Issue mozilla#108: Bugfix for application list permission; more tests

badgus/settings/base.py

@@ -679,6 +679,7 @@ def JINJA_CONFIG():
         'teams.view_badgeteam', 
         'teams.change_badgeteam', 
         'teams.delete_badgeteam', 
+        'teams.list_badgeteamapplication',
         'teams.view_badgeteamapplication',
         'teams.delete_badgeteamapplication',
     )

badgus/teams/models.py

@@ -20,7 +20,20 @@
 BADGETEAM_INVALID_NAMES = ('new',)
 
 BADGETEAM_DEFAULT_ROLES = {
+    "awarder": (
+        'badger.award_badge',
+        'badger.nominate_badge',
+        'badger.manage_deferredawards',
+        'badger.delete_award',
+        'badger.approve_nomination',
+        'badger.reject_nomination',
+        'badger.grant_deferredaward',
+    ),
     "leader": ( 
+        'teams.list_badgeteam',
+        'teams.view_badgeteam', 
+        'teams.add_badgeteam',
+        'teams.apply_badgeteam',
         'teams.change_badgeteam',
         'teams.invite_badgeteam',
         'teams.list_badgeteamapplication',
@@ -38,15 +51,6 @@
         'badger.reject_nomination',
         'badger.grant_deferredaward',
     ),
-    "awarder": (
-        'badger.award_badge',
-        'badger.nominate_badge',
-        'badger.manage_deferredawards',
-        'badger.delete_award',
-        'badger.approve_nomination',
-        'badger.reject_nomination',
-        'badger.grant_deferredaward',
-    )
 }
 
 
@@ -118,7 +122,8 @@ def create_default_roles(self):
 class BadgeTeamApplication(models.Model):
 
     comment = models.TextField(blank=False)
-    team = models.ForeignKey(BadgeTeam, blank=False, null=False)
+    team = models.ForeignKey(BadgeTeam, blank=False, null=False,
+                             related_name='applications')
     creator = models.ForeignKey(User, blank=False, null=True)
     created = models.DateTimeField(auto_now_add=True, blank=False)
     modified = models.DateTimeField(auto_now=True, blank=False)

badgus/teams/templates/teams/badgeteamapplication_list.html

@@ -15,11 +15,11 @@ <h2>
 
     <ul class="applications">
         {% for object in object_list %}
-            <li>
+            <li class="application">
                 <a href="{{ object.get_absolute_url() }}"><img src="{{ user_avatar(object.creator) }}" alt="{{ object.creator }}" width="28" height="28" /> {{ object.creator }} applied on {{ object.created }}</a>
             </li>
         {% else %}
-            <li>{{ _("No applications, yet.") }}</li>
+            <li class="empty">{{ _("No applications, yet.") }}</li>
         {% endfor %}
     </ul>
 

badgus/teams/tests/test_views.py

@@ -34,6 +34,20 @@ def test_application_button_on_team(self):
                                kwargs={"team_slug": self.team.slug})
         eq_(expected_url, button.attr('href'))
 
+    def test_application_button_hidden_for_pending_application(self):
+        """Application to team button swaps with a link to existing application when available"""
+        self.client.login(username=self.username, password=self.password)
+
+        application = BadgeTeamApplication(team=self.team, creator=self.user)
+        application.save()
+
+        r = self.client.get(self.team_url, follow=True)
+        doc = pq(r.content)
+
+        eq_(0, doc.find('a.apply-team').length)
+        eq_(application.get_absolute_url(),
+            doc.find('a.view-team-application').attr('href'))
+
     def test_application_button_hidden_for_members(self):
         """Application to team button should be hidden for members"""
         credentials = (
@@ -46,20 +60,46 @@ def test_application_button_hidden_for_members(self):
             doc = pq(r.content)
             eq_(0, doc.find('a.apply-team').length)
 
-    def test_application_button_hidden_for_pending_application(self):
-        """Application to team button should be replaced by a link to existing application when available"""
-        self.client.login(username=self.username,
-                          password=self.password)
+    def test_list_applications_button(self):
+        """List applications button should appear for founder and members with permission"""
+        credentials = (
+            (self.member_username, self.member_password),
+            (self.founder_username, self.founder_password),
+        )
+        for (username, password) in credentials:
+            self.client.login(username=username, password=password)
+            r = self.client.get(self.team_url, follow=True)
+            doc = pq(r.content)
+            eq_(1, doc.find('a.list-team-applications').length)
 
-        application = BadgeTeamApplication(team=self.team, creator=self.user)
-        application.save()
+    def test_list_applications(self):
+        """Ensure users wth permissions can list applications"""
+        credentials = (
+            (self.member_username, self.member_password),
+            (self.founder_username, self.founder_password),
+        )
 
-        r = self.client.get(self.team_url, follow=True)
-        doc = pq(r.content)
+        for (username, password) in credentials:
 
-        eq_(0, doc.find('a.apply-team').length)
-        eq_(application.get_absolute_url(),
-            doc.find('a.view-team-application').attr('href'))
+            self.client.login(username=username, password=password)
+            url = reverse('teams.team_applications_list',
+                          kwargs={"team_slug": self.team.slug})
+
+            self.team.applications.all().delete()
+
+            r = self.client.get(url, follow=True)
+            doc = pq(r.content)
+            eq_(1, doc.find('.applications .empty').length)
+            eq_(0, doc.find('.applications .application').length)
+
+            application = BadgeTeamApplication(team=self.team,
+                                               creator=self.founder_user)
+            application.save()
+
+            r = self.client.get(url, follow=True)
+            doc = pq(r.content)
+            eq_(0, doc.find('.applications .empty').length)
+            eq_(1, doc.find('.applications .application').length)
 
     def setUp(self):
         self.client = Client()
@@ -89,6 +129,5 @@ def setUp(self):
         self.team.save()
         self.team_url = self.team.get_absolute_url()
 
-        self.role = Role(name='member', team=self.team)
-        self.role.save()
+        self.role = self.team.role_set.get(name='leader')
         self.role.users.add(self.member_user)

badgus/teams/views.py

@@ -117,9 +117,10 @@ def form_valid(self, form):
 class TeamApplicationListView(ListView):
     model = BadgeTeamApplication
 
-    @method_decorator(permission_required('teams.list_badgeteamapplication'))
     def dispatch(self, request, *args, **kwargs):
         self.team = get_object_or_404(BadgeTeam, slug=self.kwargs['team_slug'])
+        if not request.user.has_perm('teams.list_badgeteamapplication', self.team):
+            raise PermissionDenied
         return super(TeamApplicationListView, self).dispatch(request, *args, **kwargs)
 
     def get_queryset(self):

bin/run-common.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
 
 ./manage.py collectstatic --noinput -c
-./manage.py syncdb --noinput
+./manage.py syncdb --noinput --migrate