Merge pull request #683 from akvo/feature/407_update_button

[#407] Updated logic for 'Add update' button
akvo · Jul 29, 2014 · f360d10 · f360d10
2 parents cfe9e17 + 6e5e1d0
commit f360d10
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 46 deletions.
diff --git a/akvo/rsr/decorators.py b/akvo/rsr/decorators.py
@@ -39,8 +39,7 @@ def project_viewing_permissions(view):
     """
     Work as @fetch_project with additional logic for draft capability.
     - Published projects can be seen by anyone.
-    - A user can see "own" unpublished projects in "draft" state (a red banner
-        on the top)
+    - A user can see "own" unpublished projects in "draft" state (a red banner on the top)
     - A user with the "view project drafts" permission can see an unpublished project
     - A signed in user gets a 403 on unpublished projects that aren't "owned"
     - Anyone not signed in will get a 404 on unpublished projects
@@ -55,10 +54,8 @@ def wrapper(request, project_id, *args, **kwargs):
         unprivileged_user = not privileged_user
         authenticated_user = request.user.is_authenticated()
         unpublished_project = not project.is_published()
-#        request.privileged_user = privileged_user
 
-        # Enable draft preview for privileged users, additional logic in
-        # the draft section of project pages templates
+        # Enable draft preview for privileged users, additional logic in the draft section of project pages templates
         draft = False
         if unpublished_project and authenticated_user and unprivileged_user:
             raise PermissionDenied

diff --git a/akvo/rsr/views_partner_sites/base.py b/akvo/rsr/views_partner_sites/base.py
@@ -7,19 +7,17 @@
 """
 from __future__ import absolute_import
 
-from urlparse import urljoin
-
 from django.conf import settings
-from django.http import Http404
-from django.core.exceptions import PermissionDenied
 from django.shortcuts import get_object_or_404, redirect
 from django.views.generic import TemplateView, ListView
-from django.core.urlresolvers import reverse, set_urlconf
-from django.utils import translation
+from django.core.urlresolvers import reverse
+from django.utils.decorators import method_decorator
+
 
 from akvo.rsr.filters import remove_empty_querydict_items, ProjectFilterSet
 from akvo.rsr.iso3166 import COUNTRY_CONTINENTS, CONTINENTS
 from akvo.rsr.models import Organisation, Country, Project
+from akvo.rsr.decorators import project_viewing_permissions
 
 
 __all__ = [
@@ -86,46 +84,30 @@ def get_context_data(self, **kwargs):
 
 
 class BaseProjectView(BaseView):
-    """View that extends BaseView with current project or throws a 404. We
-    also verify that the project is related to the current organisation,
-    if not we throw a 404."""
+    """View that extends BaseView with current project information and viewing permissions."""
+
+    @method_decorator(project_viewing_permissions)
+    def dispatch(self, *args, **kwargs):
+        return super(BaseProjectView, self).dispatch(*args, **kwargs)
 
     def get_context_data(self, **kwargs):
         context = super(BaseProjectView, self).get_context_data(**kwargs)
-        project = get_object_or_404(Project, pk=self.kwargs['project_id'])
-
-        privileged_user = project.connected_to_user(self.request.user)
-        unprivileged_user = not privileged_user
-        authenticated_user = self.request.user.is_authenticated()
-        unpublished_project = not project.is_published()
-        draft = False
-
-        # Enable draft preview for privileged users, additional logic in
-        # the draft section of project pages templates
-        if unpublished_project and authenticated_user and unprivileged_user:
-            raise PermissionDenied
-        if unpublished_project and unprivileged_user:
-            raise Http404
-        if unpublished_project and privileged_user:
-            draft = True
-
-        updates = project.project_updates.all().order_by('-created_at')
+
+        # Get project updates
+        updates = context['project'].project_updates.all().order_by('-created_at')
         updates_with_images = updates.exclude(photo__exact='')
 
         context.update({
-            'project': project,
             'updates': updates,
             'updates_with_images': updates_with_images,
-            'can_add_update': privileged_user,
-            'draft': draft,
             'fb_app_id': getattr(settings, 'FB_APP_ID', ''),
         })
         return context
 
 
 class BaseListView(DebugViewMixin, PartnerSitesMixin, ListView):
     """List view that are extended with the current organisation and the
-    proejcts connected to the organisation available in the template context
+    projects connected to the organisation available in the template context
     variable project_list"""
 
     def get_context_data(self, **kwargs):

diff --git a/akvo/rsr/views_partner_sites/project.py b/akvo/rsr/views_partner_sites/project.py
@@ -19,8 +19,7 @@
 
 from akvo.rsr.forms import ProjectUpdateForm
 from akvo.rsr.models import Invoice, Project, ProjectUpdate
-from akvo.rsr.views_partner_sites.base import (
-    BaseProjectListView, BaseProjectView, BaseListView, BaseView)
+from akvo.rsr.views_partner_sites.base import (BaseProjectListView, BaseProjectView, BaseListView, BaseView)
 
 
 __all__ = [
@@ -75,8 +74,9 @@ class ProjectUpdateListView(BaseListView):
 
     def get_context_data(self, **kwargs):
         context = super(ProjectUpdateListView, self).get_context_data(**kwargs)
-        context['project'] = get_object_or_404(
-            Project, pk=self.kwargs['project_id'])
+        context['project'] = get_object_or_404(Project, pk=self.kwargs['project_id'])
+        context['can_add_update'] = context['project'].connected_to_user(self.request.user) or \
+                                    self.request.user.has_perm('rsr.change_project')
         return context
 
     def get_queryset(self):
@@ -151,8 +151,8 @@ def get_context_data(self, **kwargs):
                 u"You can't add updates to unpublished projects."
             raise PermissionDenied
 
-        user_is_authorized = context['project'].connected_to_user(
-            self.request.user)
+        user_is_authorized = context['project'].connected_to_user(self.request.user) or \
+                             self.request.user.has_perm('rsr.change_project')
         if self.request.user.is_authenticated() and not user_is_authorized:
             self.request.error_message = \
                 u"You don't have permission to add updates to this project."
@@ -186,7 +186,8 @@ def get_context_data(self, **kwargs):
         self.object = update
         context = super(ProjectUpdateEditView, self).get_context_data(**kwargs)
 
-        user_is_authorized = context['project'].connected_to_user(self.request.user)
+        user_is_authorized = context['project'].connected_to_user(self.request.user) or \
+                             self.request.user.has_perm('rsr.change_project')
         if not user_is_authorized:
             raise PermissionDenied
 

diff --git a/akvo/templates/partner_sites/project/base_project.html b/akvo/templates/partner_sites/project/base_project.html
@@ -138,21 +138,26 @@ <h2 class="marg_top40">
       {% block project_tools %}
         <h2 class="marg_top40">{% trans "Tools for this page" %}</h2>
         <div class="whitebox">
-          {# don't show the "Add update" button to users that are signed in and not connected to the project #}
-          {% if not user.username or can_add_update %}
+          {% if can_add_update %}
             <div style="width:45%; float:left; padding-top:15px; padding-left:10px;">
               <a class="aqua awesome" href="{% url 'update_add' project.id %}" style="color:#fff" target="_top">{% trans 'Add update' %}</a>
             </div>
+          {% elif not user.username or not can_add_update %}
+            <div style="width:45%; float:left; padding-top:15px; padding-left:10px;">
+              <span class="grey awesome">{% trans 'Add update' %}</span>
+            </div>
             <div style="width:45%; float:right; padding-top:15px; padding-right:10px">
               <p style="margin:0;" class="tiny grey">
                 {% if not user.username %}
                   {% trans 'Sign in to add an update to your project.' %}
+                {% elif not can_add_update %}
+                  {% trans 'You are not allowed to place updates for this project.' %}
                 {% endif %}
               </p>
             </div>
+          {% endif %}
             <div class="clear"></div>
             <hr style="margin-bottom:0; margin-left:5px; margin-right:5px;" />
-          {% endif %}
           <p class="grey small pad10" style="margin:0;">
             <a href="{% url 'get_widget' project.id %}">{% trans 'Get a widget' %}</a> {% trans "for your website" %}<br />
             <a href="{% url 'project_main' project.id %}">{% trans 'Permalink' %}</a> {% trans "to this project" %}<br />