From 311b4728e15e4d6da35a0e6d7a0d89ff2f36e58b Mon Sep 17 00:00:00 2001
From: Robert Sparks <rjsparks@nostrum.com>
Date: Thu, 2 Sep 2021 23:25:36 +0000
Subject: [PATCH] Restore ADs ability to charter new groups. Fixes #3397.
 Commit ready for merge,  - Legacy-Id: 19315

---
 ietf/group/tests_info.py | 27 +++++++++++++++++----------
 ietf/group/views.py      |  3 ++-
 2 files changed, 19 insertions(+), 11 deletions(-)

diff --git a/ietf/group/tests_info.py b/ietf/group/tests_info.py
index 97e65cd2a..edd374733 100644
--- a/ietf/group/tests_info.py
+++ b/ietf/group/tests_info.py
@@ -479,11 +479,16 @@ class GroupEditTests(TestCase):
         area = Group.objects.filter(type="area").first()
 
         # normal get
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 200)
-        q = PyQuery(r.content)
-        self.assertEqual(len(q('form input[name=acronym]')), 1)
+        for username in ("secretary","ad","irtf-chair"):
+            self.client.logout()
+            login_testing_unauthorized(self, username, url)
+            r = self.client.get(url)
+            self.assertEqual(r.status_code, 200)
+            q = PyQuery(r.content)
+            self.assertEqual(len(q('form input[name=acronym]')), 1)
 
+        self.client.logout()
+        login_testing_unauthorized(self, "secretary", url)
         # faulty post
         r = self.client.post(url, dict(acronym="foobarbaz")) # No name
         self.assertEqual(r.status_code, 200)
@@ -527,7 +532,6 @@ class GroupEditTests(TestCase):
     def test_create_rg(self):
 
         url = urlreverse('ietf.group.views.edit', kwargs=dict(group_type="rg", action="charter"))
-        login_testing_unauthorized(self, "secretary", url)
 
         irtf = Group.objects.get(acronym='irtf')
         num_rgs = len(Group.objects.filter(type="rg"))
@@ -535,11 +539,14 @@ class GroupEditTests(TestCase):
         proposed_state = GroupStateName.objects.get(slug="proposed")
 
         # normal get
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 200)
-        q = PyQuery(r.content)
-        self.assertEqual(len(q('form input[name=acronym]')), 1)
-        self.assertEqual(q('form select[name=parent]')[0].value,'%s'%irtf.pk)
+        for username in ("secretary", "ad", "irtf-chair"):
+            self.client.logout()
+            login_testing_unauthorized(self, username, url)
+            r = self.client.get(url)
+            self.assertEqual(r.status_code, 200)
+            q = PyQuery(r.content)
+            self.assertEqual(len(q('form input[name=acronym]')), 1)
+            self.assertEqual(q('form select[name=parent]')[0].value,'%s'%irtf.pk)
 
         r = self.client.post(url, dict(acronym="testrg", name="Testing RG", state=proposed_state.pk, parent=irtf.pk))
         self.assertEqual(r.status_code, 302)
diff --git a/ietf/group/views.py b/ietf/group/views.py
index c1f71f894..560819de6 100644
--- a/ietf/group/views.py
+++ b/ietf/group/views.py
@@ -904,7 +904,8 @@ def edit(request, group_type=None, acronym=None, action="edit", field=None):
                 or group.has_role(request.user, group.features.groupman_roles)):
             permission_denied(request, "You don't have permission to access this view")
     else:
-        if not has_role(request.user, "Secretariat"):
+        # This allows ADs to create RG and the IRTF Chair to create WG, but we trust them not to
+        if not has_role(request.user, ("Secretariat", "Area Director", "IRTF Chair")):
              permission_denied(request, "You don't have permission to access this view")