Skip to content

Commit 823dd98

Browse files
committed
Merged in [12706] from rjsparks@nostrum.com:
Restrict editing ReviewSettings.skip_next to team secretaries and the secretariat. Improve validation of skip_next value. Fixes ietf-tools#2149. - Legacy-Id: 12710 Note: SVN reference [12706] has been migrated to Git commit 518f7a1
2 parents 67c5ccd + 518f7a1 commit 823dd98

2 files changed

Lines changed: 47 additions & 4 deletions

File tree

ietf/group/tests_review.py

Lines changed: 29 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -373,21 +373,32 @@ def test_change_reviewer_settings(self):
373373
"action": "change_settings",
374374
"min_interval": "7",
375375
"filter_re": "test-[regexp]",
376-
"skip_next": "2",
377376
"remind_days_before_deadline": "6"
378377
})
379378
self.assertEqual(r.status_code, 302)
380379
settings = ReviewerSettings.objects.get(person=reviewer, team=review_req.team)
381380
self.assertEqual(settings.min_interval, 7)
382381
self.assertEqual(settings.filter_re, "test-[regexp]")
383-
self.assertEqual(settings.skip_next, 2)
382+
self.assertEqual(settings.skip_next, 0)
384383
self.assertEqual(settings.remind_days_before_deadline, 6)
385384
self.assertEqual(len(outbox), 1)
386385
self.assertTrue("reviewer availability" in outbox[0]["subject"].lower())
387386
msg_content = outbox[0].get_payload(decode=True).decode("utf-8").lower()
388387
self.assertTrue("frequency changed", msg_content)
389388
self.assertTrue("skip next", msg_content)
390389

390+
# Normal reviewer should not be able to change skip_next
391+
r = self.client.post(url, {
392+
"action": "change_settings",
393+
"min_interval": "7",
394+
"filter_re": "test-[regexp]",
395+
"remind_days_before_deadline": "6",
396+
"skip_next" : "2",
397+
})
398+
self.assertEqual(r.status_code, 302)
399+
settings = ReviewerSettings.objects.get(person=reviewer, team=review_req.team)
400+
self.assertEqual(settings.skip_next, 0)
401+
391402
# add unavailable period
392403
start_date = datetime.date.today() + datetime.timedelta(days=10)
393404
empty_outbox()
@@ -435,6 +446,22 @@ def test_change_reviewer_settings(self):
435446
self.assertTrue(start_date.isoformat(), msg_content)
436447
self.assertTrue(end_date.isoformat(), msg_content)
437448

449+
# secretaries and the secretariat should be able to change skip_next
450+
for username in ["secretary","reviewsecretary"]:
451+
skip_next_val = {'secretary':'3','reviewsecretary':'4'}[username]
452+
self.client.login(username=username,password=username+"+password")
453+
r = self.client.post(url, {
454+
"action": "change_settings",
455+
"min_interval": "7",
456+
"filter_re": "test-[regexp]",
457+
"remind_days_before_deadline": "6",
458+
"skip_next" : skip_next_val,
459+
})
460+
self.assertEqual(r.status_code, 302)
461+
settings = ReviewerSettings.objects.get(person=reviewer, team=review_req.team)
462+
self.assertEqual(settings.skip_next, int(skip_next_val))
463+
464+
438465
def test_change_review_secretary_settings(self):
439466
doc = make_test_data()
440467

ietf/group/views_review.py

Lines changed: 18 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -448,6 +448,18 @@ class Meta:
448448
model = ReviewerSettings
449449
fields = ['min_interval', 'filter_re', 'skip_next', 'remind_days_before_deadline']
450450

451+
def __init__(self, *args, **kwargs):
452+
exclude_fields = kwargs.pop('exclude_fields', [])
453+
super(ReviewerSettingsForm, self).__init__(*args, **kwargs)
454+
for field_name in exclude_fields:
455+
self.fields.pop(field_name)
456+
457+
def clean_skip_next(self):
458+
skip_next = self.cleaned_data.get('skip_next')
459+
if skip_next < 0:
460+
raise forms.ValidationError("Skip next must not be negative")
461+
return skip_next
462+
451463
class AddUnavailablePeriodForm(forms.ModelForm):
452464
class Meta:
453465
model = UnavailablePeriod
@@ -496,6 +508,10 @@ def change_reviewer_settings(request, acronym, reviewer_email, group_type=None):
496508
or can_manage_review_requests_for_team(request.user, group)):
497509
return HttpResponseForbidden("You do not have permission to perform this action")
498510

511+
exclude_fields = []
512+
if not can_manage_review_requests_for_team(request.user, group):
513+
exclude_fields.append('skip_next')
514+
499515
settings = ReviewerSettings.objects.filter(person=reviewer, team=group).first()
500516
if not settings:
501517
settings = ReviewerSettings(person=reviewer, team=group)
@@ -513,7 +529,7 @@ def change_reviewer_settings(request, acronym, reviewer_email, group_type=None):
513529
if request.method == "POST" and request.POST.get("action") == "change_settings":
514530
prev_min_interval = settings.get_min_interval_display()
515531
prev_skip_next = settings.skip_next
516-
settings_form = ReviewerSettingsForm(request.POST, instance=settings)
532+
settings_form = ReviewerSettingsForm(request.POST, instance=settings, exclude_fields=exclude_fields)
517533
if settings_form.is_valid():
518534
settings = settings_form.save()
519535

@@ -528,7 +544,7 @@ def change_reviewer_settings(request, acronym, reviewer_email, group_type=None):
528544

529545
return HttpResponseRedirect(back_url)
530546
else:
531-
settings_form = ReviewerSettingsForm(instance=settings)
547+
settings_form = ReviewerSettingsForm(instance=settings,exclude_fields=exclude_fields)
532548

533549
# periods
534550
unavailable_periods = unavailable_periods_to_list().filter(person=reviewer, team=group)

0 commit comments

Comments
 (0)