#M23b. Only display the hackathons for their org or hackathons that are publicly available (#274)

* Enabling orgs

* Adding tests to check for correct access

* Fixing some liniting

Author: stefdworschak

accounts/decorators.py

@@ -1,10 +1,12 @@
 from functools import wraps
 
+from django.shortcuts import get_object_or_404
 from django.contrib import messages
 from django.core.exceptions import PermissionDenied
 from django.shortcuts import reverse, redirect
 
 from accounts.models import UserType
+from hackathon.models import Hackathon, HackTeam
 
 
 def can_access(allowed_types, redirect_url=None, redirect_kwargs={}):
@@ -25,3 +27,51 @@ def wrapped_view(request, *args, **kwargs):
         return wrapped_view
 
     return decorator
+
+
+def has_access_to_hackathon(redirect_url=None, redirect_kwargs={}):
+    def decorator(view_function):
+        @wraps(view_function)
+        def wrapped_view(request, *args, **kwargs):
+            if request.user.is_superuser or request.user.is_staff:
+                return view_function(request, *args, **kwargs)
+
+            hackathon_id = kwargs.get('hackathon_id') or request.POST.get('hackathon-id')
+            hackathon = get_object_or_404(Hackathon, id=hackathon_id)
+            if (hackathon.organisation.id != 1
+                    and hackathon.organisation.id != request.user.organisation.id
+                    and hackathon.is_public is False):
+                messages.error(request, 'You cannot access this page.')
+                return redirect(reverse('hackathon:hackathon-list'))
+
+            return view_function(request, *args, **kwargs)
+
+        return wrapped_view
+
+    return decorator
+
+
+def has_access_to_team(redirect_url=None, redirect_kwargs={}):
+    def decorator(view_function):
+        @wraps(view_function)
+        def wrapped_view(request, *args, **kwargs):
+            if request.user.is_superuser or request.user.is_staff:
+                return view_function(request, *args, **kwargs)
+
+            team_id = kwargs.get('team_id')
+            team = get_object_or_404(HackTeam, id=team_id)
+            if not team.hackathon:
+                messages.error(request, 'You cannot access this page.')
+                return redirect(reverse('hackathon:hackathon-list'))
+
+            if (team.hackathon.organisation.id != 1
+                    and team.hackathon.organisation.id != request.user.organisation.id
+                    and team.hackathon.is_public is False):
+                messages.error(request, 'You cannot access this page.')
+                return redirect(reverse('hackathon:hackathon-list'))
+
+            return view_function(request, *args, **kwargs)
+
+        return wrapped_view
+
+    return decorator

competencies/tests.py

@@ -23,7 +23,7 @@ def setUp(self):
 
         self.assessment = CompetencyAssessment.objects.create(
             user=self.user2,
-            is_visible=False,
+            is_visible=True,
         )
 
         competency_difficulty = CompetencyDifficulty.objects.create(

docker-compose.yml

@@ -31,6 +31,8 @@ services:
     entrypoint: ['python3', 'manage.py', 'runserver', '0.0.0.0:8000']
     ports:
       - "8000:8000"
+    tty: true
+    stdin_open: true
 
   mysql:
     image: docker.io/mysql:5.6.36

hackathon/models.py

@@ -78,7 +78,7 @@ class Hackathon(models.Model):
         blank=True,
         help_text=("Hackathon image.")
     )
-    is_public = models.BooleanField(default=False)
+    is_public = models.BooleanField(default=True)
     max_participants = models.IntegerField(default=None, null=True, blank=True)
 
     def __str__(self):

hackathon/templates/hackathon/hackathon_list.html

@@ -12,7 +12,7 @@
         <h2 class="p-orange text-center mb-4">Hackathons</h2>
         {% for hackathon in hackathons %}
             {% with authorised_types='SUPERUSER,STAFF,FACILITATOR_ADMIN,FACILITATOR_JUDGE,PARTNER_ADMIN,PARTNER_JUDGE' %}
-            {% if hackathon.organisation.id == 1 or hackathon.organisation == user.organisation or request.user.user_type|is_types:authorised_types %}
+            {% if hackathon.organisation.id == 1 or hackathon.organisation.id == request.user.organisation.id or request.user.user_type|is_types:authorised_types %}
                 {% if hackathon.status != 'draft' or request.user == hackathon.created_by %}
                     {% if not hackathon.status == 'deleted' %}
                         {% include 'hackathon/includes/hackathon_card.html' %}

hackathon/templates/hackathon/includes/judge_team_display.html

@@ -16,7 +16,7 @@
         {% endfor %}
         </ul>   
         {% else %}
-        You are currently don't have a team assigned to you.
+        You currently don't have a team assigned to you.
         {% endif %}
         {% endwith %}
 

hackathon/tests/test_views.py

@@ -1,3 +1,4 @@
+from django.shortcuts import reverse
 from django.test import TestCase
 from accounts.models import CustomUser, Organisation
 from django.utils import timezone
@@ -10,17 +11,19 @@ class TestHackathonViews(TestCase):
 
     def setUp(self):
         """Sets up the models for testing"""
-        user = CustomUser.objects.create(username="testuser")
-        staff_user = CustomUser.objects.create(username="staffuser")
-        staff_user.is_staff = True
-        staff_user.save()
-        super_user = CustomUser.objects.create(username="super_user")
-        super_user.is_staff = True
-        super_user.is_superuser = True
-        super_user.save()
-        organisation = Organisation.objects.create()
-        Hackathon.objects.create(
-            created_by=user,
+        organisation = Organisation.objects.create(display_name="CI")
+        self.partner_org = Organisation.objects.create(display_name="Partner")
+        self.user = CustomUser.objects.create(username="testuser", organisation=organisation)
+        self.partner_user = CustomUser.objects.create(username="partnertestuser", organisation=self.partner_org)
+        self.staff_user = CustomUser.objects.create(username="staffuser")
+        self.staff_user.is_staff = True
+        self.staff_user.save()
+        self.super_user = CustomUser.objects.create(username="super_user")
+        self.super_user.is_staff = True
+        self.super_user.is_superuser = True
+        self.super_user.save()
+        self.hackathon = Hackathon.objects.create(
+            created_by=self.user,
             status='published',
             display_name="hacktest",
             description="lorem ipsum",
@@ -31,8 +34,7 @@ def setUp(self):
     def test_render_hackathon_list(self):
         """Tests the correct rendering of the hackathon list page,
         including contexts."""
-        user = CustomUser.objects.get(pk=1)
-        self.client.force_login(user)
+        self.client.force_login(self.user)
         response = self.client.get('/hackathon/')
 
         # Confirms the correct template, context items and queryset
@@ -48,8 +50,7 @@ def test_render_hackathon_list(self):
 
     def test_update_hackathon_status(self):
         """ Tests that the status changes """
-        super_user = CustomUser.objects.get(pk=3)
-        self.client.force_login(super_user)
+        self.client.force_login(self.super_user)
 
         hackathon = Hackathon.objects.get(pk=1)
         status_before = hackathon.status
@@ -70,10 +71,9 @@ def test_view_hackathon(self):
         self.assertEqual(response.status_code, 302)
 
         # Confirms the "enroll.html" template shows only for staff.
-        user = CustomUser.objects.get(pk=1)
-        user.is_staff = True
-        user.save()
-        self.client.force_login(user)
+        self.user.is_staff = True
+        self.user.save()
+        self.client.force_login(self.user)
 
         response = self.client.get('/hackathon/1/')
         self.assertTemplateUsed(response,
@@ -82,8 +82,7 @@ def test_view_hackathon(self):
     def test_judge_enroll_toggle(self):
         """Tests that judges can correctly enroll and withdraw"""
 
-        user = CustomUser.objects.get(pk=1)
-        self.client.force_login(user)
+        self.client.force_login(self.user)
 
         response = self.client.post('/hackathon/enroll/',
                                     {'hackathon-id': 1},
@@ -93,28 +92,169 @@ def test_judge_enroll_toggle(self):
 
         # Confirms a non-staff user is refused
         self.assertEqual(response.status_code, 302)
-        self.assertTrue(user in hackathon.participants.all())
-        self.assertFalse(user in hackathon.judges.all())
+        self.assertTrue(self.user in hackathon.participants.all())
+        self.assertFalse(self.user in hackathon.judges.all())
 
         # confirms staff can be enrolled as a judge
-        staff_user = CustomUser.objects.get(pk=2)
-        staff_user.is_staff = True
-        staff_user.save()
-        self.client.force_login(staff_user)
+        self.staff_user.is_staff = True
+        self.staff_user.save()
+        self.client.force_login(self.staff_user)
 
         response = self.client.post('/hackathon/enroll/',
-                                    {'hackathon-id': 1,
+                                    {'hackathon-id': self.hackathon.id,
                                      'enrollment-type': 'judge'},
                                     HTTP_X_REQUESTED_WITH='XMLHttpRequest')
 
         self.assertEqual(response.status_code, 302)
-        self.assertTrue(staff_user in hackathon.judges.all())
+        self.assertTrue(self.staff_user in hackathon.judges.all())
 
         # Confirms staff can withdraw
         response = self.client.post('/hackathon/enroll/',
-                                    {'hackathon-id': 1,
+                                    {'hackathon-id': self.hackathon.id,
                                      'enrollment-type': 'judge'},
                                     HTTP_X_REQUESTED_WITH='XMLHttpRequest')
 
         self.assertEqual(response.status_code, 302)
-        self.assertFalse(staff_user in hackathon.judges.all())
+        self.assertFalse(self.staff_user in hackathon.judges.all())
+
+    def test_has_access_to_right_hackathons(self):
+        hackathon = Hackathon.objects.create(
+            created_by=self.user,
+            status='published',
+            display_name="hacktest",
+            description="lorem ipsum",
+            start_date=f'{timezone.now()}',
+            end_date=f'{timezone.now()}',
+            organisation=self.partner_org,
+            is_public=False)
+        
+        self.client.force_login(self.user)
+        response = self.client.get(reverse('hackathon:view_hackathon', kwargs={'hackathon_id': hackathon.id}))
+        self.assertEquals(response.status_code, 302)
+        
+        self.client.force_login(self.partner_user)
+        response = self.client.get(reverse('hackathon:view_hackathon', kwargs={'hackathon_id': hackathon.id}))
+        self.assertEquals(response.status_code, 200)
+
+        self.client.force_login(self.staff_user)
+        response = self.client.get(reverse('hackathon:view_hackathon', kwargs={'hackathon_id': hackathon.id}))
+        self.assertEquals(response.status_code, 200)
+
+        self.client.force_login(self.super_user)
+        response = self.client.get(reverse('hackathon:view_hackathon', kwargs={'hackathon_id': hackathon.id}))
+        self.assertEquals(response.status_code, 200)
+
+        hackathon.is_public = True
+        hackathon.save()
+
+        self.client.force_login(self.user)
+        response = self.client.get(reverse('hackathon:view_hackathon', kwargs={'hackathon_id': hackathon.id}))
+        self.assertEquals(response.status_code, 200)
+
+        hackathon.is_public = False
+        hackathon.save()
+        self.user.organisation = self.partner_org
+        self.user.save()
+
+        self.client.force_login(self.user)
+        response = self.client.get(reverse('hackathon:view_hackathon', kwargs={'hackathon_id': hackathon.id}))
+        self.assertEquals(response.status_code, 200)
+    
+    def test_partner_enroll(self):
+        hackathon = Hackathon.objects.create(
+            created_by=self.user,
+            status='published',
+            display_name="hacktest",
+            description="lorem ipsum",
+            start_date=f'{timezone.now()}',
+            end_date=f'{timezone.now()}',
+            organisation=self.partner_org,
+            is_public=False)
+        
+        self.client.force_login(self.user)
+        self.client.post('/hackathon/enroll/',
+                         {'hackathon-id': hackathon.id},
+                         HTTP_X_REQUESTED_WITH='XMLHttpRequest')
+        self.assertTrue(self.user not in hackathon.participants.all())
+
+        self.client.force_login(self.staff_user)
+        self.client.post('/hackathon/enroll/',
+                         {'hackathon-id': hackathon.id, 'enrollment-type': 'judge'},
+                         HTTP_X_REQUESTED_WITH='XMLHttpRequest')
+        self.assertTrue(self.staff_user in hackathon.judges.all())
+
+        self.client.force_login(self.super_user)
+        self.client.post('/hackathon/enroll/',
+                         {'hackathon-id': hackathon.id, 'enrollment-type': 'judge'},
+                         HTTP_X_REQUESTED_WITH='XMLHttpRequest')
+        self.assertTrue(self.super_user in hackathon.judges.all())
+
+        hackathon.is_public = True
+        hackathon.save()
+
+        self.client.force_login(self.user)
+        self.client.post('/hackathon/enroll/',
+                         {'hackathon-id': hackathon.id},
+                         HTTP_X_REQUESTED_WITH='XMLHttpRequest')
+        self.assertTrue(self.user in hackathon.participants.all())
+
+        hackathon.is_public = False
+        hackathon.save()
+        self.user.organisation = self.partner_org
+        self.user.save()
+
+        # Check if it can also be removed
+        self.client.force_login(self.user)
+        self.client.post('/hackathon/enroll/',
+                         {'hackathon-id': hackathon.id},
+                         HTTP_X_REQUESTED_WITH='XMLHttpRequest')
+        self.assertTrue(self.super_user not in hackathon.participants.all())
+
+    def test_list_partner_hackathons(self):
+        hackathon = Hackathon.objects.create(
+            created_by=self.user,
+            status='published',
+            display_name="hacktest",
+            description="lorem ipsum",
+            start_date=f'{timezone.now()}',
+            end_date=f'{timezone.now()}',
+            organisation=self.partner_org,
+            is_public=False)
+
+        # if this is more than 5, the response results will have to be paginated
+        # because they are capped at 5
+        num_hackathons = Hackathon.objects.count()
+
+        self.client.force_login(self.user)
+        self.assertTrue(num_hackathons <= 5)
+        response = self.client.get(reverse('hackathon:hackathon-list'))
+        hackathons = [hackathon.id for hackathon in response.context['hackathons']]
+        self.assertTrue(hackathon.id not in hackathons)
+
+        self.client.force_login(self.staff_user)
+        response = self.client.get(reverse('hackathon:hackathon-list'))
+        hackathons = [hackathon.id for hackathon in response.context['hackathons']]
+        self.assertTrue(hackathon.id in hackathons)
+
+        self.client.force_login(self.super_user)
+        response = self.client.get(reverse('hackathon:hackathon-list'))
+        hackathons = [hackathon.id for hackathon in response.context['hackathons']]
+        self.assertTrue(hackathon.id in hackathons)
+
+        hackathon.is_public = True
+        hackathon.save()
+        
+        self.client.force_login(self.user)
+        response = self.client.get(reverse('hackathon:hackathon-list'))
+        hackathons = [hackathon.id for hackathon in response.context['hackathons']]
+        self.assertTrue(hackathon.id in hackathons)
+
+        hackathon.is_public = False
+        hackathon.save()
+        self.user.organisation = self.partner_org
+        self.user.save()
+
+        self.client.force_login(self.user)
+        response = self.client.get(reverse('hackathon:hackathon-list'))
+        hackathons = [hackathon.id for hackathon in response.context['hackathons']]
+        self.assertTrue(hackathon.id in hackathons)