Use Passward reset token generator, add auto login and signup feature on accept, Updated permissions and dashboard for co-applicants, Update listing and modals UI

Author: sandeepsajan0

hypha/apply/activity/adapters/emails.py

@@ -6,7 +6,6 @@
 from django.conf import settings
 from django.contrib.auth import get_user_model
 from django.template.loader import render_to_string
-from django.urls import reverse
 from django.utils.translation import gettext as _
 
 from hypha.apply.activity import tasks
@@ -169,26 +168,14 @@ def handle_transition(self, old_phase, source, **kwargs):
             )
 
     def handle_co_applicant_invite(self, source, related, **kwargs):
-        from hypha.apply.funds.utils import generate_signed_token
+        from hypha.apply.funds.utils import generate_invite_path
 
         invited_user = User.objects.filter(email=related.invited_user_email).first()
         can_accept = True
-        if invited_user and (
-            invited_user.is_apply_staff or invited_user.is_apply_staff_admin
-        ):
+        if invited_user and (invited_user.is_org_faculty):
             can_accept = False
 
-        token = generate_signed_token(
-            data={
-                "email": related.invited_user_email,
-                "submission": related.submission.pk,
-            },
-            salt="co-applicant-invite-token",
-        )
-        accept_link = reverse(
-            "apply:submissions:accept_coapplicant_invite",
-            kwargs={"pk": source.id, "token": token},
-        )
+        accept_link = generate_invite_path(invite=related)
         return self.render_message(
             "messages/email/invite_co_applicant.html",
             source=source,

hypha/apply/activity/templates/messages/email/invite_co_applicant.html

@@ -1,11 +1,12 @@
-{% extends "messages/email/applicant_base.html" %}
-
+{% extends "messages/email/base.html" %}
 {% load i18n %}
+{% block salutation %}{% blocktrans with name=related.invited_user_email|email_name %}Dear {{ name }},{% endblocktrans %}{% endblock %}
+
 {% block content %}{# fmt:off #}
 {% blocktrans %}You have been invited as a co-applicant to an application on {{ ORG_SHORT_NAME }} by {{ user }}.{% endblocktrans %}
 {% if not can_accept %}
 {% trans "But You can't accept this invite because you already hold a responsible position in" %} {{ ORG_SHORT_NAME }}
 {% endif %}
-{% blocktrans %} Click on link if you want to accept it, otherwise leave it.{% endblocktrans %}
+{% blocktrans %} Click on link if you want to accept it.{% endblocktrans %}
 {% trans "Link" %}: {{ request.scheme }}://{{ request.get_host }}{{ accept_link }}
 {% endblock %}{# fmt:on #}

hypha/apply/activity/templatetags/activity_tags.py

@@ -180,3 +180,10 @@ def source_type(value) -> str:
 def lowerfirst(value):
     """Lowercase the first character of the value."""
     return value and value[0].lower() + value[1:]
+
+
+@register.filter
+def email_name(email):
+    if isinstance(email, str) and "@" in email:
+        return email.split("@")[0]
+    return email

hypha/apply/dashboard/views.py

@@ -1,4 +1,5 @@
 from django.conf import settings
+from django.db.models import Q
 from django.http import HttpResponseForbidden, HttpResponseRedirect
 from django.shortcuts import render
 from django.urls import reverse, reverse_lazy
@@ -462,7 +463,7 @@ class ApplicantDashboardView(TemplateView):
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
         context["my_submissions_exists"] = ApplicationSubmission.objects.filter(
-            user=self.request.user
+            Q(user=self.request.user) | Q(co_applicants__user=self.request.user)
         ).exists()
 
         # Number of items to show in skeleton in each section of lazy loading

hypha/apply/dashboard/views_partials.py

@@ -1,6 +1,6 @@
 from django.contrib.auth.decorators import login_required
 from django.core.paginator import Paginator
-from django.db.models import Case, When
+from django.db.models import Case, Q, When
 from django.shortcuts import render
 from django.views.decorators.http import require_GET
 
@@ -12,13 +12,14 @@
 def my_active_submissions(user):
     active_subs = (
         ApplicationSubmission.objects.filter(
-            user=user,
+            Q(user=user) | Q(co_applicants__user=user),
         )
         .annotate(
             is_active=Case(When(status__in=active_statuses, then=True), default=False)
         )
         .select_related("draft_revision")
         .order_by("-is_active", "-submit_time")
+        .distinct()
     )
     for submission in active_subs:
         yield submission.from_draft()

hypha/apply/funds/forms.py

@@ -16,10 +16,12 @@
 from .models import (
     ApplicationSubmission,
     AssignedReviewers,
+    CoApplicant,
     CoApplicantInvite,
     Reminder,
     ReviewerRole,
 )
+from .models.co_applicants import COAPPLICANT_ROLE_CHOICES
 from .permissions import can_change_external_reviewers
 from .utils import model_form_initial, render_icon
 from .widgets import MetaTermWidget, MultiCheckboxesWidget
@@ -477,3 +479,16 @@ def __init__(self, *args, submission, user=None, **kwargs):
     class Meta:
         model = CoApplicantInvite
         fields = ["invited_user_email", "submission"]
+
+
+class EditCoApplicantForm(forms.ModelForm):
+    role = forms.ChoiceField(
+        choices=COAPPLICANT_ROLE_CHOICES, label="Role", required=False
+    )
+
+    def __int__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+
+    class Meta:
+        model = CoApplicant
+        fields = ("role",)

hypha/apply/funds/migrations/0126_alter_coapplicant_role.py

@@ -0,0 +1,24 @@
+# Generated by Django 4.2.20 on 2025-05-07 12:57
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("funds", "0125_remove_coapplicant_accepted_on_and_more"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="coapplicant",
+            name="role",
+            field=models.CharField(
+                choices=[
+                    ("read_only", "Read Only"),
+                    ("comment", "Comment"),
+                    ("full_access", "Full Access"),
+                ],
+                default="read_only",
+            ),
+        ),
+    ]

hypha/apply/funds/models/co_applicants.py

@@ -1,9 +1,17 @@
 from django.db import models
+from django.utils.translation import gettext_lazy as _
 
 from hypha.apply.users.models import User
 
 READ_ONLY = "read_only"
 COMMENT = "comment"
+FULL_ACCESS = "full_access"
+
+COAPPLICANT_ROLE_CHOICES = (
+    (READ_ONLY, _("Read Only")),
+    (COMMENT, _("Comment")),
+    (FULL_ACCESS, _("Full Access")),
+)
 
 COAPPLICANT_ROLE_PERM = {
     READ_ONLY: "can_view",
@@ -59,7 +67,7 @@ class CoApplicant(models.Model):
     invite = models.OneToOneField(
         CoApplicantInvite, on_delete=models.CASCADE, related_name="co_applicant"
     )
-    role = models.JSONField(default=list)
+    role = models.CharField(choices=COAPPLICANT_ROLE_CHOICES, default=READ_ONLY)
     created_at = models.DateTimeField(auto_now_add=True, null=True)
 
     class Meta:

hypha/apply/funds/permissions.py

@@ -2,6 +2,7 @@
 from django.core.exceptions import PermissionDenied
 from rolepermissions.permissions import register_object_checker
 
+from hypha.apply.funds.models.co_applicants import COMMENT, READ_ONLY, CoApplicant
 from hypha.apply.funds.models.submissions import DRAFT_STATE
 
 from ..users.roles import STAFF_GROUP_NAME, SUPERADMIN, TEAMADMIN_GROUP_NAME, StaffAdmin
@@ -24,7 +25,17 @@ def can_edit_submission(user, submission):
     if submission.is_archive:
         return False, "Archived Submission"
 
-    return True, ""
+    if submission.phase.permissions.can_edit(user):
+        co_applicant = submission.co_applicants.filter(user=user).first()
+        if co_applicant:
+            if co_applicant.role not in [READ_ONLY, COMMENT]:
+                return (
+                    True,
+                    "Co-applicant with read only or comment access can't edit submission",
+                )
+            return False, ""
+        return True, "User can edit in current phase"
+    return False, ""
 
 
 @register_object_checker()
@@ -220,10 +231,37 @@ def can_invite_co_applicants(user, submission):
     return False, "Forbidden Error"
 
 
+def can_view_co_applicants(user, submission):
+    if user.is_applicant and user == submission.user:
+        return True, "Submission user can access their submission's co-applicants"
+    if user.is_apply_staff:
+        return True, "Staff can access each submissions' co-applicants"
+    return False, "Forbidden Error"
+
+
+def can_update_co_applicant(user, invite):
+    if invite.invited_by == user:
+        return True, "Same user who invited can delete the co-applicant"
+    if invite.submission.user == user:
+        return True, "Submission owner can delete the co-applicant"
+    if user.is_apply_staff:
+        return True, "Staff can delete any co-applicant of any submission"
+    return False, "Forbidden Error"
+
+
+def user_can_view_post_comment_form(user, submission):
+    co_applicant = CoApplicant.objects.filter(user=user, submission=submission).first()
+    if co_applicant and co_applicant.role == READ_ONLY:
+        return False
+    return True
+
+
 permissions_map = {
     "submission_view": is_user_has_access_to_view_submission,
     "submission_edit": can_edit_submission,
     "can_view_submission_screening": can_view_submission_screening,
     "archive_alter": can_alter_archived_submissions,
     "co_applicant_invite": can_invite_co_applicants,
+    "co_applicants_view": can_view_co_applicants,
+    "co_applicants_update": can_update_co_applicant,
 }

hypha/apply/funds/templates/funds/applicationsubmission_detail.html

@@ -1,5 +1,5 @@
 {% extends "base-apply.html" %}
-{% load i18n static workflow_tags wagtailcore_tags statusbar_tags archive_tags submission_tags translate_tags %}
+{% load i18n static workflow_tags wagtailcore_tags statusbar_tags archive_tags submission_tags translate_tags primaryactions_tags %}
 {% load heroicons %}
 {% load can from permission_tags %}
 
@@ -177,6 +177,13 @@ <h5>{% blocktrans with stage=object.previous.stage %}Your {{ stage }} applicatio
                 {% block reminders %}
                 {% endblock %}
 
+                {% display_coapplicant_section user object as coapplicant_section %}
+                {% if coapplicant_section %}
+                    {% block co_applicant %}
+                        <div hx-trigger="revealed, coApplicantUpdated from:body" hx-get="{% url 'funds:submissions:partial_coapplicant_invites' object.id %}"></div>
+                    {% endblock %}
+                {% endif %}
+
                 {% block related %}
                     {% if other_submissions or object.previous or object.next %}
                         <div class="sidebar__inner">