Updated respond invite functionality, fixed submission detail page permission for coapplicant

Author: sandeepsajan0

hypha/apply/funds/models/co_applicants.py

@@ -66,4 +66,4 @@ class Meta:
         unique_together = ("submission", "user")
 
     def __str__(self):
-        return self.user
+        return self.user.get_display_name()

hypha/apply/funds/permissions.py

@@ -188,7 +188,12 @@ def is_user_has_access_to_view_submission(user, submission):
     if submission.is_archive and not can_view_archived_submissions(user):
         return False, "Archived Submission"
 
-    if user.is_apply_staff or submission.user == user or user.is_reviewer:
+    if (
+        user.is_apply_staff
+        or submission.user == user
+        or user.is_reviewer
+        or submission.co_applicants.filter(user=user).exists()
+    ):
         return True, ""
 
     if user.is_partner and submission.partners.filter(pk=user.pk).exists():

hypha/apply/funds/templates/funds/coapplicant_invite_landing_page.html

@@ -19,7 +19,6 @@
             <a
                 class="button button--submit button--primary"
                 type="button"
-                href="{% url 'apply:submissions:invite_co_applicant' pk=submission.id %}"
                 hx-post="."
                 hx-vals='{"action": "accept"}'
                 hx-trigger="click"

hypha/apply/funds/templates/funds/includes/generic_primary_actions.html

@@ -43,7 +43,7 @@ <h5>{% trans "Manage Co-applicants" %}</h5>
             class="button button--primary button--full-width button--bottom-space"
             hx-get="{% url 'apply:submissions:invite_co_applicant' pk=object.id %}"
             hx-target="#htmx-modal"
-            {% if object.co_applicant_invites.count >= 10 %}disabled{% endif %}
+            {% if object.co_applicant_invites.count >= 100 %}disabled{% endif %}
             role="button"
             aria-label="{% trans "Invite CoApplicant" %}"
         >{% trans "Invite Co-applicant" %}</button>

hypha/apply/funds/views/co_applicants.py

@@ -1,8 +1,11 @@
 import datetime
 import json
 
+from django.conf import settings
 from django.contrib import messages
+from django.contrib.auth import login
 from django.contrib.auth.decorators import login_required
+from django.contrib.auth.models import Group
 from django.http import Http404, HttpResponse, HttpResponseRedirect
 from django.shortcuts import get_object_or_404, render
 from django.urls import reverse_lazy
@@ -12,10 +15,12 @@
 from django_htmx.http import HttpResponseClientRedirect
 
 from hypha.apply.activity.messaging import MESSAGES, messenger
+from hypha.apply.users.models import User
+from hypha.apply.users.roles import APPLICANT_GROUP_NAME
 
 from ..forms import InviteCoApplicantForm
-from ..models import ApplicationSubmission, CoApplicantInvite
-from ..models.co_applicants import CoApplicantInviteStatus
+from ..models import ApplicationSubmission, CoApplicant, CoApplicantInvite
+from ..models.co_applicants import READ_ONLY, CoApplicantInviteStatus
 from ..permissions import has_permission
 from ..utils import verify_signed_token
 
@@ -107,6 +112,9 @@ def dispatch(self, request, *args, **kwargs):
         raise Http404("Invalid: Invite not found")
 
     def get(self, *args, **kwargs):
+        user = User.objects.filter(email=self.invite.invited_user_email).first()
+        if user and (user.is_apply_staff or user.is_apply_staff_admin):
+            return HttpResponseRedirect(reverse_lazy("dashboard:dashboard"))
         return render(
             self.request,
             "funds/coapplicant_invite_landing_page.html",
@@ -122,6 +130,25 @@ def post(self, args, **kwargs):
             self.invite.save(update_fields=["status", "responded_on"])
 
             # handle auto login/signup
+            user, created = User.objects.get_or_create(
+                email=self.invite.invited_user_email, is_active=True
+            )
+            if created:
+                applicant_group = Group.objects.get(name=APPLICANT_GROUP_NAME)
+                user.groups.add(applicant_group)
+                user.set_unusable_password()
+                user.save()
+
+            # create Co-applicant and add to submission
+            co_applicant, created = CoApplicant.objects.get_or_create(
+                invite=self.invite,
+                submission=self.invite.submission,
+                user=user,
+                role=[READ_ONLY],
+            )
+
+            user.backend = settings.CUSTOM_AUTH_BACKEND
+            login(self.request, user)
 
             return HttpResponseClientRedirect(
                 reverse_lazy(

hypha/apply/funds/views/submission_detail.py

@@ -193,8 +193,11 @@ def dispatch(self, request, *args, **kwargs):
         permission, _ = has_permission(
             "submission_view", request.user, object=submission, raise_exception=True
         )
-        # This view is only for applicants.
-        if submission.user != request.user:
+        # This view is only for applicants and co-applicants.
+        if (
+            submission.user != request.user
+            and not submission.co_applicants.filter(user=request.user).exists()
+        ):
             raise PermissionDenied
         return super().dispatch(request, *args, **kwargs)