Skip to content

Commit 1fd491b

Browse files
frjofrjo
committed
Fix bugs in fund permissions.
1 parent ac5a0d0 commit 1fd491b

1 file changed

Lines changed: 15 additions & 13 deletions

File tree

hypha/apply/funds/permissions.py

Lines changed: 15 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -55,10 +55,12 @@ def view_comments(role, user, submission) -> bool:
5555
if role == StaffAdmin:
5656
return True
5757

58-
if is_user_has_access_to_view_submission(user, submission):
58+
submission_view, _ = can_view_submission(user, submission)
59+
if submission_view:
5960
return True
6061

61-
if submission.project and can_access_project(user, submission.project):
62+
project = getattr(submission, "project", None)
63+
if project and can_access_project(user, project):
6264
return True
6365

6466
return False
@@ -156,10 +158,8 @@ def can_alter_archived_submissions(user, submission=None) -> (bool, str):
156158

157159

158160
def can_bulk_archive_submissions(user) -> bool:
159-
if can_alter_archived_submissions(user) and can_bulk_delete_submissions(user):
160-
return True
161-
162-
return False
161+
can_alter, _ = can_alter_archived_submissions(user)
162+
return can_alter and can_bulk_delete_submissions(user)
163163

164164

165165
def can_change_external_reviewers(user, submission) -> bool:
@@ -202,7 +202,7 @@ def can_export_submissions(user) -> bool:
202202
return False
203203

204204

205-
def is_user_has_access_to_view_submission(user, submission):
205+
def can_view_submission(user, submission):
206206
if not user.is_authenticated:
207207
return False, "Login Required"
208208

@@ -224,7 +224,7 @@ def is_user_has_access_to_view_submission(user, submission):
224224

225225

226226
def can_view_submission_screening(user, submission):
227-
submission_view, _ = is_user_has_access_to_view_submission(user, submission)
227+
submission_view, _ = can_view_submission(user, submission)
228228
if not submission_view:
229229
return False, "No access to view submission"
230230
if submission.user == user:
@@ -235,10 +235,11 @@ def can_view_submission_screening(user, submission):
235235
def can_invite_co_applicants(user, submission):
236236
if submission.is_archive:
237237
return False, "Co-applicant can't be added to archived submission"
238-
if hasattr(submission, "project"):
238+
project = getattr(submission, "project", None)
239+
if project:
239240
from hypha.apply.projects.models.project import COMPLETE
240241

241-
if submission.project.status == COMPLETE:
242+
if project.status == COMPLETE:
242243
return False, "Co-applicants can't be invited to completed projects"
243244
if (
244245
submission.co_applicant_invites.all().count()
@@ -263,10 +264,11 @@ def can_view_co_applicants(user, submission):
263264
def can_update_co_applicant(user, invite):
264265
if invite.submission.is_archive:
265266
return False, "Co-applicant can't be updated to archived submission"
266-
if hasattr(invite.submission, "project"):
267+
project = getattr(invite.submission, "project", None)
268+
if project:
267269
from hypha.apply.projects.models.project import COMPLETE
268270

269-
if invite.submission.project.status == COMPLETE:
271+
if project.status == COMPLETE:
270272
return False, "Co-applicants can't be updated to completed projects"
271273
if invite.invited_by == user:
272274
return True, "Same user who invited can delete the co-applicant"
@@ -285,7 +287,7 @@ def user_can_view_post_comment_form(user, submission):
285287

286288

287289
permissions_map = {
288-
"submission_view": is_user_has_access_to_view_submission,
290+
"submission_view": can_view_submission,
289291
"submission_edit": can_edit_submission,
290292
"submission_action": can_take_submission_actions,
291293
"can_view_submission_screening": can_view_submission_screening,

0 commit comments

Comments
 (0)