Skip to content

Commit dbc62f0

Browse files
Separate permissions for submission edit and submission actions (#4560)
There was a recent update to submission_edit permission for co-applicants that are breaking things for actions like Update status, Lead Update, etc. This PR added a separate permission submission_action with same permissions, excluding workflow edit permission needed only for submission edit. Now submission edit and actions can have separate permissions, and should be working just fine. ## Test Steps <!-- If step does not require manual testing, skip/remove this section. Give a brief overview of the steps required for a user/dev to test this contribution. Important things to include: - Required user roles for where necessary (ie. "As a Staff Admin...") - Clear & validatable expected results (ie. "Confirm the submit button is now not clickable") - Language that can be understood by non-technical testers if being tested by users --> - [ ] ...
1 parent fe476dd commit dbc62f0

4 files changed

Lines changed: 19 additions & 8 deletions

File tree

hypha/apply/funds/permissions.py

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,16 @@ def has_permission(action, user, object=None, raise_exception=True):
1818
return value, reason
1919

2020

21+
def can_take_submission_actions(user, submission):
22+
if not user.is_authenticated:
23+
return False, "Login Required"
24+
25+
if submission.is_archive:
26+
return False, "Archived Submission"
27+
28+
return True, ""
29+
30+
2131
def can_edit_submission(user, submission):
2232
if not user.is_authenticated:
2333
return False, "Login Required"
@@ -266,6 +276,7 @@ def user_can_view_post_comment_form(user, submission):
266276
permissions_map = {
267277
"submission_view": is_user_has_access_to_view_submission,
268278
"submission_edit": can_edit_submission,
279+
"submission_action": can_take_submission_actions,
269280
"can_view_submission_screening": can_view_submission_screening,
270281
"archive_alter": can_alter_archived_submissions,
271282
"co_applicant_invite": can_invite_co_applicants,

hypha/apply/funds/views/partials.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -476,7 +476,7 @@ def partial_screening_card(request, pk):
476476
"can_view_submission_screening", request.user, submission, raise_exception=False
477477
)
478478
can_edit, _ = has_permission(
479-
"submission_edit", request.user, submission, raise_exception=False
479+
"submission_action", request.user, submission, raise_exception=False
480480
)
481481

482482
if not view_permission:

hypha/apply/funds/views/reminders.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@ class ReminderCreateView(View):
4949
def dispatch(self, request, *args, **kwargs):
5050
self.submission = get_object_or_404(ApplicationSubmission, id=kwargs.get("pk"))
5151
permission, reason = has_permission(
52-
"submission_edit",
52+
"submission_action",
5353
request.user,
5454
object=self.submission,
5555
raise_exception=False,

hypha/apply/funds/views/submission_edit.py

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -342,7 +342,7 @@ class ProgressSubmissionView(View):
342342
def dispatch(self, request, *args, **kwargs):
343343
self.submission = get_object_or_404(ApplicationSubmission, id=kwargs.get("pk"))
344344
permission, reason = has_permission(
345-
"submission_edit",
345+
"submission_action",
346346
request.user,
347347
object=self.submission,
348348
raise_exception=False,
@@ -397,7 +397,7 @@ class CreateProjectView(View):
397397
def dispatch(self, request, *args, **kwargs):
398398
self.submission = get_object_or_404(ApplicationSubmission, id=kwargs.get("pk"))
399399
permission, reason = has_permission(
400-
"submission_edit",
400+
"submission_action",
401401
request.user,
402402
object=self.submission,
403403
raise_exception=False,
@@ -516,7 +516,7 @@ class UpdateLeadView(View):
516516
def dispatch(self, request, *args, **kwargs):
517517
self.object = get_object_or_404(ApplicationSubmission, id=kwargs.get("pk"))
518518
permission, reason = has_permission(
519-
"submission_edit", request.user, object=self.object, raise_exception=False
519+
"submission_action", request.user, object=self.object, raise_exception=False
520520
)
521521
if not permission:
522522
messages.warning(self.request, reason)
@@ -571,7 +571,7 @@ class UpdateReviewersView(View):
571571
def dispatch(self, request, *args, **kwargs):
572572
self.submission = get_object_or_404(ApplicationSubmission, id=kwargs.get("pk"))
573573
permission, reason = has_permission(
574-
"submission_edit",
574+
"submission_action",
575575
request.user,
576576
object=self.submission,
577577
raise_exception=False,
@@ -648,7 +648,7 @@ class UpdatePartnersView(View):
648648
def dispatch(self, request, *args, **kwargs):
649649
self.submission = get_object_or_404(ApplicationSubmission, id=kwargs.get("pk"))
650650
permission, reason = has_permission(
651-
"submission_edit",
651+
"submission_action",
652652
request.user,
653653
object=self.submission,
654654
raise_exception=False,
@@ -728,7 +728,7 @@ class UpdateMetaTermsView(View):
728728
def dispatch(self, request, *args, **kwargs):
729729
self.submission = get_object_or_404(ApplicationSubmission, id=kwargs.get("pk"))
730730
permission, reason = has_permission(
731-
"submission_edit",
731+
"submission_action",
732732
request.user,
733733
object=self.submission,
734734
raise_exception=False,

0 commit comments

Comments
 (0)