)
+
+        # Setup
+        ####################################################################################
+
+        # Basic test data
+        meeting = make_meeting_test_data()
+
+        # Set the secretary as the owner of the schedule
+        schedule = meeting.schedule
+        schedule.owner = Person.objects.get(user__username="secretary")
+        schedule.save()
+
+        # Tests
+        ####################################################################################
+
+        # 1) Check that we get told the page is not editable
+        #######################################################
+        r, q = _set_date_offset_and_retrieve_page(meeting,
+                                                  0 - 2 - meeting.days, # Meeting ended 2 days ago
+                                                  self.client)
+        self.assertTrue(q("""em:contains("You can't edit this schedule")"""))
+        self.assertTrue(q("""em:contains("This is the official schedule for a meeting in the past")"""))
+
+        # 2) An ongoing meeting
+        #######################################################
+        r, q = _set_date_offset_and_retrieve_page(meeting,
+                                                  0, # Meeting starts today
+                                                  self.client)
+        self.assertFalse(q("""em:contains("You can't edit this schedule")"""))
+        self.assertFalse(q("""em:contains("This is the official schedule for a meeting in the past")"""))
+
+        # 3) A meeting in the future
+        #######################################################
+        r, q = _set_date_offset_and_retrieve_page(meeting,
+                                                  7, # Meeting starts next week
+                                                  self.client)
+        self.assertFalse(q("""em:contains("You can't edit this schedule")"""))
+        self.assertFalse(q("""em:contains("This is the official schedule for a meeting in the past")"""))
+
    def test_edit_meeting_schedule(self):
        meeting = make_meeting_test_data()

--- a/ietf/templates/meeting/edit_meeting_schedule.html
+++ b/ietf/templates/meeting/edit_meeting_schedule.html
@ -46,7 +46,13 @@
      {% if not can_edit %}
        &middot;

-        <strong><em>You can't edit this schedule. Make a <a href="{% url "ietf.meeting.views.new_meeting_schedule" num=meeting.number owner=schedule.owner_email name=schedule.name %}">new agenda from this</a>.</em></strong>
+      <strong>
+        <em>
+          You can't edit this schedule.
+          {% if schedule.is_official_record %}This is the official schedule for a meeting in the past.{% endif %}
+          Make a <a href="{% url "ietf.meeting.views.new_meeting_schedule" num=meeting.number owner=schedule.owner_email name=schedule.name %}">new agenda from this</a>.
+        </em>
+      </strong>
      {% endif %}
    </p>

--- a/ietf/templates/meeting/landscape_edit.html
+++ b/ietf/templates/meeting/landscape_edit.html
@ -107,6 +107,9 @@ promiselist.push(ss_promise);
  {% origin %}
 <div id="read_only">
  <p>You do not have write permission to agenda: {{schedule.name}}</p>
+  {% if schedule.is_official_record %}
+  <p>This is the official schedule for a meeting in the past.</p>
+  {% endif %}
  <p>Please save this agenda to your account first.</p>
 </div>