Add tracking of who sent the link

2026-01-16 21:12:13 +00:00 · 2017-04-11 15:52:38 +01:00
parent e12367bde7
commit 430862b24d
6 changed files with 43 additions and 4 deletions
--- a/RIGS/migrations/0029_eventauthorisation_sent_by.py
+++ b/RIGS/migrations/0029_eventauthorisation_sent_by.py
@@ -0,0 +1,21 @@
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.db import models, migrations
+from django.conf import settings
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('RIGS', '0028_migrate_purchase_order'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='eventauthorisation',
+            name='sent_by',
+            field=models.ForeignKey(default=1, to=settings.AUTH_USER_MODEL),
+            preserve_default=False,
+        ),
+    ]
--- a/RIGS/models.py
+++ b/RIGS/models.py
@@ -513,6 +513,7 @@ class EventAuthorisation(models.Model, RevisionMixin):
    account_code = models.CharField(max_length=50, blank=True, null=True)
    po = models.CharField(max_length=255, blank=True, null=True, verbose_name="purchase order")
    amount = models.DecimalField(max_digits=10, decimal_places=2, verbose_name="authorisation amount")
+    sent_by = models.ForeignKey('RIGS.Profile')


@python_2_unicode_compatible
--- a/RIGS/rigboard.py
+++ b/RIGS/rigboard.py
@@ -272,6 +272,7 @@ class EventAuthorise(generic.UpdateView):
        form = super(EventAuthorise, self).get_form(**kwargs)
        form.instance.event = self.event
        form.instance.email = self.request.email
+        form.instance.sent_by = self.request.sent_by
        return form

    def dispatch(self, request, *args, **kwargs):
@@ -280,7 +281,8 @@ class EventAuthorise(generic.UpdateView):
            data = signing.loads(kwargs.get('hmac'))
            assert int(kwargs.get('pk')) == int(data.get('pk'))
            request.email = data['email']
-        except (signing.BadSignature, AssertionError, KeyError):
+            request.sent_by = models.Profile.objects.get(pk=data['sent_by'])
+        except (signing.BadSignature, AssertionError, KeyError, models.Profile.DoesNotExist):
            raise SuspiciousOperation(
                "This URL is invalid. Please ask your TEC contact for a new URL")
        return super(EventAuthorise, self).dispatch(request, *args, **kwargs)
@@ -314,7 +316,8 @@ class EventAuthorisationRequest(generic.FormView, generic.detail.SingleObjectMix
            'request': self.request,
            'hmac': signing.dumps({
                'pk': self.object.pk,
-                'email': email
+                'email': email,
+                'sent_by': self.request.user.pk,
            }),
        }

--- a/RIGS/templates/RIGS/event_detail.html
+++ b/RIGS/templates/RIGS/event_detail.html
@@ -170,6 +170,9 @@
                                £ {{ object.authorisation.amount|floatformat:"2" }}
                            {% endif %}
                        </dd>
+
+                        <dt>Authorsation request sent by</dt>
+                        <dd>{{ object.authorisation.sent_by }}</dd>
                    {% endif %}
                </dl>
            </div>
--- a/RIGS/templates/RIGS/invoice_detail.html
+++ b/RIGS/templates/RIGS/invoice_detail.html
@@ -110,6 +110,9 @@
                                    £ {{ object.event.authorisation.amount|floatformat:"2" }}
                                {% endif %}
                            </dd>
+
+                            <dt>Authorsation request sent by</dt>
+                            <dd>{{ object.authorisation.sent_by }}</dd>
                        </dl>
                    </div>
                </div>
--- a/RIGS/test_functional.py
+++ b/RIGS/test_functional.py
@@ -952,6 +952,13 @@ class ClientEventAuthorisationTest(TestCase):
    }

    def setUp(self):
+        self.profile = models.Profile.objects.get_or_create(
+            first_name='Test',
+            last_name='TEC User',
+            username='eventauthtest',
+            email='teccie@functional.test',
+            is_superuser=True  # lazily grant all permissions
+        )[0]
        venue = models.Venue.objects.create(name='Authorisation Test Venue')
        client = models.Person.objects.create(name='Authorisation Test Person', email='authorisation@functional.test')
        organisation = models.Organisation.objects.create(name='Authorisation Test Organisation', union_account=False)
@@ -962,7 +969,8 @@ class ClientEventAuthorisationTest(TestCase):
            person=client,
            organisation=organisation,
        )
-        self.hmac = signing.dumps({'pk': self.event.pk, 'email': 'authemail@function.test'})
+        self.hmac = signing.dumps({'pk': self.event.pk, 'email': 'authemail@function.test',
+                                                      'sent_by': self.profile.pk})
        self.url = reverse('event_authorise', kwargs={'pk': self.event.pk, 'hmac': self.hmac})

    def test_requires_valid_hmac(self):
@@ -1015,7 +1023,7 @@ class ClientEventAuthorisationTest(TestCase):

    def test_duplicate_warning(self):
        auth = models.EventAuthorisation.objects.create(event=self.event, name='Test ABC', email='dupe@functional.test',
-                                                        po='ABC12345', amount=self.event.total)
+                                                        po='ABC12345', amount=self.event.total, sent_by=self.profile)
        response = self.client.get(self.url)
        self.assertContains(response, 'This event has already been authorised.')