Skip to content

Commit e2640f3

Browse files
committed
Changed semantics for can_manage_group() to include chairs etc, and changed calls with the old semantics to use can_manage_group_type(). Rewrote can_manage_group() in terms of can_manage_group_type() and additional checks. Fixes issue ietf-tools#2155.
- Legacy-Id: 12719
1 parent 5a5bb1f commit e2640f3

6 files changed

Lines changed: 33 additions & 32 deletions

File tree

ietf/doc/views_charter.py

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@
2424
split_charter_name)
2525
from ietf.doc.mails import email_state_changed, email_charter_internal_review
2626
from ietf.group.models import Group, ChangeStateGroupEvent, MilestoneGroupEvent
27-
from ietf.group.utils import save_group_in_history, save_milestone_in_history, can_manage_group
27+
from ietf.group.utils import save_group_in_history, save_milestone_in_history, can_manage_group_type
2828
from ietf.ietfauth.utils import has_role, role_required
2929
from ietf.name.models import GroupStateName
3030
from ietf.person.models import Person
@@ -60,7 +60,7 @@ def change_state(request, name, option=None):
6060
charter = get_object_or_404(Document, type="charter", name=name)
6161
group = charter.group
6262

63-
if not can_manage_group(request.user, group):
63+
if not can_manage_group_type(request.user, group):
6464
return HttpResponseForbidden("You don't have permission to access this view")
6565

6666
chartering_type = get_chartering_type(charter)
@@ -247,7 +247,7 @@ def change_title(request, name, option=None):
247247
logging the title as a comment."""
248248
charter = get_object_or_404(Document, type="charter", name=name)
249249
group = charter.group
250-
if not can_manage_group(request.user, group):
250+
if not can_manage_group_type(request.user, group):
251251
return HttpResponseForbidden("You don't have permission to access this view")
252252
by = request.user.person
253253
if request.method == 'POST':
@@ -360,7 +360,7 @@ def submit(request, name, option=None):
360360
charter_canonical_name = name
361361
charter_rev = "00-00"
362362

363-
if not can_manage_group(request.user, group) or not group.features.has_chartering_process:
363+
if not can_manage_group_type(request.user, group) or not group.features.has_chartering_process:
364364
return HttpResponseForbidden("You don't have permission to access this view")
365365

366366

ietf/doc/views_doc.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@
5454
add_events_message_info, get_unicode_document_content)
5555
from ietf.community.utils import augment_docs_with_tracking_info
5656
from ietf.group.models import Role
57-
from ietf.group.utils import can_manage_group, can_manage_materials
57+
from ietf.group.utils import can_manage_group_type, can_manage_materials
5858
from ietf.ietfauth.utils import has_role, is_authorized_in_doc_stream, user_is_person, role_required
5959
from ietf.name.models import StreamName, BallotPositionName
6060
from ietf.person.models import Email
@@ -450,7 +450,7 @@ def document_main(request, name, rev=None):
450450
if chartering and not snapshot:
451451
milestones = doc.group.groupmilestone_set.filter(state="charter")
452452

453-
can_manage = can_manage_group(request.user, doc.group)
453+
can_manage = can_manage_group_type(request.user, doc.group)
454454

455455
return render_to_response("doc/document_charter.html",
456456
dict(doc=doc,

ietf/group/milestones.py

Lines changed: 12 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -8,12 +8,14 @@
88
from django.shortcuts import render, redirect
99
from django.contrib.auth.decorators import login_required
1010

11+
import debug # pyflakes:ignore
12+
1113
from ietf.doc.models import DocEvent
1214
from ietf.doc.utils import get_chartering_type
1315
from ietf.doc.fields import SearchableDocumentsField
1416
from ietf.group.models import GroupMilestone, MilestoneGroupEvent
15-
from ietf.group.utils import (save_milestone_in_history, can_manage_group, milestone_reviewer_for_group_type,
16-
get_group_or_404)
17+
from ietf.group.utils import (save_milestone_in_history, can_manage_group_type, can_manage_group,
18+
milestone_reviewer_for_group_type, get_group_or_404)
1719
from ietf.name.models import GroupMilestoneStateName
1820
from ietf.group.mails import email_milestones_changed
1921
from ietf.utils.fields import DatepickerDateField
@@ -93,12 +95,13 @@ def edit_milestones(request, acronym, group_type=None, milestone_set="current"):
9395
raise Http404
9496

9597
needs_review = False
96-
if not can_manage_group(request.user, group):
97-
if group.has_role(request.user, group.features.admin_roles):
98+
if can_manage_group(request.user, group):
99+
if not can_manage_group_type(request.user, group):
100+
# The user is chair or similar, not AD:
98101
if milestone_set == "current":
99102
needs_review = True
100-
else:
101-
return HttpResponseForbidden("You are not chair of this group.")
103+
else:
104+
return HttpResponseForbidden("You don't have permission to access this view")
102105

103106
if milestone_set == "current":
104107
title = "Edit milestones for %s %s" % (group.acronym, group.type.name)
@@ -328,11 +331,9 @@ def reset_charter_milestones(request, group_type, acronym):
328331
group = get_group_or_404(acronym, group_type)
329332
if not group.features.has_milestones:
330333
raise Http404
331-
332-
can_manage = can_manage_group(request.user, group)
333-
is_chair = group.has_role(request.user, "chair")
334-
if (not can_manage) and (not is_chair):
335-
return HttpResponseForbidden("You are not chair of this group.")
334+
335+
if not can_manage_group(request.user, group):
336+
return HttpResponseForbidden("You don't have permission to access this view")
336337

337338
current_milestones = group.groupmilestone_set.filter(state="active")
338339
charter_milestones = group.groupmilestone_set.filter(state="charter")

ietf/group/utils.py

Lines changed: 7 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -89,15 +89,7 @@ def save_milestone_in_history(milestone):
8989

9090
return h
9191

92-
def can_manage_group_type(user, group_type):
93-
if group_type == "rg":
94-
return has_role(user, ('IRTF Chair', 'Secretariat'))
95-
elif group_type == "wg":
96-
return has_role(user, ('Area Director', 'Secretariat'))
97-
98-
return has_role(user, 'Secretariat')
99-
100-
def can_manage_group(user, group):
92+
def can_manage_group_type(user, group):
10193
if group.type_id == "rg":
10294
return has_role(user, ('IRTF Chair', 'Secretariat'))
10395
elif group.type_id == "wg":
@@ -109,6 +101,11 @@ def can_manage_group(user, group):
109101
return has_role(user, ('IRTF Chair', 'Secretariat'))
110102
return has_role(user, ('Secretariat'))
111103

104+
def can_manage_group(user, group):
105+
if can_manage_group_type(user, group):
106+
return True
107+
return group.has_role(user, group.features.admin_roles)
108+
112109
def milestone_reviewer_for_group_type(group_type):
113110
if group_type == "rg":
114111
return "IRTF Chair"
@@ -196,7 +193,7 @@ def construct_group_menu_context(request, group, selected, group_type, others):
196193
actions = []
197194

198195
is_admin = group.has_role(request.user, group.features.admin_roles)
199-
can_manage = can_manage_group(request.user, group)
196+
can_manage = can_manage_group_type(request.user, group)
200197

201198
if group.features.has_milestones:
202199
if group.state_id != "proposed" and (is_admin or can_manage):

ietf/group/views.py

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,7 @@
5757
from ietf.doc.utils_charter import charter_name_for_group
5858
from ietf.group.models import Group, Role, ChangeStateGroupEvent
5959
from ietf.name.models import GroupTypeName
60-
from ietf.group.utils import (get_charter_text, can_manage_group_type, can_manage_group,
60+
from ietf.group.utils import (get_charter_text, can_manage_group_type,
6161
milestone_reviewer_for_group_type, can_provide_status_update,
6262
can_manage_materials, get_group_or_404,
6363
construct_group_menu_context, get_group_materials)
@@ -296,7 +296,10 @@ def chartering_groups(request):
296296

297297
for t in group_types:
298298
t.chartering_groups = Group.objects.filter(type=t, charter__states__in=charter_states).select_related("state", "charter").order_by("acronym")
299-
t.can_manage = can_manage_group_type(request.user, t.slug)
299+
if t.chartering_groups.exists():
300+
t.can_manage = can_manage_group_type(request.user, t.chartering_groups.first())
301+
else:
302+
t.can_manage = False
300303

301304
for g in t.chartering_groups:
302305
g.chartering_type = get_chartering_type(g.charter)
@@ -414,7 +417,7 @@ def group_about(request, acronym, group_type=None):
414417
e = group.latest_event(type__in=("changed_state", "requested_close",))
415418
requested_close = group.state_id != "conclude" and e and e.type == "requested_close"
416419

417-
can_manage = can_manage_group(request.user, group)
420+
can_manage = can_manage_group_type(request.user, group)
418421
charter_submit_url = ""
419422
if group.features.has_chartering_process:
420423
charter_submit_url = urlreverse("charter_submit", kwargs={ "name": charter_name_for_group(group) })

ietf/group/views_edit.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@
1616
from ietf.doc.utils_charter import charter_name_for_group
1717
from ietf.group.models import ( Group, Role, GroupEvent, GroupHistory, GroupStateName,
1818
GroupStateTransitions, GroupTypeName, GroupURL, ChangeStateGroupEvent )
19-
from ietf.group.utils import save_group_in_history, can_manage_group
19+
from ietf.group.utils import save_group_in_history, can_manage_group, can_manage_group_type
2020
from ietf.group.utils import get_group_or_404, setup_default_community_list_for_group
2121
from ietf.ietfauth.utils import has_role
2222
from ietf.person.fields import SearchableEmailsField
@@ -401,7 +401,7 @@ def conclude(request, acronym, group_type=None):
401401
"""Request the closing of group, prompting for instructions."""
402402
group = get_group_or_404(acronym, group_type)
403403

404-
if not can_manage_group(request.user, group):
404+
if not can_manage_group_type(request.user, group):
405405
return HttpResponseForbidden("You don't have permission to access this view")
406406

407407
if request.method == 'POST':

0 commit comments

Comments
 (0)