Change: Only supervisors have edit access to the training database

2026-01-16 21:12:13 +00:00 · 2022-10-24 16:23:18 +01:00
parent 259932a548
commit c71beab278
9 changed files with 23 additions and 21 deletions
--- a/conftest.py
+++ b/conftest.py
@@ -28,6 +28,7 @@ def admin_user(admin_user):
    admin_user.last_name = "Test"
    admin_user.initials = "ETU"
    admin_user.is_approved = True
    admin_user.is_supervisor = True
    admin_user.save()
    return admin_user
--- a/training/decorators.py
+++ b/training/decorators.py
@@ -1,5 +1,5 @@
 from PyRIGS.decorators import user_passes_test_with_403
-def has_perm_or_supervisor(perm, login_url=None, oembed_view=None):
+def is_supervisor(login_url=None, oembed_view=None):
-    return user_passes_test_with_403(lambda u: (hasattr(u, 'is_supervisor') and u.is_supervisor) or u.has_perm(perm), login_url=login_url, oembed_view=oembed_view)
+    return user_passes_test_with_403(lambda u: (hasattr(u, 'is_supervisor') and u.is_supervisor))
--- a/training/models.py
+++ b/training/models.py
@@ -201,7 +201,7 @@ class TrainingItemQualification(models.Model, RevisionMixin):
    @property
    def activity_feed_string(self):
-        return f"{self.trainee} {self.get_depth_display().lower()} {self.get_depth_display()} in {self.item}"
+        return f"{self.trainee} {self.get_depth_display().lower()} in {self.item}"
    @classmethod
    def get_colour_from_depth(cls, depth):
--- a/training/templates/base_training.html
+++ b/training/templates/base_training.html
@@ -30,7 +30,7 @@
        <a class="dropdown-item" href="{% url 'item_list' %}"><span class="fas fa-sitemap"></span> Item List</a>
      </div>
    </li>
-    {% if perms.training.add_trainingitemqualification or request.user.is_supervisor %}
+    {% if request.user.is_supervisor %}
    <li class="nav-item"><a class="nav-link" href="{% url 'session_log' %}"><span class="fas fa-users"></span> Log Session</a></li>
    {% endif %}
    <li class="nav-item"><a class="nav-link" href="{% url 'training_activity_table' %}"><span class="fas fa-random"></span> Recent Changes</a></li>
--- a/training/templates/level_detail.html
+++ b/training/templates/level_detail.html
@@ -44,7 +44,7 @@
 {% endblock %}
 {% block content %}
-{% if request.user.is_supervisor or perms.training.add_traininglevelrequirement %}
+{% if request.user.is_supervisor %}
 <div class="col-sm-12 text-right pr-0">
 <a type="button" class="btn btn-success mb-3" href="{% url 'add_requirement' pk=object.pk %}" id="requirement_button">
 	<span class="fas fa-plus"></span> Add New Requirement
@@ -79,9 +79,9 @@
            {% endfor %}
            <tr><th colspan="3" class="text-center">{{object}}</th></tr>
            <tr>
-              <td><ul class="list-unstyled">{% for req in object.started_requirements %}<li>{{ req.item }} {% user_has_qualification u req.item 0 %} {% if request.user.is_supervisor or perms.training.delete_traininglevelrequirement %}<a type="button" class="btn btn-link tn-sm p-0 align-baseline" href="{% url 'remove_requirement' pk=req.pk %}"><span class="fas fa-trash-alt text-danger"></span></a>{%endif%}</li>{% endfor %}</ul></td>
+              <td><ul class="list-unstyled">{% for req in object.started_requirements %}<li>{{ req.item }} {% user_has_qualification u req.item 0 %} {% if request.user.is_supervisor %}<a type="button" class="btn btn-link tn-sm p-0 align-baseline" href="{% url 'remove_requirement' pk=req.pk %}"><span class="fas fa-trash-alt text-danger"></span></a>{%endif%}</li>{% endfor %}</ul></td>
-              <td><ul class="list-unstyled">{% for req in object.complete_requirements %}<li>{{ req.item }} {% user_has_qualification u req.item 1 %} {% if request.user.is_supervisor or perms.training.delete_traininglevelrequirement %}<a type="button" class="btn btn-link tn-sm p-0 align-baseline" href="{% url 'remove_requirement' pk=req.pk %}"><span class="fas fa-trash-alt text-danger"></span></a>{%endif%}</li>{% endfor %}</ul></td>
+              <td><ul class="list-unstyled">{% for req in object.complete_requirements %}<li>{{ req.item }} {% user_has_qualification u req.item 1 %} {% if request.user.is_supervisor %}<a type="button" class="btn btn-link tn-sm p-0 align-baseline" href="{% url 'remove_requirement' pk=req.pk %}"><span class="fas fa-trash-alt text-danger"></span></a>{%endif%}</li>{% endfor %}</ul></td>
-              <td><ul class="list-unstyled">{% for req in object.passed_out_requirements %}<li>{{ req.item }} {% user_has_qualification u req.item 2 %} {% if request.user.is_supervisor or perms.training.delete_traininglevelrequirement %}<a type="button" class="btn btn-link tn-sm p-0 align-baseline"" href="{% url 'remove_requirement' pk=req.pk %}" title="Delete requirement"><span class="fas fa-trash-alt text-danger"></span></a>{%endif%}</li>{% endfor %}</ul></td>
+              <td><ul class="list-unstyled">{% for req in object.passed_out_requirements %}<li>{{ req.item }} {% user_has_qualification u req.item 2 %} {% if request.user.is_supervisor %}<a type="button" class="btn btn-link tn-sm p-0 align-baseline"" href="{% url 'remove_requirement' pk=req.pk %}" title="Delete requirement"><span class="fas fa-trash-alt text-danger"></span></a>{%endif%}</li>{% endfor %}</ul></td>
            </tr>
          </tbody>
        </table>
--- a/training/templates/partials/add_qualification.html
+++ b/training/templates/partials/add_qualification.html
@@ -1,4 +1,4 @@
-{% if request.user.is_supervisor or perms.training.add_trainingitemqualification %}
+{% if request.user.is_supervisor %}
 <a type="button" class="btn btn-success" href="{% url 'add_qualification' object.pk %}" id="add_record">
    <span class="fas fa-plus"></span> Add New Training Record
 </a>
--- a/training/templates/trainee_item_list.html
+++ b/training/templates/trainee_item_list.html
@@ -54,7 +54,7 @@
                        <th>Date</th>
                        <th>Supervisor</th>
                        <th>Notes</th>
-                        {% if request.user.is_supervisor or perms.training.change_trainingitemqualification %}
+                        {% if request.user.is_supervisor %}
                        <th></th>
                        {% endif %}
                    </tr>
@@ -67,7 +67,7 @@
                        <td>{{ object.date }}</td>
                        <td><a href="{{ object.supervisor.get_absolute_url}}">{{ object.supervisor }}</a></td>
                        <td>{{ object.notes }}</td>
-                        {% if request.user.is_supervisor or perms.training.change_trainingitemqualification %}
+                        {% if request.user.is_supervisor %}
                        <td>{% button 'edit' 'edit_qualification' object.pk id="edit" %}</td>
                        {% endif %}
                    </tr>
--- a/training/tests/test_unit.py
+++ b/training/tests/test_unit.py
@@ -16,7 +16,7 @@ def test_add_qualification(admin_client, trainee, admin_user, training_item):
    response = admin_client.post(url, {'date': date, 'trainee': trainee.pk, 'supervisor': trainee.pk, 'item': training_item.pk})
    assertFormError(response, 'form', 'date', 'Qualification date may not be in the future')
    assertFormError(response, 'form', 'supervisor', 'One may not supervise oneself...')
-    response = admin_client.post(url, {'date': date, 'trainee': trainee.pk, 'supervisor': admin_user.pk, 'item': training_item.pk})
+    response = admin_client.post(url, {'date': date, 'trainee': admin_user.pk, 'supervisor': trainee.pk, 'item': training_item.pk})
    print(response.content)
    assertFormError(response, 'form', 'supervisor', 'Selected supervisor must actually *be* a supervisor...')
--- a/training/urls.py
+++ b/training/urls.py
@@ -1,7 +1,8 @@
 from django.urls import path
 from django.contrib.auth.decorators import login_required
-from training.decorators import has_perm_or_supervisor
+from training.decorators import is_supervisor
 from PyRIGS.decorators import permission_required_with_403
 from training import views, models
 from versioning.views import VersionHistory
@@ -12,22 +13,22 @@ urlpatterns = [
    path('trainee/list/', login_required(views.TraineeList.as_view()), name='trainee_list'),
    path('trainee/<int:pk>/',
-         has_perm_or_supervisor('RIGS.view_profile')(views.TraineeDetail.as_view()),
+         permission_required_with_403('RIGS.view_profile')(views.TraineeDetail.as_view()),
         name='trainee_detail'),
-    path('trainee/<int:pk>/history', has_perm_or_supervisor('RIGS.view_profile')(VersionHistory.as_view()), name='trainee_history', kwargs={'model': models.Trainee, 'app': 'training'}),  # Not picked up automatically because proxy model (I think)
+    path('trainee/<int:pk>/history', permission_required_with_403('RIGS.view_profile')(VersionHistory.as_view()), name='trainee_history', kwargs={'model': models.Trainee, 'app': 'training'}),  # Not picked up automatically because proxy model (I think)
-    path('trainee/<int:pk>/add_qualification/', has_perm_or_supervisor('training.add_trainingitemqualification')(views.AddQualification.as_view()),
+    path('trainee/<int:pk>/add_qualification/', is_supervisor()(views.AddQualification.as_view()),
         name='add_qualification'),
-    path('trainee/edit_qualification/<int:pk>/', has_perm_or_supervisor('training.change_trainingitemqualification')(views.EditQualification.as_view()),
+    path('trainee/edit_qualification/<int:pk>/', is_supervisor()(views.EditQualification.as_view()),
         name='edit_qualification'),
    path('levels/', login_required(views.LevelList.as_view()), name='level_list'),
    path('level/<int:pk>/', login_required(views.LevelDetail.as_view()), name='level_detail'),
    path('level/<int:pk>/user/<int:u>/', login_required(views.LevelDetail.as_view()), name='level_detail'),
-    path('level/<int:pk>/add_requirement/', login_required(views.AddLevelRequirement.as_view()), name='add_requirement'),
+    path('level/<int:pk>/add_requirement/', is_supervisor()(views.AddLevelRequirement.as_view()), name='add_requirement'),
-    path('level/remove_requirement/<int:pk>/', login_required(views.RemoveRequirement.as_view()), name='remove_requirement'),
+    path('level/remove_requirement/<int:pk>/', is_supervisor()(views.RemoveRequirement.as_view()), name='remove_requirement'),
-    path('trainee/<int:pk>/level/<int:level_pk>/confirm', login_required(views.ConfirmLevel.as_view()), name='confirm_level'),
+    path('trainee/<int:pk>/level/<int:level_pk>/confirm', is_supervisor()(views.ConfirmLevel.as_view()), name='confirm_level'),
    path('trainee/<int:pk>/item_record', login_required(views.TraineeItemDetail.as_view()), name='trainee_item_detail'),
-    path('session_log', has_perm_or_supervisor('training.add_trainingitemqualification')(views.SessionLog.as_view()), name='session_log'),
+    path('session_log', is_supervisor()(views.SessionLog.as_view()), name='session_log'),
 ]