Add authorisation process for sign ups and allow access to EventDetail for basic users (#399)

* CHANGE: First pass at opening up RIGS #233 Whilst it makes it something of a misnomer, the intent is to make the 'view_event' perm a permission to view event details like client/price. I don't see the point in giving everyone 'view_event' and adding a new 'view_event_detail'...Open to arguments the other way. * CHANGE: New user signups now require admin approval Given that I intend to reveal much more data to new users this seems necessary... * CHORE: Fix CI * FIX: Legacy Profiles are now auto-approved correctly * Add testing of approval mechanism This fixes the other functional tests failing because the user cannot login without being approved. * Superusers bypass approval check This should fix the remainder of the tests * Prevent unapproved users logging in through embeds Test suite doing its job...! * FIX: Require login on events and event embeds again Little too far to the open side there Arona... Whooooooops! * FIX: Use has_oembed decorator for events * FIX: Re-prevent basic seeing reversion This is to prevent financials/client data leaking when changed. Hopefully can show them a filtered version in future. * FIX: Remove mitigation for #264 Someone quietly fixed it, it appears * FEAT: Add admin email notif when an account is activated and awaiting approval No async or time-since shenanigans yet! * FIX: Whoops, undo accidental whitespace change * FEAT: Add a fifteen min cooldown between emails to admins Probably not the right way to go about it...but it does work! TODO: How to handle cooldown-emailing shared mailbox addresses? * FIX: Remove event modal history deadlink for basic users Also removes some links on the RIGS homepage that will deadlink for them * FIX: Wrong perms syntax for history pages * CHORE: Squash migrations * FIX: Use a setting for cooldown * FIX: Minor code improvements
2026-01-16 21:12:13 +00:00 · 2020-02-29 11:34:50 +00:00
parent ae151ed45e
commit 4a4d4a5cf3
19 changed files with 196 additions and 30 deletions
--- a/RIGS/forms.py
+++ b/RIGS/forms.py
@@ -2,8 +2,10 @@ from django import forms
 from django.utils import formats
 from django.conf import settings
 from django.core import serializers
+from django.core.mail import EmailMessage, EmailMultiAlternatives
 from django.contrib.auth.forms import UserCreationForm, UserChangeForm, AuthenticationForm, PasswordResetForm
 from registration.forms import RegistrationFormUniqueEmail
+from django.contrib.auth.forms import AuthenticationForm
 from captcha.fields import ReCaptchaField
 import simplejson

@@ -33,8 +35,16 @@ class ProfileRegistrationFormUniqueEmail(RegistrationFormUniqueEmail):
        return self.cleaned_data['initials']


+class CheckApprovedForm(AuthenticationForm):
+    def confirm_login_allowed(self, user):
+        if user.is_approved or user.is_superuser:
+            return AuthenticationForm.confirm_login_allowed(self, user)
+        else:
+            raise forms.ValidationError("Your account hasn't been approved by an administrator yet. Please check back in a few minutes!")
+
+
 # Embedded Login form - remove the autofocus
-class EmbeddedAuthenticationForm(AuthenticationForm):
+class EmbeddedAuthenticationForm(CheckApprovedForm):
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self.fields['username'].widget.attrs.pop('autofocus', None)