Merged in [19315] from rjsparks@nostrum.com:

    Restore ADs ability to charter new groups. Fixes ietf-tools#3397. ,
 - Legacy-Id: 19334
Note: SVN reference [19315] has been migrated to Git commit 311b472

Author: rjsparks

ietf/group/tests_info.py

@@ -479,11 +479,16 @@ def test_create(self):
         area = Group.objects.filter(type="area").first()
 
         # normal get
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 200)
-        q = PyQuery(r.content)
-        self.assertEqual(len(q('form input[name=acronym]')), 1)
+        for username in ("secretary","ad","irtf-chair"):
+            self.client.logout()
+            login_testing_unauthorized(self, username, url)
+            r = self.client.get(url)
+            self.assertEqual(r.status_code, 200)
+            q = PyQuery(r.content)
+            self.assertEqual(len(q('form input[name=acronym]')), 1)
 
+        self.client.logout()
+        login_testing_unauthorized(self, "secretary", url)
         # faulty post
         r = self.client.post(url, dict(acronym="foobarbaz")) # No name
         self.assertEqual(r.status_code, 200)
@@ -527,19 +532,21 @@ def test_create(self):
     def test_create_rg(self):
 
         url = urlreverse('ietf.group.views.edit', kwargs=dict(group_type="rg", action="charter"))
-        login_testing_unauthorized(self, "secretary", url)
 
         irtf = Group.objects.get(acronym='irtf')
         num_rgs = len(Group.objects.filter(type="rg"))
 
         proposed_state = GroupStateName.objects.get(slug="proposed")
 
         # normal get
-        r = self.client.get(url)
-        self.assertEqual(r.status_code, 200)
-        q = PyQuery(r.content)
-        self.assertEqual(len(q('form input[name=acronym]')), 1)
-        self.assertEqual(q('form select[name=parent]')[0].value,'%s'%irtf.pk)
+        for username in ("secretary", "ad", "irtf-chair"):
+            self.client.logout()
+            login_testing_unauthorized(self, username, url)
+            r = self.client.get(url)
+            self.assertEqual(r.status_code, 200)
+            q = PyQuery(r.content)
+            self.assertEqual(len(q('form input[name=acronym]')), 1)
+            self.assertEqual(q('form select[name=parent]')[0].value,'%s'%irtf.pk)
 
         r = self.client.post(url, dict(acronym="testrg", name="Testing RG", state=proposed_state.pk, parent=irtf.pk))
         self.assertEqual(r.status_code, 302)

ietf/group/views.py

@@ -904,7 +904,8 @@ def diff(attr, name):
                 or group.has_role(request.user, group.features.groupman_roles)):
             permission_denied(request, "You don't have permission to access this view")
     else:
-        if not has_role(request.user, "Secretariat"):
+        # This allows ADs to create RG and the IRTF Chair to create WG, but we trust them not to
+        if not has_role(request.user, ("Secretariat", "Area Director", "IRTF Chair")):
              permission_denied(request, "You don't have permission to access this view")