Mathis/allianceauth
1
0
Fork 0
mirror of https://gitlab.com/allianceauth/allianceauth.git synced 2025-07-13 14:30:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Revamped hrapplications permissions

Browse Source 
- new approve, reject permissions for applications
 - respect built-in add, delete permissions for HRApplications and HRApplicationComments
 - auth.hr_management permission required to view applications section
Populate application APIs from user's eveapikeypair set
 - enforces API key validity
 - respects addition and removal of keys by applicant
Addresses #293 and #191
This commit is contained in:
Adarnof 2016-03-06 23:27:00 +00:00
parent fa60be3675
commit 3507275e9d
4 changed files with 90 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hrapplications/forms.py
View File

@ -16,8 +16,6 @@ class HRApplicationForm(forms.Form):
allchoices.append((str(corp.corporation_id), str(corp.corporation_name)))
character_name = forms.CharField(max_length=254, required=True, label="Main Character Name")
full_api_id = forms.CharField(max_length=254, required=True, label="API ID")
full_api_key = forms.CharField(max_length=254, required=True, label="API Verification Code")
corp = forms.ChoiceField(choices=allchoices, required=True, label="Corp")
is_a_spi = forms.ChoiceField(choices=[('Yes', 'Yes'), ('No', 'No')], required=True, label='Are you a spy?')
about = forms.CharField(widget=forms.Textarea, required=False, label="About You")

5
hrapplications/models.py
View File

@ -7,8 +7,6 @@ from eveonline.models import EveCorporationInfo
class HRApplication(models.Model):
character_name = models.CharField(max_length=254, default="")
full_api_id = models.CharField(max_length=254, default="")
full_api_key = models.CharField(max_length=254, default="")
is_a_spi = models.CharField(max_length=254, default="")
about = models.TextField(default="")
extra = models.TextField(default="")
@ -25,6 +23,9 @@ class HRApplication(models.Model):
def __str__(self):
return self.character_name + " - Application"
class Meta:
permissions = (('approve_hrapplication', 'Can approve applications'), ('reject_hrapplication', 'Can reject applications'))
class HRApplicationComment(models.Model):
created_on = models.DateTimeField(auto_now_add=True, null=True)

43
hrapplications/views.py
View File

@ -68,8 +68,6 @@ def hr_application_create_view(request):
application = HRApplication()
application.user = request.user
application.character_name = form.cleaned_data['character_name']
application.full_api_id = form.cleaned_data['full_api_id']
application.full_api_key = form.cleaned_data['full_api_key']
application.corp = EveCorporationInfo.objects.get(corporation_id=form.cleaned_data['corp'])
application.is_a_spi = form.cleaned_data['is_a_spi']
application.about = form.cleaned_data['about']
@ -98,8 +96,11 @@ def hr_application_personal_view(request, app_id):
else:
logger.error("Unable to locate HRApplication matching id %s - returning blank application to user %s" % (app_id, request.user))
application = HRApplication()
context = {'application': application}
apis = request.user.eveapikeypair_set.all()
context = {
'application': application,
'apis': apis,
}
return render_to_response('registered/hrapplicationview.html',
context, context_instance=RequestContext(request))
@ -122,19 +123,21 @@ def hr_application_personal_removal(request, app_id):
def hr_application_view(request, app_id):
logger.debug("hr_application_view called by user %s for app id %s" % (request.user, app_id))
if request.method == 'POST':
form = HRApplicationCommentForm(request.POST)
logger.debug("Request type POST contains form valid: %s" % form.is_valid())
if form.is_valid():
auth_info = AuthServicesInfo.objects.get(user=request.user)
comment = HRApplicationComment()
comment.application = HRApplication.objects.get(id=int(form.cleaned_data['app_id']))
comment.commenter_user = request.user
comment.commenter_character = EveCharacter.objects.get(character_id=auth_info.main_char_id)
comment.comment = form.cleaned_data['comment']
comment.save()
logger.info("Saved comment by user %s to hrapplication %s" % (request.user, comment.application))
if request.user.has_perm('hrapplications.add_hrapplicationcomment'):
form = HRApplicationCommentForm(request.POST)
logger.debug("Request type POST contains form valid: %s" % form.is_valid())
if form.is_valid():
auth_info = AuthServicesInfo.objects.get(user=request.user)
comment = HRApplicationComment()
comment.application = HRApplication.objects.get(id=int(form.cleaned_data['app_id']))
comment.commenter_user = request.user
comment.commenter_character = EveCharacter.objects.get(character_id=auth_info.main_char_id)
comment.comment = form.cleaned_data['comment']
comment.save()
logger.info("Saved comment by user %s to hrapplication %s" % (request.user, comment.application))
else:
logger.warn("User %s does not have permission to add HRApplicationComments" % request.user)
else:
logger.debug("Returning blank HRApplication comment form.")
form = HRApplicationCommentForm()
@ -148,14 +151,16 @@ def hr_application_view(request, app_id):
comments = []
logger.error("HRAppllication with id %s not found - returning blank applicatin to user %s" % request.user)
context = {'application': application, 'comments': comments, 'comment_form': form}
context = {
'application': application,
'comments': comments, 'comment_form': form}
return render_to_response('registered/hrapplicationview.html',
context, context_instance=RequestContext(request))
@login_required
@permission_required('auth.human_resources')
@permission_required('hrapplications.delete_hrapplication')
def hr_application_remove(request, app_id):
logger.debug("hr_application_remove called by user %s for app id %s" % (request.user, app_id))
if HRApplication.objects.filter(id=app_id).exists():
@ -174,6 +179,7 @@ def hr_application_remove(request, app_id):
@login_required
@permission_required('auth.human_resources')
@permission_required('hrapplications.approve_hrapplication')
def hr_application_approve(request, app_id):
logger.debug("hr_application_approve called by user %s for app id %s" % (request.user, app_id))
if HRApplication.objects.filter(id=app_id).exists():
@ -193,6 +199,7 @@ def hr_application_approve(request, app_id):
@login_required
@permission_required('auth.human_resources')
@permission_required('hrapplications.reject_hrapplication')
def hr_application_reject(request, app_id):
logger.debug("hr_application_reject called by user %s for app id %s" % (request.user, app_id))
if HRApplication.objects.filter(id=app_id).exists():

112
stock/templates/registered/hrapplicationview.html
View File

@ -56,20 +56,22 @@
<input class=" form-control" value="{{ application.character_name }}" disabled>
</div>
</div>
<div class="form-group">
<label class="control-label" for="id_full_api_id">API ID</label>
{% for api in apis %}
<div class="form-group">
<label class="control-label" for="id_full_api_id">API ID</label>
<div class=" ">
<input class=" form-control" value="{{ application.full_api_id }}" disabled>
<div class=" ">
<input class=" form-control" value="{{ api.api_id }}" disabled>
</div>
</div>
</div>
<div class="form-group">
<label class="control-label " for="id_full_api_key">API Verification Code</label>
<div class="form-group">
<label class="control-label " for="id_full_api_key">API Verification Code</label>
<div class=" ">
<input class=" form-control" value="{{ application.full_api_key }}" disabled>
</div>
</div>
<div class=" ">
<input class=" form-control" value="{{ api.api_key }}" disabled>
</div>
</div>
{% endfor %}
<div class="form-group">
<label class="control-label " for="id_corp">Corp</label>
@ -114,17 +116,21 @@
<div class="row text-center">
{% if application.reviewer_inprogress_character != None %}
<a href="/hr_application_approve/{{ application.id }}">
<button type="button" class="btn btn-lg btn-success">Approve</button>
</a>
<a href="/hr_application_reject/{{ application.id }}">
<button type="button" class="btn btn-lg btn-info">Reject</button>
</a>
<a href="/hr_application_remove/{{ application.id }}">
<button type="button" class="btn btn-lg btn-danger">Delete</button>
</a>
{% if perms.hrapplications.approve_hrapplication %}
<a href="/hr_application_approve/{{ application.id }}">
<button type="button" class="btn btn-lg btn-success">Approve</button>
</a>
{% endif %}
{% if perms.hrapplications.reject_hrapplication %}
<a href="/hr_application_reject/{{ application.id }}">
<button type="button" class="btn btn-lg btn-info">Reject</button>
</a>
{% endif %}
{% if perms.hrapplications.delete_hrapplication %}
<a href="/hr_application_remove/{{ application.id }}">
<button type="button" class="btn btn-lg btn-danger">Delete</button>
</a>
{% endif %}
{% else %}
<a href="/hr_mark_in_progress/{{ application.id }}">
@ -136,14 +142,18 @@
<br/>
<div class="row text-center">
<a href="{{ JACK_KNIFE_URL }}?usid={{ application.full_api_id }}&apik={{ application.full_api_key }}"
target="_blank">
<button type="button" class="btn btn-lg btn-primary">API Jack Knife</button>
</a>
<button type="button" class="btn btn-primary btn-lg" data-toggle="modal"
data-target="#myModal">
Comment
</button>
{% for api in apis %}
<a href="{{ JACK_KNIFE_URL }}?usid={{ api._api_id }}&apik={{ api.api__key }}"
target="_blank">
<button type="button" class="btn btn-lg btn-primary">API {{ api.api_id }}</button>
</a>
{% endfor %}
{% if perms.hrapplications.add_hrapplicationcomment %}
<button type="button" class="btn btn-primary btn-lg" data-toggle="modal"
data-target="#myModal">
Comment
</button>
{% endif %}
</div>
</div>
@ -188,29 +198,31 @@
</div>
{% if perms.auth.human_resources %}
<div class="modal fade" id="myModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel"
aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal"><span
aria-hidden="true">&times;</span><span class="sr-only">Close</span></button>
<h4 class="modal-title" id="myModalLabel">Add Comment</h4>
</div>
<div class="modal-body">
<form class="form-signin" role="form" action="" method="POST">
{% csrf_token %}
{{ comment_form.app_id|bootstrap }}
{{ comment_form.comment|bootstrap }}
<br/>
<button class="btn btn-lg btn-primary btn-block" type="submit">Add Comment</button>
</form>
</div>
<div class="modal-footer">
{% if perms.hrapplications.add_hrapplicationcomment %}
<div class="modal fade" id="myModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel"
aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal"><span
aria-hidden="true">&times;</span><span class="sr-only">Close</span></button>
<h4 class="modal-title" id="myModalLabel">Add Comment</h4>
</div>
<div class="modal-body">
<form class="form-signin" role="form" action="" method="POST">
{% csrf_token %}
{{ comment_form.app_id|bootstrap }}
{{ comment_form.comment|bootstrap }}
<br/>
<button class="btn btn-lg btn-primary btn-block" type="submit">Add Comment</button>
</form>
</div>
<div class="modal-footer">
</div>
</div>
</div>
</div>
</div>
{% endif %}
{% endif %}
{% endblock content %}
{% block extra_script %}