Require users to have nottinghamtec.co.uk address before allowing them to send messages to clients

2026-01-17 21:42:14 +00:00 · 2017-05-10 15:39:13 +01:00
parent 6b05938953
commit 286e4314f5
4 changed files with 47 additions and 3 deletions
--- a/PyRIGS/decorators.py
+++ b/PyRIGS/decorators.py
@@ -79,3 +79,17 @@ def api_key_required(function):
            return error_resp
        return function(request, *args, **kwargs)
    return wrap
+
+
+def nottinghamtec_address_required(function):
+    """
+    Checks that the current user has an email address ending @nottinghamtec.co.uk
+    """
+    def wrap(request, *args, **kwargs):
+        # Fail if current user's email address isn't @nottinghamtec.co.uk
+        if not request.user.email.endswith('@nottinghamtec.co.uk'):
+            error_resp = render_to_response('RIGS/eventauthorisation_request_error.html', context_instance=RequestContext(request))
+            return error_resp
+
+        return function(request, *args, **kwargs)
+    return wrap
--- a/RIGS/rigboard.py
+++ b/RIGS/rigboard.py
@@ -16,12 +16,14 @@ from django.http import HttpResponse
 from django.core.exceptions import SuspiciousOperation
 from django.db.models import Q
 from django.contrib import messages
+from django.utils.decorators import method_decorator
 from z3c.rml import rml2pdf
 from PyPDF2 import PdfFileMerger, PdfFileReader
 import simplejson
 import premailer

 from RIGS import models, forms
+from PyRIGS import decorators
 import datetime
 import re
 import copy
@@ -289,12 +291,15 @@ class EventAuthorise(generic.UpdateView):
                "This URL is invalid. Please ask your TEC contact for a new URL")
        return super(EventAuthorise, self).dispatch(request, *args, **kwargs)

-
 class EventAuthorisationRequest(generic.FormView, generic.detail.SingleObjectMixin):
    model = models.Event
    form_class = forms.EventAuthorisationRequestForm
    template_name = 'RIGS/eventauthorisation_request.html'

+    @method_decorator(decorators.nottinghamtec_address_required)
+    def dispatch(self, *args, **kwargs):
+        return super(EventAuthorisationRequest, self).dispatch(*args, **kwargs)
+
    @property
    def object(self):
        return self.get_object()
@@ -334,7 +339,7 @@ class EventAuthorisationRequest(generic.FormView, generic.detail.SingleObjectMix
            "N%05d | %s - Event Authorisation Request" % (self.object.pk, self.object.name),
            get_template("RIGS/eventauthorisation_client_request.txt").render(context),
            to=[email],
-            reply_to=[settings.AUTHORISATION_NOTIFICATION_ADDRESS],
+            reply_to=[self.request.user.email],
        )
        css = staticfiles_storage.path('css/email.css')
        html = premailer.Premailer(get_template("RIGS/eventauthorisation_client_request.html").render(context),
--- a/RIGS/templates/RIGS/eventauthorisation_request_error.html
+++ b/RIGS/templates/RIGS/eventauthorisation_request_error.html
@@ -0,0 +1,15 @@
+{% extends request.is_ajax|yesno:'base_ajax.html,base.html' %}
+{% load widget_tweaks %}
+
+{% block title %}NottinghamTEC Email Address Required{% endblock %}
+
+{% block content %}
+    <div class="row">
+        <div class="col-sm-12">
+            <div class="alert alert-warning">
+                <h1>An error occured.</h1>
+                <p>Your RIGS account must have an @nottinghamtec.co.uk email address before you can send emails to clients.</p>
+            </div>
+        </div>
+    </div>
+{% endblock %}
--- a/RIGS/test_functional.py
+++ b/RIGS/test_functional.py
@@ -1054,7 +1054,7 @@ class TECEventAuthorisationTest(TestCase):
            first_name='Test',
            last_name='TEC User',
            username='eventauthtest',
-            email='teccie@functional.test',
+            email='teccie@nottinghamtec.co.uk',
            is_superuser=True  # lazily grant all permissions
        )[0]
        cls.profile.set_password('eventauthtest123')
@@ -1073,6 +1073,16 @@ class TECEventAuthorisationTest(TestCase):
        )
        self.url = reverse('event_authorise_request', kwargs={'pk': self.event.pk})

+    def test_email_check(self):
+        self.profile.email = 'teccie@someotherdomain.com'
+        self.profile.save()
+
+        self.assertTrue(self.client.login(username=self.profile.username, password='eventauthtest123'))
+        
+        response = self.client.post(self.url)
+
+        self.assertContains(response, 'must have an @nottinghamtec.co.uk email address')
+
    def test_request_send(self):
        self.assertTrue(self.client.login(username=self.profile.username, password='eventauthtest123'))
        response = self.client.post(self.url)