From 3507275e9dbc560458e39c017112144eef3d1ceb Mon Sep 17 00:00:00 2001 From: Adarnof Date: Sun, 6 Mar 2016 23:27:00 +0000 Subject: [PATCH] Revamped hrapplications permissions - new approve, reject permissions for applications - respect built-in add, delete permissions for HRApplications and HRApplicationComments - auth.hr_management permission required to view applications section Populate application APIs from user's eveapikeypair set - enforces API key validity - respects addition and removal of keys by applicant Addresses #293 and #191 --- hrapplications/forms.py | 2 - hrapplications/models.py | 5 +- hrapplications/views.py | 43 ++++--- .../registered/hrapplicationview.html | 112 ++++++++++-------- 4 files changed, 90 insertions(+), 72 deletions(-) diff --git a/hrapplications/forms.py b/hrapplications/forms.py index 7d1ad0e7..eee9b0b6 100755 --- a/hrapplications/forms.py +++ b/hrapplications/forms.py @@ -16,8 +16,6 @@ class HRApplicationForm(forms.Form): allchoices.append((str(corp.corporation_id), str(corp.corporation_name))) character_name = forms.CharField(max_length=254, required=True, label="Main Character Name") - full_api_id = forms.CharField(max_length=254, required=True, label="API ID") - full_api_key = forms.CharField(max_length=254, required=True, label="API Verification Code") corp = forms.ChoiceField(choices=allchoices, required=True, label="Corp") is_a_spi = forms.ChoiceField(choices=[('Yes', 'Yes'), ('No', 'No')], required=True, label='Are you a spy?') about = forms.CharField(widget=forms.Textarea, required=False, label="About You") diff --git a/hrapplications/models.py b/hrapplications/models.py index 37e55459..815eb44e 100755 --- a/hrapplications/models.py +++ b/hrapplications/models.py @@ -7,8 +7,6 @@ from eveonline.models import EveCorporationInfo class HRApplication(models.Model): character_name = models.CharField(max_length=254, default="") - full_api_id = models.CharField(max_length=254, default="") - full_api_key = models.CharField(max_length=254, default="") is_a_spi = models.CharField(max_length=254, default="") about = models.TextField(default="") extra = models.TextField(default="") @@ -25,6 +23,9 @@ class HRApplication(models.Model): def __str__(self): return self.character_name + " - Application" + class Meta: + permissions = (('approve_hrapplication', 'Can approve applications'), ('reject_hrapplication', 'Can reject applications')) + class HRApplicationComment(models.Model): created_on = models.DateTimeField(auto_now_add=True, null=True) diff --git a/hrapplications/views.py b/hrapplications/views.py index 998be473..1318165d 100755 --- a/hrapplications/views.py +++ b/hrapplications/views.py @@ -68,8 +68,6 @@ def hr_application_create_view(request): application = HRApplication() application.user = request.user application.character_name = form.cleaned_data['character_name'] - application.full_api_id = form.cleaned_data['full_api_id'] - application.full_api_key = form.cleaned_data['full_api_key'] application.corp = EveCorporationInfo.objects.get(corporation_id=form.cleaned_data['corp']) application.is_a_spi = form.cleaned_data['is_a_spi'] application.about = form.cleaned_data['about'] @@ -98,8 +96,11 @@ def hr_application_personal_view(request, app_id): else: logger.error("Unable to locate HRApplication matching id %s - returning blank application to user %s" % (app_id, request.user)) application = HRApplication() - context = {'application': application} - + apis = request.user.eveapikeypair_set.all() + context = { + 'application': application, + 'apis': apis, + } return render_to_response('registered/hrapplicationview.html', context, context_instance=RequestContext(request)) @@ -122,19 +123,21 @@ def hr_application_personal_removal(request, app_id): def hr_application_view(request, app_id): logger.debug("hr_application_view called by user %s for app id %s" % (request.user, app_id)) if request.method == 'POST': - form = HRApplicationCommentForm(request.POST) - logger.debug("Request type POST contains form valid: %s" % form.is_valid()) - if form.is_valid(): - auth_info = AuthServicesInfo.objects.get(user=request.user) - - comment = HRApplicationComment() - comment.application = HRApplication.objects.get(id=int(form.cleaned_data['app_id'])) - comment.commenter_user = request.user - comment.commenter_character = EveCharacter.objects.get(character_id=auth_info.main_char_id) - comment.comment = form.cleaned_data['comment'] - comment.save() - logger.info("Saved comment by user %s to hrapplication %s" % (request.user, comment.application)) + if request.user.has_perm('hrapplications.add_hrapplicationcomment'): + form = HRApplicationCommentForm(request.POST) + logger.debug("Request type POST contains form valid: %s" % form.is_valid()) + if form.is_valid(): + auth_info = AuthServicesInfo.objects.get(user=request.user) + comment = HRApplicationComment() + comment.application = HRApplication.objects.get(id=int(form.cleaned_data['app_id'])) + comment.commenter_user = request.user + comment.commenter_character = EveCharacter.objects.get(character_id=auth_info.main_char_id) + comment.comment = form.cleaned_data['comment'] + comment.save() + logger.info("Saved comment by user %s to hrapplication %s" % (request.user, comment.application)) + else: + logger.warn("User %s does not have permission to add HRApplicationComments" % request.user) else: logger.debug("Returning blank HRApplication comment form.") form = HRApplicationCommentForm() @@ -148,14 +151,16 @@ def hr_application_view(request, app_id): comments = [] logger.error("HRAppllication with id %s not found - returning blank applicatin to user %s" % request.user) - context = {'application': application, 'comments': comments, 'comment_form': form} + context = { + 'application': application, + 'comments': comments, 'comment_form': form} return render_to_response('registered/hrapplicationview.html', context, context_instance=RequestContext(request)) - @login_required @permission_required('auth.human_resources') +@permission_required('hrapplications.delete_hrapplication') def hr_application_remove(request, app_id): logger.debug("hr_application_remove called by user %s for app id %s" % (request.user, app_id)) if HRApplication.objects.filter(id=app_id).exists(): @@ -174,6 +179,7 @@ def hr_application_remove(request, app_id): @login_required @permission_required('auth.human_resources') +@permission_required('hrapplications.approve_hrapplication') def hr_application_approve(request, app_id): logger.debug("hr_application_approve called by user %s for app id %s" % (request.user, app_id)) if HRApplication.objects.filter(id=app_id).exists(): @@ -193,6 +199,7 @@ def hr_application_approve(request, app_id): @login_required @permission_required('auth.human_resources') +@permission_required('hrapplications.reject_hrapplication') def hr_application_reject(request, app_id): logger.debug("hr_application_reject called by user %s for app id %s" % (request.user, app_id)) if HRApplication.objects.filter(id=app_id).exists(): diff --git a/stock/templates/registered/hrapplicationview.html b/stock/templates/registered/hrapplicationview.html index 55b55c55..3fff9a6a 100755 --- a/stock/templates/registered/hrapplicationview.html +++ b/stock/templates/registered/hrapplicationview.html @@ -56,20 +56,22 @@ -
- + {% for api in apis %} +
+ -
- +
+ +
-
-
- +
+ -
- -
-
+
+ +
+
+ {% endfor %}
@@ -114,17 +116,21 @@
{% if application.reviewer_inprogress_character != None %} - - - - - - - - - - - + {% if perms.hrapplications.approve_hrapplication %} + + + + {% endif %} + {% if perms.hrapplications.reject_hrapplication %} + + + + {% endif %} + {% if perms.hrapplications.delete_hrapplication %} + + + + {% endif %} {% else %} @@ -136,14 +142,18 @@
- - - - + {% for api in apis %} + + + + {% endfor %} + {% if perms.hrapplications.add_hrapplicationcomment %} + + {% endif %}
@@ -188,29 +198,31 @@
{% if perms.auth.human_resources %} -