Add authorisation process for sign ups and allow access to EventDetail for basic users (#399)

* CHANGE: First pass at opening up RIGS #233 Whilst it makes it something of a misnomer, the intent is to make the 'view_event' perm a permission to view event details like client/price. I don't see the point in giving everyone 'view_event' and adding a new 'view_event_detail'...Open to arguments the other way. * CHANGE: New user signups now require admin approval Given that I intend to reveal much more data to new users this seems necessary... * CHORE: Fix CI * FIX: Legacy Profiles are now auto-approved correctly * Add testing of approval mechanism This fixes the other functional tests failing because the user cannot login without being approved. * Superusers bypass approval check This should fix the remainder of the tests * Prevent unapproved users logging in through embeds Test suite doing its job...! * FIX: Require login on events and event embeds again Little too far to the open side there Arona... Whooooooops! * FIX: Use has_oembed decorator for events * FIX: Re-prevent basic seeing reversion This is to prevent financials/client data leaking when changed. Hopefully can show them a filtered version in future. * FIX: Remove mitigation for #264 Someone quietly fixed it, it appears * FEAT: Add admin email notif when an account is activated and awaiting approval No async or time-since shenanigans yet! * FIX: Whoops, undo accidental whitespace change * FEAT: Add a fifteen min cooldown between emails to admins Probably not the right way to go about it...but it does work! TODO: How to handle cooldown-emailing shared mailbox addresses? * FIX: Remove event modal history deadlink for basic users Also removes some links on the RIGS homepage that will deadlink for them * FIX: Wrong perms syntax for history pages * CHORE: Squash migrations * FIX: Use a setting for cooldown * FIX: Minor code improvements
2026-01-27 02:12:18 +00:00 · 2020-02-29 11:34:50 +00:00
parent ae151ed45e
commit 4a4d4a5cf3
19 changed files with 196 additions and 30 deletions
--- a/RIGS/migrations/0036_profile_is_approved.py
+++ b/RIGS/migrations/0036_profile_is_approved.py
@@ -0,0 +1,23 @@
+# Generated by Django 2.0.13 on 2020-01-10 14:52
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('RIGS', '0035_auto_20191124_1319'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='profile',
+            name='is_approved',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='profile',
+            name='last_emailed',
+            field=models.DateTimeField(blank=True, null=True),
+        ),
+    ]
--- a/RIGS/migrations/0037_approve_legacy.py
+++ b/RIGS/migrations/0037_approve_legacy.py
@@ -0,0 +1,19 @@
+# Generated by Django 2.0.13 on 2020-01-11 18:29
+# This migration ensures that legacy Profiles from before approvals were implemented are automatically approved 
+from django.db import migrations
+
+def approve_legacy(apps, schema_editor):
+    Profile = apps.get_model('RIGS', 'Profile')
+    for person in Profile.objects.all():
+        person.is_approved = True
+        person.save()
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('RIGS', '0036_profile_is_approved'),
+    ]
+
+    operations = [
+        migrations.RunPython(approve_legacy)
+    ]