Skip to content

Commit fbf5411

Browse files
committed
Fix bugs in fund permissions.
1 parent 20bffb1 commit fbf5411

1 file changed

Lines changed: 15 additions & 13 deletions

File tree

hypha/apply/funds/permissions.py

Lines changed: 15 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -55,10 +55,12 @@ def view_comments(role, user, submission) -> bool:
5555
if role == StaffAdmin:
5656
return True
5757

58-
if is_user_has_access_to_view_submission(user, submission):
58+
submission_view, _ = can_view_submission(user, submission)
59+
if submission_view:
5960
return True
6061

61-
if submission.project and can_access_project(user, submission.project):
62+
project = getattr(submission, "project", None)
63+
if project and can_access_project(user, project):
6264
return True
6365

6466
return False
@@ -156,10 +158,8 @@ def can_alter_archived_submissions(user, submission=None) -> (bool, str):
156158

157159

158160
def can_bulk_archive_submissions(user) -> bool:
159-
if can_alter_archived_submissions(user) and can_bulk_delete_submissions(user):
160-
return True
161-
162-
return False
161+
can_alter, _ = can_alter_archived_submissions(user)
162+
return can_alter and can_bulk_delete_submissions(user)
163163

164164

165165
def can_change_external_reviewers(user, submission) -> bool:
@@ -202,7 +202,7 @@ def can_export_submissions(user) -> bool:
202202
return False
203203

204204

205-
def is_user_has_access_to_view_submission(user, submission):
205+
def can_view_submission(user, submission):
206206
if not user.is_authenticated:
207207
return False, "Login Required"
208208

@@ -227,7 +227,7 @@ def is_user_has_access_to_view_submission(user, submission):
227227

228228

229229
def can_view_submission_screening(user, submission):
230-
submission_view, _ = is_user_has_access_to_view_submission(user, submission)
230+
submission_view, _ = can_view_submission(user, submission)
231231
if not submission_view:
232232
return False, "No access to view submission"
233233
if submission.user == user:
@@ -238,10 +238,11 @@ def can_view_submission_screening(user, submission):
238238
def can_invite_co_applicants(user, submission):
239239
if submission.is_archive:
240240
return False, "Co-applicant can't be added to archived submission"
241-
if hasattr(submission, "project"):
241+
project = getattr(submission, "project", None)
242+
if project:
242243
from hypha.apply.projects.models.project import COMPLETE
243244

244-
if submission.project.status == COMPLETE:
245+
if project.status == COMPLETE:
245246
return False, "Co-applicants can't be invited to completed projects"
246247
if (
247248
submission.co_applicant_invites.all().count()
@@ -266,10 +267,11 @@ def can_view_co_applicants(user, submission):
266267
def can_update_co_applicant(user, invite):
267268
if invite.submission.is_archive:
268269
return False, "Co-applicant can't be updated to archived submission"
269-
if hasattr(invite.submission, "project"):
270+
project = getattr(invite.submission, "project", None)
271+
if project:
270272
from hypha.apply.projects.models.project import COMPLETE
271273

272-
if invite.submission.project.status == COMPLETE:
274+
if project.status == COMPLETE:
273275
return False, "Co-applicants can't be updated to completed projects"
274276
if invite.invited_by == user:
275277
return True, "Same user who invited can delete the co-applicant"
@@ -288,7 +290,7 @@ def user_can_view_post_comment_form(user, submission):
288290

289291

290292
permissions_map = {
291-
"submission_view": is_user_has_access_to_view_submission,
293+
"submission_view": can_view_submission,
292294
"submission_edit": can_edit_submission,
293295
"submission_action": can_take_submission_actions,
294296
"can_view_submission_screening": can_view_submission_screening,

0 commit comments

Comments
 (0)