cleaned up permissions on dajaxice calls, ported and expanded more tests, refactored sendEmail, made a secr filter more robust

- Legacy-Id: 7457

ietf/meeting/ajax.py

@@ -53,9 +53,12 @@ def readonly(request, meeting_num, schedule_id):
          'owner_href':  request.build_absolute_uri(schedule.owner.json_url()),
          'read_only':   read_only})
 
-@role_required('Area Director','Secretariat')
 @dajaxice_register
 def update_timeslot_pinned(request, schedule_id, scheduledsession_id, pinned=False):
+
+    if not has_role(request.user,('Area Director','Secretariat')):
+        return json.dumps({'error':'no permission'})
+
     schedule = get_object_or_404(Schedule, pk = int(schedule_id))
     meeting  = schedule.meeting
     cansee,canedit = agenda_permissions(meeting, schedule, request.user)
@@ -75,7 +78,6 @@ def update_timeslot_pinned(request, schedule_id, scheduledsession_id, pinned=Fal
 
     return json.dumps({'message':'valid'})
 
-@role_required('Secretariat')
 @dajaxice_register
 def update_timeslot_purpose(request,
                             meeting_num,
@@ -85,6 +87,9 @@ def update_timeslot_purpose(request,
                             duration= None,
                             time    = None):
 
+    if not has_role(request.user,'Secretariat'):
+        return json.dumps({'error':'no permission'})
+
     meeting = get_meeting(meeting_num)
     ts_id = int(timeslot_id)
     time_str = time

ietf/meeting/models.py

@@ -206,11 +206,20 @@ class Meeting(models.Model):
         return ''
 
     def set_official_agenda(self, agenda):
+        # send_notification should be refactored into Session
+        from ietf.secr.meetings.views import send_notification
         if self.agenda != agenda:
             self.agenda = agenda
             self.save()
             if self.agenda is not None:
-                self.agenda.sendEmail()
+                for ss in self.agenda.scheduledsession_set.all():
+                    session = ss.session
+                    if session.status.slug == "schedw":
+                        session.status_id = "sched"
+                        session.scheduled = datetime.datetime.now()
+                        session.save()
+                        # refactoring send_notification will obviate this odd hoop-jump
+                        send_notification(None, Session.objects.filter(id=session.id))
 
     class Meta:
         ordering = ["-date", ]
@@ -604,18 +613,6 @@ class Schedule(models.Model):
         self.scheduledsession_set.all().delete()
         self.delete()
 
-    # send email to every session requester whose session is now scheduled.
-    # mark the sessions as now state scheduled, rather than waiting.
-    def sendEmail(self):
-        for ss in self.scheduledsession_set.all():
-            session = ss.session
-            if session.status.slug == "schedw":
-                session.status_id = "sched"
-                session.scheduled = datetime.datetime.now()
-                session.save()
-                from ietf.secr.meetings.views import send_notification
-                send_notification(None, Session.objects.filter(id=session.id))
-
 # to be renamed ScheduleTimeslotSessionAssignments (stsa)
 class ScheduledSession(models.Model):
     """

ietf/meeting/test_data.py

@@ -23,7 +23,7 @@ def make_meeting_test_data():
                                    time=datetime.datetime.combine(datetime.date.today(), datetime.time(9, 30)))
     mars_session = Session.objects.create(meeting=meeting, group=Group.objects.get(acronym="mars"),
                                           attendees=10, requested_by=system_person,
-                                          requested_duration=20, status_id="sched",
+                                          requested_duration=20, status_id="schedw",
                                           scheduled=datetime.datetime.now())
     ScheduledSession.objects.create(timeslot=slot, session=mars_session, schedule=schedule)
 
@@ -32,7 +32,7 @@ def make_meeting_test_data():
                                    time=datetime.datetime.combine(datetime.date.today(), datetime.time(10, 30)))
     ames_session = Session.objects.create(meeting=meeting, group=Group.objects.get(acronym="ames"),
                                           attendees=10, requested_by=system_person,
-                                          requested_duration=20, status_id="sched",
+                                          requested_duration=20, status_id="schedw",
                                           scheduled=datetime.datetime.now())
     ScheduledSession.objects.create(timeslot=slot, session=ames_session, schedule=schedule)
 

ietf/meeting/tests_api.py

@@ -10,6 +10,7 @@ from ietf.group.models import Group
 from ietf.meeting.models import Schedule, TimeSlot, Session, ScheduledSession, Meeting, Constraint
 from ietf.meeting.helpers import get_meeting
 from ietf.meeting.test_data import make_meeting_test_data
+from ietf.utils.mail import outbox
 
 
 class ApiTests(TestCase):
@@ -173,9 +174,26 @@ class ApiTests(TestCase):
 
         url = urlreverse("ietf.person.ajax.person_json", kwargs=dict(personid=person.pk))
         r = self.client.get(url)
+        self.assertEqual(r.status_code, 200)
         info = json.loads(r.content)
         self.assertEqual(info["name"], person.name)
 
+    def test_sessions_json(self):
+        meeting = make_meeting_test_data()
+ 
+        url = urlreverse("ietf.meeting.ajax.sessions_json",kwargs=dict(num=meeting.number))
+        r = self.client.get(url)
+        self.assertEqual(r.status_code, 200)
+        info = json.loads(r.content)
+        self.assertEqual(set([x['short_name'] for x in info]),set(['mars','ames']))
+
+        schedule = Schedule.objects.filter(meeting=meeting).first()
+        url = urlreverse("ietf.meeting.ajax.scheduledsessions_json",kwargs=dict(num=meeting.number,name=schedule.name))
+        self.assertEqual(r.status_code, 200)
+        info = json.loads(r.content)
+        self.assertEqual(set([x['short_name'] for x in info]),set(['mars','ames']))
+
+
     def test_slot_json(self):
         meeting = make_meeting_test_data()
         slot = meeting.timeslot_set.all()[0]
@@ -183,6 +201,7 @@ class ApiTests(TestCase):
         url = urlreverse("ietf.meeting.ajax.timeslot_sloturl",
                          kwargs=dict(num=meeting.number, slotid=slot.pk))
         r = self.client.get(url)
+        self.assertEqual(r.status_code, 200)
         info = json.loads(r.content)
         self.assertEqual(info["timeslot_id"], slot.pk)
 
@@ -200,15 +219,18 @@ class ApiTests(TestCase):
         }
 
         # unauthorized post
+        prior_slotcount = meeting.timeslot_set.count()
         self.client.login(remote_user="ad")
         r = self.client.post(url, post_data)
         self.assertEqual(r.status_code, 403)
+        self.assertEqual(meeting.timeslot_set.count(),prior_slotcount)
 
-        # create room
+        # create slot
         self.client.login(remote_user="secretary")
         r = self.client.post(url, post_data)
         self.assertEqual(r.status_code, 302)
         self.assertTrue(meeting.timeslot_set.filter(time=slot_time))
+        self.assertEqual(meeting.timeslot_set.count(),prior_slotcount+1)
 
     def test_delete_slot(self):
         meeting = make_meeting_test_data()
@@ -343,9 +365,19 @@ class ApiTests(TestCase):
         schedule.public = True
         schedule.save()
 
+        prior_length= len(outbox)
         r = self.client.post(url, post_data)
         self.assertEqual(r.status_code, 200)
         self.assertEqual(Meeting.objects.get(pk=meeting.pk).agenda, schedule)
+        self.assertEqual(len(outbox),prior_length+2)
+
+        # Post it again, and make sure mail isn't resent
+
+        prior_length= len(outbox)
+        r = self.client.post(url, post_data)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(Meeting.objects.get(pk=meeting.pk).agenda, schedule)
+        self.assertEqual(len(outbox),prior_length)
 
     def test_read_only(self):
         meeting = make_meeting_test_data()
@@ -404,3 +436,60 @@ class ApiTests(TestCase):
         r = self.client.post(url, post_data)
         self.assertEqual(r.status_code, 200)
         self.assertTrue(ScheduledSession.objects.get(pk=scheduled.pk).pinned)
+
+class UnusedButExposedApiTests(TestCase):
+
+    def test_manipulate_timeslot_via_dajaxice(self):
+        meeting = make_meeting_test_data()
+        slot_time = datetime.date.today()
+
+        url = '/dajaxice/ietf.meeting.update_timeslot_purpose/'
+
+        create_post_data = {
+            'argv' : json.dumps({  
+                "meeting_num" : meeting.number,
+                "timeslot_id" : 0,
+                "purpose"     : "plenary",
+                "room_id"     : meeting.room_set.first().id,
+                "time"        : slot_time.strftime("%Y-%m-%d %H:%M:%S"),
+                "duration"    : 3600
+        })}
+
+        prior_timeslot_count = meeting.timeslot_set.count()
+        # Create as nobody should fail
+        r = self.client.post(url, create_post_data)
+        self.assertEqual(r.status_code, 200)
+        info = json.loads(r.content)
+        self.assertTrue('error' in info and info['error']=='no permission')
+        self.assertEqual(meeting.timeslot_set.count(),prior_timeslot_count)
+
+        # Successful create
+        self.client.login(remote_user="secretary")
+        r = self.client.post(url, create_post_data)
+        self.assertEqual(r.status_code, 200)
+        info = json.loads(r.content)
+        self.assertFalse('error' in info)
+        self.assertTrue('roomtype' in info)
+        self.assertEqual(info['roomtype'],'plenary')
+        self.assertEqual(meeting.timeslot_set.count(),prior_timeslot_count+1)
+
+        modify_post_data = {
+            'argv' : json.dumps({  
+                "meeting_num" : meeting.number,
+                "timeslot_id" : meeting.timeslot_set.get(time=slot_time).id,
+                "purpose"     : "session"
+        })}
+
+        # Fail as non-secretariat
+        self.client.login(remote_user="plain")
+        r = self.client.post(url, modify_post_data)
+        self.assertEqual(r.status_code, 200)
+        info = json.loads(r.content)
+        self.assertTrue('error' in info and info['error']=='no permission')
+        self.assertEqual(meeting.timeslot_set.get(time=slot_time).type.name,'Plenary')
+
+        # Successful change of purpose
+        self.client.login(remote_user="secretary")
+        r = self.client.post(url, modify_post_data)
+        self.assertEqual(r.status_code, 200)
+        self.assertEqual(meeting.timeslot_set.get(time=slot_time).type.name,'Session')

ietf/secr/meetings/views.py

@@ -273,6 +273,13 @@ def add(request):
         if form.is_valid():
             meeting = form.save()
 
+            schedule = Schedule.objects.create(meeting = meeting,
+                                               name    = 'Empty Schedule',
+                                               owner   = Person.objects.get(name='(System)'),
+                                               visible = True,
+                                               public  = True)
+            meeting.set_official_agenda(schedule)
+
             #Create Physical new meeting directory and subdirectories
             make_directories(meeting)
 

ietf/secr/proceedings/templatetags/ams_filters.py

@@ -31,7 +31,11 @@ def display_duration(value):
            '5400':'1.5 Hours',
            '7200':'2 Hours',
            '9000':'2.5 Hours'}
-    return map[value]
+    if value in map:
+        return map[value]
+    else:
+        x=int(value)
+        return "%d Hours %d Minutes %d Seconds"%(x//3600,(x%3600)//60,x%60)
 
 @register.filter
 def get_published_date(doc):