Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

remove user_can_edit_assessment #1071

Merged
merged 3 commits into from
Aug 28, 2024
Merged

remove user_can_edit_assessment #1071

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ccf639b
remove user_can_edit_assessment, update assessment detail page
caseyhans Jul 17, 2024
e4958f9
fix for prime flavor
caseyhans Jul 17, 2024
2756039
Merge branch 'main' into permissions-removal
shapiromatron Aug 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 0 additions & 5 deletions hawc/apps/assessment/models.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -355,11 +355,6 @@ def user_can_edit_object(self, user, perms: AssessmentPermissions | None = None)
perms = self.get_permissions()
return perms.can_edit_object(user)

def user_can_edit_assessment(self, user, perms: AssessmentPermissions | None = None) -> bool:
if perms is None:
perms = self.get_permissions()
return perms.project_manager_or_higher(user)

def user_is_reviewer_or_higher(self, user) -> bool:
perms = self.get_permissions()
return perms.reviewer_or_higher(user)
Expand Down
157 changes: 80 additions & 77 deletions hawc/apps/assessment/templates/assessment/assessment_detail.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -137,93 +137,96 @@ <h2>{{object}}{% debug_badge object.id %}</h2>
</table>

{% if is_team_member %}
<h3>Assessment details for team members*</h3>
<table id="assessment_table" class="table table-sm table-striped">
{% bs4_colgroup '25,25,25,25' %}
<tbody>
<tr>
<th>Assessment team</th>
<td>
<p><strong>Project manager{{ object.project_manager.all|pluralize }}</strong></p>
<ul class="mb-0">
{% for m in object.project_manager.active %}
<li title="{{m.email}}">{{ m.get_full_name }}</li>
{% endfor %}
</ul>
</td>
<td>
<p><strong>Team member{{ object.team_members.all|pluralize }}</strong></p>
<ul class="mb-0">
{% for m in object.team_members.active %}
<li title="{{m.email}}">{{ m.get_full_name }}</li>
{% empty %}
<li><i>None assigned</i></li>
{% endfor %}
</ul>
</td>
<td>
<p><strong>Reviewer{{ object.reviewers.all|pluralize }}</strong></p>
<ul class="mb-0">
{% for m in object.reviewers.active %}
<li title="{{m.email}}">{{ m.get_full_name }}</li>
{% empty %}
<li><i>None assigned</i></li>
{% endfor %}
</ul>
</td>
</tr>

<tr>
<th>Editable</th>
<td colspan="3">{{object.editable|yesno:"Yes,No"}}</td>
</tr>

<tr>
<th>Public</th>
<td colspan="3">
{% if object.public_on %}
Yes; published on {{object.public_on|date:"DATE_FORMAT"}}
{% else %}
No; this assessment is currently private
{% endif %}
</td>
</tr>
<div class="bg-lightblue rounded p-3 mb-3">
<h3>Assessment details for team members*</h3>
<table id="assessment_table" class="table table-sm table-striped bg-white my-0">
{% bs4_colgroup '25,25,25,25' %}
<tbody>
<tr>
<th>Assessment team</th>
<td>
<p><strong>Project manager{{ object.project_manager.all|pluralize }}</strong></p>
<ul class="mb-0">
{% for m in object.project_manager.active %}
<li title="{{m.email}}">{{ m.get_full_name }}</li>
{% endfor %}
</ul>
</td>
<td>
<p><strong>Team member{{ object.team_members.all|pluralize }}</strong></p>
<ul class="mb-0">
{% for m in object.team_members.active %}
<li title="{{m.email}}">{{ m.get_full_name }}</li>
{% empty %}
<li><i>None assigned</i></li>
{% endfor %}
</ul>
</td>
<td>
<p><strong>Reviewer{{ object.reviewers.all|pluralize }}</strong></p>
<ul class="mb-0">
{% for m in object.reviewers.active %}
<li title="{{m.email}}">{{ m.get_full_name }}</li>
{% empty %}
<li><i>None assigned</i></li>
{% endfor %}
</ul>
</td>
</tr>

{% if object.public_on %}
<tr>
<th>Hidden from public assessments page?</th>
<td colspan="3">{{object.hide_from_public_page|yesno:"Yes; available if you have the link but hidden from the list page,No; it's available via searching or browsing"|safe}}</td>
<th>Assessment ID</th>
<td colspan="3">{{object.id}}</td>
</tr>
{% endif %}

<tr>
<th>Date created</th>
<td colspan="3">Created by {{object.creator}} on {{object.created|date:"DATE_FORMAT"}}</td>
</tr>
<tr>
<th>Editable</th>
<td colspan="3">{{object.editable|yesno:"Yes,No"}}</td>
</tr>

{% if object.details and object.details.qa_id %}
{% url_or_span object.details.qa_id object.details.qa_url as qa_identifier %}
<tr>
<th>QA Identifier</th>
<td colspan="3">{{ qa_identifier }}</td>
<th>Public</th>
<td colspan="3">
{% if object.public_on %}
Yes; published on {{object.public_on|date:"DATE_FORMAT"}}
{% else %}
No; this assessment is currently private
{% endif %}
</td>
</tr>
{% endif %}

{% if internal_communications|hastext %}
{% if object.public_on %}
<tr>
<th>Hidden from public assessments page?</th>
<td colspan="3">{{object.hide_from_public_page|yesno:"Yes; available if you have the link but hidden from the list page,No; it's available via searching or browsing"|safe}}</td>
</tr>
{% endif %}

<tr>
<th>Internal communications</th>
<td colspan="3">{{ internal_communications|safe }}</td>
<th>Date created</th>
<td colspan="3">Created by {{object.creator}} on {{object.created|date:"DATE_FORMAT"}}</td>
</tr>
{% endif %}
</tbody>
<tfoot>
<tr>
<td colspan="5" class="text-muted">
* These fields are only shown to assessment team members, even if the assessment is made public.
</td>
</tr>
</tfoot>
</table>

{% if object.details and object.details.qa_id %}
{% url_or_span object.details.qa_id object.details.qa_url as qa_identifier %}
<tr>
<th>QA Identifier</th>
<td colspan="3">{{ qa_identifier }}</td>
</tr>
{% endif %}

{% if internal_communications|hastext %}
<tr>
<th>Internal communications</th>
<td colspan="3">{{ internal_communications|safe }}</td>
</tr>
{% endif %}
</tbody>
</table>
<span class="text-muted">
* These fields are only shown to assessment team members, even if the assessment is made public.
</span>
</div>
{% endif %}

{% if crud == "Read" %}
Expand Down
4 changes: 2 additions & 2 deletions hawc/apps/riskofbias/actions/rob_clone.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -201,8 +201,8 @@ def has_permission(self, request) -> tuple[bool, str]:
if src_assessment is None or dst_assessment is None:
return False, "Invalid source and/or destination assessment ID."
if (
src_assessment.user_can_edit_assessment(request.user) is False
or dst_assessment.user_can_edit_assessment(request.user) is False
src_assessment.user_is_project_manager_or_higher(request.user) is False
or dst_assessment.user_is_project_manager_or_higher(request.user) is False
):
return False, "Must be a Project Manager for source and destination assessments."
return super().has_permission(request)
2 changes: 1 addition & 1 deletion hawc/apps/riskofbias/serializers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -387,7 +387,7 @@ def to_representation(self, instance):

def validate(self, data):
assessment = self.instance.study.assessment if self.instance else data["study"].assessment
if not assessment.user_can_edit_assessment(self.context["request"].user):
if not assessment.user_is_project_manager_or_higher(self.context["request"].user):
raise PermissionDenied()
if "author" in data and not assessment.user_can_edit_object(data["author"]):
raise serializers.ValidationError({"author": "Author cannot be assigned"})
Expand Down
9 changes: 5 additions & 4 deletions hawc/apps/riskofbias/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -253,7 +253,7 @@ class RobAssignmentUpdate(BaseFilterList):
assessment_permission = AssessmentViewPermissions.PROJECT_MANAGER_EDITABLE

def get_queryset(self):
if not self.assessment.user_can_edit_assessment(self.request.user):
if not self.assessment.user_is_project_manager_or_higher(self.request.user):
raise PermissionDenied()
robs = models.RiskOfBias.objects.prefetch_related("author", "scores")
return (
Expand Down Expand Up @@ -295,7 +295,7 @@ def get_object(self, **kwargs):
assessment=self.kwargs.get("pk"),
)
obj = super().get_object(object=obj)
if not self.assessment.user_can_edit_assessment(self.request.user):
if not self.assessment.user_is_project_manager_or_higher(self.request.user):
raise PermissionDenied()
return obj

Expand Down Expand Up @@ -468,8 +468,9 @@ class RoBEdit(TimeSpentOnPageMixin, BaseDetail):
def get_object(self, **kwargs):
# either project managers OR the author can edit/view.
obj = super().get_object(**kwargs)
if obj.author != self.request.user and not self.assessment.user_can_edit_assessment(
self.request.user
if (
obj.author != self.request.user
and not self.assessment.user_is_project_manager_or_higher(self.request.user)
):
raise PermissionDenied
return obj
Expand Down
2 changes: 1 addition & 1 deletion hawc/apps/study/models.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -292,7 +292,7 @@ def set_communications(self, text: str):
Communication.set_message(self, text)

def user_can_toggle_editable(self, user) -> bool:
return self.assessment.user_can_edit_assessment(user)
return self.assessment.user_is_project_manager_or_higher(user)

def toggle_editable(self):
self.editable = not self.editable
Expand Down