mirror of
https://gitlab.com/allianceauth/allianceauth.git
synced 2025-07-13 14:30:17 +02:00
Revamped hrapplications permissions
- new approve, reject permissions for applications - respect built-in add, delete permissions for HRApplications and HRApplicationComments - auth.hr_management permission required to view applications section Populate application APIs from user's eveapikeypair set - enforces API key validity - respects addition and removal of keys by applicant Addresses #293 and #191
This commit is contained in:
Adarnof
parent
fa60be3675
commit
3507275e9d
@ -16,8 +16,6 @@ class HRApplicationForm(forms.Form):
|
||||
allchoices.append((str(corp.corporation_id), str(corp.corporation_name)))
|
||||
|
||||
character_name = forms.CharField(max_length=254, required=True, label="Main Character Name")
|
||||
full_api_id = forms.CharField(max_length=254, required=True, label="API ID")
|
||||
full_api_key = forms.CharField(max_length=254, required=True, label="API Verification Code")
|
||||
corp = forms.ChoiceField(choices=allchoices, required=True, label="Corp")
|
||||
is_a_spi = forms.ChoiceField(choices=[('Yes', 'Yes'), ('No', 'No')], required=True, label='Are you a spy?')
|
||||
about = forms.CharField(widget=forms.Textarea, required=False, label="About You")
|
||||
|
||||
@ -7,8 +7,6 @@ from eveonline.models import EveCorporationInfo
|
||||
|
||||
class HRApplication(models.Model):
|
||||
character_name = models.CharField(max_length=254, default="")
|
||||
full_api_id = models.CharField(max_length=254, default="")
|
||||
full_api_key = models.CharField(max_length=254, default="")
|
||||
is_a_spi = models.CharField(max_length=254, default="")
|
||||
about = models.TextField(default="")
|
||||
extra = models.TextField(default="")
|
||||
@ -25,6 +23,9 @@ class HRApplication(models.Model):
|
||||
def __str__(self):
|
||||
return self.character_name + " - Application"
|
||||
|
||||
class Meta:
|
||||
permissions = (('approve_hrapplication', 'Can approve applications'), ('reject_hrapplication', 'Can reject applications'))
|
||||
|
||||
|
||||
class HRApplicationComment(models.Model):
|
||||
created_on = models.DateTimeField(auto_now_add=True, null=True)
|
||||
|
||||
@ -68,8 +68,6 @@ def hr_application_create_view(request):
|
||||
application = HRApplication()
|
||||
application.user = request.user
|
||||
application.character_name = form.cleaned_data['character_name']
|
||||
application.full_api_id = form.cleaned_data['full_api_id']
|
||||
application.full_api_key = form.cleaned_data['full_api_key']
|
||||
application.corp = EveCorporationInfo.objects.get(corporation_id=form.cleaned_data['corp'])
|
||||
application.is_a_spi = form.cleaned_data['is_a_spi']
|
||||
application.about = form.cleaned_data['about']
|
||||
@ -98,8 +96,11 @@ def hr_application_personal_view(request, app_id):
|
||||
else:
|
||||
logger.error("Unable to locate HRApplication matching id %s - returning blank application to user %s" % (app_id, request.user))
|
||||
application = HRApplication()
|
||||
context = {'application': application}
|
||||
|
||||
apis = request.user.eveapikeypair_set.all()
|
||||
context = {
|
||||
'application': application,
|
||||
'apis': apis,
|
||||
}
|
||||
return render_to_response('registered/hrapplicationview.html',
|
||||
context, context_instance=RequestContext(request))
|
||||
|
||||
@ -122,6 +123,7 @@ def hr_application_personal_removal(request, app_id):
|
||||
def hr_application_view(request, app_id):
|
||||
logger.debug("hr_application_view called by user %s for app id %s" % (request.user, app_id))
|
||||
if request.method == 'POST':
|
||||
if request.user.has_perm('hrapplications.add_hrapplicationcomment'):
|
||||
form = HRApplicationCommentForm(request.POST)
|
||||
logger.debug("Request type POST contains form valid: %s" % form.is_valid())
|
||||
if form.is_valid():
|
||||
@ -134,7 +136,8 @@ def hr_application_view(request, app_id):
|
||||
comment.comment = form.cleaned_data['comment']
|
||||
comment.save()
|
||||
logger.info("Saved comment by user %s to hrapplication %s" % (request.user, comment.application))
|
||||
|
||||
else:
|
||||
logger.warn("User %s does not have permission to add HRApplicationComments" % request.user)
|
||||
else:
|
||||
logger.debug("Returning blank HRApplication comment form.")
|
||||
form = HRApplicationCommentForm()
|
||||
@ -148,14 +151,16 @@ def hr_application_view(request, app_id):
|
||||
comments = []
|
||||
logger.error("HRAppllication with id %s not found - returning blank applicatin to user %s" % request.user)
|
||||
|
||||
context = {'application': application, 'comments': comments, 'comment_form': form}
|
||||
context = {
|
||||
'application': application,
|
||||
'comments': comments, 'comment_form': form}
|
||||
|
||||
return render_to_response('registered/hrapplicationview.html',
|
||||
context, context_instance=RequestContext(request))
|
||||
|
||||
|
||||
@login_required
|
||||
@permission_required('auth.human_resources')
|
||||
@permission_required('hrapplications.delete_hrapplication')
|
||||
def hr_application_remove(request, app_id):
|
||||
logger.debug("hr_application_remove called by user %s for app id %s" % (request.user, app_id))
|
||||
if HRApplication.objects.filter(id=app_id).exists():
|
||||
@ -174,6 +179,7 @@ def hr_application_remove(request, app_id):
|
||||
|
||||
@login_required
|
||||
@permission_required('auth.human_resources')
|
||||
@permission_required('hrapplications.approve_hrapplication')
|
||||
def hr_application_approve(request, app_id):
|
||||
logger.debug("hr_application_approve called by user %s for app id %s" % (request.user, app_id))
|
||||
if HRApplication.objects.filter(id=app_id).exists():
|
||||
@ -193,6 +199,7 @@ def hr_application_approve(request, app_id):
|
||||
|
||||
@login_required
|
||||
@permission_required('auth.human_resources')
|
||||
@permission_required('hrapplications.reject_hrapplication')
|
||||
def hr_application_reject(request, app_id):
|
||||
logger.debug("hr_application_reject called by user %s for app id %s" % (request.user, app_id))
|
||||
if HRApplication.objects.filter(id=app_id).exists():
|
||||
|
||||
@ -56,20 +56,22 @@
|
||||
<input class=" form-control" value="{{ application.character_name }}" disabled>
|
||||
</div>
|
||||
</div>
|
||||
{% for api in apis %}
|
||||
<div class="form-group">
|
||||
<label class="control-label" for="id_full_api_id">API ID</label>
|
||||
|
||||
<div class=" ">
|
||||
<input class=" form-control" value="{{ application.full_api_id }}" disabled>
|
||||
<input class=" form-control" value="{{ api.api_id }}" disabled>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label class="control-label " for="id_full_api_key">API Verification Code</label>
|
||||
|
||||
<div class=" ">
|
||||
<input class=" form-control" value="{{ application.full_api_key }}" disabled>
|
||||
<input class=" form-control" value="{{ api.api_key }}" disabled>
|
||||
</div>
|
||||
</div>
|
||||
{% endfor %}
|
||||
<div class="form-group">
|
||||
<label class="control-label " for="id_corp">Corp</label>
|
||||
|
||||
@ -114,17 +116,21 @@
|
||||
|
||||
<div class="row text-center">
|
||||
{% if application.reviewer_inprogress_character != None %}
|
||||
{% if perms.hrapplications.approve_hrapplication %}
|
||||
<a href="/hr_application_approve/{{ application.id }}">
|
||||
<button type="button" class="btn btn-lg btn-success">Approve</button>
|
||||
</a>
|
||||
|
||||
{% endif %}
|
||||
{% if perms.hrapplications.reject_hrapplication %}
|
||||
<a href="/hr_application_reject/{{ application.id }}">
|
||||
<button type="button" class="btn btn-lg btn-info">Reject</button>
|
||||
</a>
|
||||
|
||||
{% endif %}
|
||||
{% if perms.hrapplications.delete_hrapplication %}
|
||||
<a href="/hr_application_remove/{{ application.id }}">
|
||||
<button type="button" class="btn btn-lg btn-danger">Delete</button>
|
||||
</a>
|
||||
{% endif %}
|
||||
|
||||
{% else %}
|
||||
<a href="/hr_mark_in_progress/{{ application.id }}">
|
||||
@ -136,14 +142,18 @@
|
||||
<br/>
|
||||
|
||||
<div class="row text-center">
|
||||
<a href="{{ JACK_KNIFE_URL }}?usid={{ application.full_api_id }}&apik={{ application.full_api_key }}"
|
||||
{% for api in apis %}
|
||||
<a href="{{ JACK_KNIFE_URL }}?usid={{ api._api_id }}&apik={{ api.api__key }}"
|
||||
target="_blank">
|
||||
<button type="button" class="btn btn-lg btn-primary">API Jack Knife</button>
|
||||
<button type="button" class="btn btn-lg btn-primary">API {{ api.api_id }}</button>
|
||||
</a>
|
||||
{% endfor %}
|
||||
{% if perms.hrapplications.add_hrapplicationcomment %}
|
||||
<button type="button" class="btn btn-primary btn-lg" data-toggle="modal"
|
||||
data-target="#myModal">
|
||||
Comment
|
||||
</button>
|
||||
{% endif %}
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@ -188,6 +198,7 @@
|
||||
</div>
|
||||
|
||||
{% if perms.auth.human_resources %}
|
||||
{% if perms.hrapplications.add_hrapplicationcomment %}
|
||||
<div class="modal fade" id="myModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel"
|
||||
aria-hidden="true">
|
||||
<div class="modal-dialog">
|
||||
@ -212,6 +223,7 @@
|
||||
</div>
|
||||
</div>
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endblock content %}
|
||||
{% block extra_script %}
|
||||
$(document).ready(function(){
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user