Merged in [19030] from mark@painless-security.com:

rjsparks · rjsparks · commit 96602e1eb999 · 2021-06-02T18:32:28.000Z
First swipe at making past sessions unchangable for official schedules This change locks down the schedule of any meeting that is fully in the past. It leaves open sessions that have finished for meetings that have not yet finished. Addresses (partially) issue ietf-tools#3083. - Legacy-Id: 19063 Note: SVN reference [19030] has been migrated to Git commit e3ee370
diff --git a/ietf/meeting/helpers.py b/ietf/meeting/helpers.py
@@ -358,7 +358,7 @@ def schedule_permissions(meeting, schedule, user):
 
     if user_is_person(user, schedule.owner):
         cansee = True
-        canedit = True
+        canedit = not schedule.is_official_record
 
     return cansee, canedit, secretariat
 
diff --git a/ietf/meeting/models.py b/ietf/meeting/models.py
@@ -684,6 +684,11 @@ def owner_email(self):
     def is_official(self):
         return (self.meeting.schedule == self)
 
+    @property
+    def is_official_record(self):
+        return (self.is_official and
+                self.meeting.end_date() <= datetime.date.today() )
+
     # returns a dictionary {group -> [schedtimesessassignment+]}
     # and it has [] if the session is not placed.
     # if there is more than one session for that group,
diff --git a/ietf/meeting/tests_views.py b/ietf/meeting/tests_views.py
@@ -1221,7 +1221,55 @@ def test_edit_schedule(self):
         self.client.login(username="secretary", password="secretary+password")
         r = self.client.get(urlreverse("ietf.meeting.views.edit_schedule", kwargs=dict(num=meeting.number)))
         self.assertContains(r, "load_assignments")
- 
+
+    def test_official_record_schedule_is_read_only(self):
+        def _set_date_offset_and_retrieve_page(meeting, days_offset, client):
+            meeting.date = datetime.date.today() + datetime.timedelta(days=days_offset)
+            meeting.save()
+            client.login(username="secretary", password="secretary+password")
+            url = urlreverse("ietf.meeting.views.edit_meeting_schedule", kwargs=dict(num=meeting.number)) 
+            r = client.get(url)
+            q = PyQuery(r.content)
+            return(r, q)
+
+        # Setup
+        ####################################################################################
+
+        # Basic test data
+        meeting = make_meeting_test_data()
+
+        # Set the secretary as the owner of the schedule
+        schedule = meeting.schedule
+        schedule.owner = Person.objects.get(user__username="secretary")
+        schedule.save()
+
+        # Tests
+        ####################################################################################
+
+        # 1) Check that we get told the page is not editable
+        #######################################################
+        r, q = _set_date_offset_and_retrieve_page(meeting,
+                                                  0 - 2 - meeting.days, # Meeting ended 2 days ago
+                                                  self.client)
+        self.assertTrue(q("""em:contains("You can't edit this schedule")"""))
+        self.assertTrue(q("""em:contains("This is the official schedule for a meeting in the past")"""))
+
+        # 2) An ongoing meeting
+        #######################################################
+        r, q = _set_date_offset_and_retrieve_page(meeting,
+                                                  0, # Meeting starts today
+                                                  self.client)
+        self.assertFalse(q("""em:contains("You can't edit this schedule")"""))
+        self.assertFalse(q("""em:contains("This is the official schedule for a meeting in the past")"""))
+
+        # 3) A meeting in the future
+        #######################################################
+        r, q = _set_date_offset_and_retrieve_page(meeting,
+                                                  7, # Meeting starts next week
+                                                  self.client)
+        self.assertFalse(q("""em:contains("You can't edit this schedule")"""))
+        self.assertFalse(q("""em:contains("This is the official schedule for a meeting in the past")"""))
+
     def test_edit_meeting_schedule(self):
         meeting = make_meeting_test_data()
 
diff --git a/ietf/templates/meeting/edit_meeting_schedule.html b/ietf/templates/meeting/edit_meeting_schedule.html
@@ -46,7 +46,13 @@
       {% if not can_edit %}
         &middot;
 
-        <strong><em>You can't edit this schedule. Make a <a href="{% url "ietf.meeting.views.new_meeting_schedule" num=meeting.number owner=schedule.owner_email name=schedule.name %}">new agenda from this</a>.</em></strong>
+      <strong>
+        <em>
+          You can't edit this schedule.
+          {% if schedule.is_official_record %}This is the official schedule for a meeting in the past.{% endif %}
+          Make a <a href="{% url "ietf.meeting.views.new_meeting_schedule" num=meeting.number owner=schedule.owner_email name=schedule.name %}">new agenda from this</a>.
+        </em>
+      </strong>
       {% endif %}
     </p>
 
diff --git a/ietf/templates/meeting/landscape_edit.html b/ietf/templates/meeting/landscape_edit.html
@@ -107,6 +107,9 @@
   {% origin %}
 <div id="read_only">
   <p>You do not have write permission to agenda: {{schedule.name}}</p>
+  {% if schedule.is_official_record %}
+  <p>This is the official schedule for a meeting in the past.</p>
+  {% endif %}
   <p>Please save this agenda to your account first.</p>
 </div>
 
