Permission refactor and form to create a new process

30e925c8 · Enrico Zini · 2c7a0d62 · 30e925c8 · 30e925c8 · 30e925c8
Commit 30e925c8 authored Mar 13, 2012 by Enrico Zini
--- a/backend/auth.py
+++ b/backend/auth.py
@@ -112,8 +112,7 @@ def is_am(view_func):
    def _wrapped_view(request, *args, **kwargs):
        if request.user.is_anonymous():
            return redirect("https://sso.debian.org/sso/login")
-        person = request.user.get_profile()
-        if not person.is_am:
+        if not request.am:
            return http.HttpResponseForbidden("This page is restricted to AMs")
        return view_func(request, *args, **kwargs)
    return _wrapped_view
@@ -126,8 +125,7 @@ def is_fd(view_func):
    def _wrapped_view(request, *args, **kwargs):
        if request.user.is_anonymous():
            return redirect("https://sso.debian.org/sso/login")
-        person = request.user.get_profile()
-        if not person.is_am or not person.am.is_fd:
+        if not request.am or not request.am.is_fd:
            return http.HttpResponseForbidden("This page is restricted to Front Desk members")
        return view_func(request, *args, **kwargs)
    return _wrapped_view
@@ -140,8 +138,20 @@ def is_dam(view_func):
    def _wrapped_view(request, *args, **kwargs):
        if request.user.is_anonymous():
            return redirect("https://sso.debian.org/sso/login")
-        person = request.user.get_profile()
-        if not person.is_am or not person.am.is_dam:
+        if not request.am or not request.am.is_dam:
            return http.HttpResponseForbidden("This page is restricted to Debian Account Managers")
        return view_func(request, *args, **kwargs)
    return _wrapped_view
+
+def is_admin(view_func):
+    """
+    Decorator for views that are restricted to FD and DAMs
+    """
+
+    def _wrapped_view(request, *args, **kwargs):
+        if request.user.is_anonymous():
+            return redirect("https://sso.debian.org/sso/login")
+        if not request.am or not request.am.is_admin:
+            return http.HttpResponseForbidden("This page is restricted to Front Desk members and Debian Account Managers")
+        return view_func(request, *args, **kwargs)
+    return _wrapped_view
--- a/backend/models.py
+++ b/backend/models.py
@@ -87,6 +87,12 @@ class Person(models.Model):
        except AM.DoesNotExist:
            return False

+    @property
+    def is_admin(self):
+        am = self.am_or_none
+        if am is None: return False
+        return am.is_admin
+
    @property
    def am_or_none(self):
        try:
@@ -210,6 +216,10 @@ class AM(models.Model):
    def get_absolute_url(self):
        return ("public_person", (), dict(key=self.person.lookup_key))

+    @property
+    def is_admin(self):
+        return self.is_fd or self.is_dam
+
    def applicant_stats(self):
        """
        Return 4 stats about the am (cur, max, hold, done).

--- a/backend/templatetags/perms.py
+++ b/backend/templatetags/perms.py
@@ -6,12 +6,3 @@ register = template.Library()
 @register.filter
 def editable_by(value, arg):
    return value.can_be_edited(arg)
-
-@register.filter
-def is_admin(value):
-    # Make sure we work with an AM
-    if hasattr(value, "am_or_none"):
-        value = value.am_or_none
-    if value is None:
-        return False
-    return value.is_fd or value.is_dam
--- a/public/templates/public/person.html
+++ b/public/templates/public/person.html
@@ -60,7 +60,7 @@
 {% block breadcrumbs %}{{block.super}} / <a href="{% url public_people %}">people</a> / {{person.uid|default:person.fullname}}{% endblock %}

 {% block relatedpages %}
-{% if request.am|is_admin %}
+{% if request.am.is_admin %}
 <a href="{% url admin:backend_person_change person.id  %}">admin</a>
 {% endif %}
 {{block.super}}
@@ -96,6 +96,10 @@

 {% usemacro process_table processes %}

+{% if request.am.is_admin and not active_process %}
+<a href="{% url restricted_newprocess key=person.lookup_key %}">new process</a>
+{% endif %}
+
 {% if adv_processes %}

 <h2>Advocate history</h2>

--- a/public/views.py
+++ b/public/views.py
@@ -166,6 +166,12 @@ def person(request, key):
            .annotate(started=Min("log__logdate"), ended=Max("log__logdate")) \
            .order_by("is_active", "ended")

+    active_process = None
+    for p in processes:
+        if p.is_active:
+            active_process = p
+            break
+
    if person.is_am:
        am = person.am
        am_processes = am.processed \
@@ -183,6 +189,7 @@ def person(request, key):
                              dict(
                                  person=person,
                                  am=am,
+                                  active_process=active_process,
                                  processes=processes,
                                  am_processes=am_processes,
                                  adv_processes=adv_processes,

--- a/restricted/templates/restricted/newprocess.html
+++ b/restricted/templates/restricted/newprocess.html
+{% extends "restricted/base.html" %}
+{% load const %}
+
+{% block breadcrumbs %}{{block.super}} / <a href="{{ person.get_absolute_url }}">{{person.lookup_key}}</a>{% endblock %}
+
+{% block content %}
+
+<h1><a href="http://qa.debian.org/developer.php?login={{person.email}}">{{person.fullname}}</a></h1>
+
+<h2>Personal information</h2>
+
+<table class="personinfo">
+    <tr><th>First name</th><td>{{person.cn}}</td></tr>
+    <tr><th>Middle name</th><td>{{person.mn|default:""}}</td></tr>
+    <tr><th>Last name</th><td>{{person.sn|default:""}}</td></tr>
+    <tr><th>Email</th><td>{{person.email}}</td></tr>
+    <tr><th>Account name</th><td>{{person.uid|default:"none chosen yet"}}</td></tr>
+    <tr><th>OpenPGP fingerprint</th><td>{{person.fpr}}</td></tr>
+    <tr><th>Current status</th><td>{{person.status}}</td></tr>
+    {% if can_edit %}
+    <tr><th>FD comments</th><td>{{person.fd_comment}}</td></tr>
+    {% endif %}
+</table>
+
+<form action="{% url restricted_newprocess key=person.lookup_key %}" method="post">{% csrf_token %}
+    {{ form.as_p }}
+    <input type="submit" value="Create new process" />
+</form>
+
+{% endblock %}
--- a/restricted/urls.py
+++ b/restricted/urls.py
@@ -27,4 +27,5 @@ urlpatterns = patterns('restricted.views',
    url(r'^amprofile(?:/(?P<uid>\w+))?$', 'amprofile', name="restricted_amprofile"),
    url(r'^nmstatus/(?P<key>[^/]+)$', 'nmstatus', name="restricted_nmstatus"),
    url(r'^person/(?P<key>[^/]+)$', 'person', name="restricted_person"),
+    url(r'^newprocess/(?P<key>[^/]+)$', 'newprocess', name="restricted_newprocess"),
 )
--- a/restricted/views.py
+++ b/restricted/views.py
@@ -332,3 +332,60 @@ def nmelist(request):
                              ),
                              context_instance=template.RequestContext(request))

+
+
+def make_newprocessform(person):
+    choices = [x[1:3] for x in const.ALL_STATUS if x[1] != person.status]
+
+    class NewProcessForm(forms.Form):
+        applying_for = forms.ChoiceField(
+            required=True,
+            label=_("Applying for"),
+            choices=choices
+        )
+        logtext = forms.CharField(
+            required=True,
+            label=_("Log text"),
+            widget=forms.Textarea(attrs=dict(rows=5, cols=80))
+        )
+    return NewProcessForm
+
+@backend.auth.is_admin
+def newprocess(request, key):
+    person = bmodels.Person.lookup(key)
+    if person is None:
+        return http.HttpResponseNotFound("Person %s not found" % key)
+
+    if person.active_process:
+        return http.HttpResponseForbidden("Person %s already has an active process" % key)
+
+    NewProcessForm = make_newprocessform(person)
+    if request.method == 'POST':
+        form = NewProcessForm(request.POST)
+        if form.is_valid():
+            process = bmodels.Process(
+                person=person,
+                progress=const.PROGRESS_APP_NEW,
+                is_active=True,
+                applying_for=form.cleaned_data["applying_for"]
+            )
+            process.save()
+
+            log = bmodels.Log(
+                changed_by=request.person,
+                process=process,
+                progress=process.progress,
+                logtext=form.cleaned_data["logtext"]
+            )
+            log.save()
+            # TODO: message
+            return redirect('public_person', key=key)
+    else:
+        form = NewProcessForm(initial=dict(logtext="New process created"))
+
+    return render_to_response("restricted/newprocess.html",
+                              dict(
+                                  person=person,
+                                  form=form,
+                              ),
+                              context_instance=template.RequestContext(request))