fixup! form to store section properties

Author: struan

crowdsourcer/fixtures/session_properties.json

@@ -0,0 +1,24 @@
+[
+{
+  "model": "crowdsourcer.sessionproperties",
+  "pk": 1,
+  "fields": {
+    "marking_session": 1,
+    "stage": 1,
+    "property_type": "text",
+    "name": "first_property",
+    "label": "First Mark Property"
+  }
+},
+{
+  "model": "crowdsourcer.sessionproperties",
+  "pk": 2,
+  "fields": {
+    "marking_session": 1,
+    "stage": 2,
+    "property_type": "text",
+    "name": "ror_property",
+    "label": "Right of Reply Property"
+  }
+}
+]

crowdsourcer/tests/test_session_properties_views.py

@@ -0,0 +1,198 @@
+from django.contrib.auth.models import User
+from django.test import TestCase
+from django.urls import reverse
+
+from crowdsourcer.models import (
+    Marker,
+    MarkingSession,
+    PublicAuthority,
+    ResponseType,
+    SessionProperties,
+    SessionProperty,
+)
+
+
+class BaseTestCase(TestCase):
+    fixtures = [
+        "authorities.json",
+        "basics.json",
+        "users.json",
+        "assignments.json",
+        "session_properties.json",
+    ]
+
+    def setUp(self):
+        u = User.objects.get(username="council")
+        self.client.force_login(u)
+        self.user = u
+
+
+class TestLinkDisplayed(BaseTestCase):
+    fixtures = [
+        "authorities.json",
+        "basics.json",
+        "users.json",
+        "assignments.json",
+    ]
+
+    def test_ror_link_displayed(self):
+        url = reverse("authority_ror_sections", args=("Aberdeenshire Council",))
+        response = self.client.get(url)
+
+        context = response.context
+        self.assertFalse(context["has_properties"])
+
+        SessionProperties.objects.create(
+            marking_session=MarkingSession.objects.get(label="Default"),
+            stage=ResponseType.objects.get(type="Right of Reply"),
+            property_type="text",
+            name="a_property",
+            label="A Property",
+        )
+
+        response = self.client.get(url)
+
+        context = response.context
+        self.assertTrue(context["has_properties"])
+
+
+class TestProperyFormPermissions(BaseTestCase):
+    def test_404(self):
+        url = reverse(
+            "authority_properties",
+            args=(
+                "Aberdeenshire Council",
+                "Bad Type",
+            ),
+        )
+
+        response = self.client.get(url)
+        self.assertEquals(404, response.status_code)
+
+        url = reverse(
+            "authority_properties",
+            args=(
+                "Fakeshire Council",
+                "First Mark",
+            ),
+        )
+
+    def test_stage_permissions(self):
+        self.client.logout()
+
+        url = reverse(
+            "authority_properties",
+            args=(
+                "Aberdeenshire Council",
+                "First Mark",
+            ),
+        )
+
+        response = self.client.get(url)
+        self.assertEquals(403, response.status_code)
+
+        for username in ["council", "auditor", "other_marker"]:
+            u = User.objects.get(username=username)
+            self.client.force_login(u)
+            response = self.client.get(url)
+            self.assertEquals(403, response.status_code)
+
+        for username in ["admin", "marker"]:
+            u = User.objects.get(username=username)
+            self.client.force_login(u)
+            response = self.client.get(url)
+            self.assertEquals(200, response.status_code)
+
+    def test_right_of_reply_permissions(self):
+        self.client.logout()
+
+        url = reverse(
+            "authority_properties",
+            args=(
+                "Aberdeenshire Council",
+                "Right of Reply",
+            ),
+        )
+
+        response = self.client.get(url)
+        self.assertEquals(403, response.status_code)
+
+        u = User.objects.get(username="marker")
+        self.client.force_login(u)
+        response = self.client.get(url)
+        self.assertEquals(403, response.status_code)
+
+        u = User.objects.get(username="admin")
+        self.client.force_login(u)
+        response = self.client.get(url)
+        self.assertEquals(200, response.status_code)
+
+        u = User.objects.create(username="other_council", is_active=True)
+        m = Marker.objects.create(
+            user=u,
+            response_type=ResponseType.objects.get(type="Right of Reply"),
+            authority=PublicAuthority.objects.get(name="Aberdeen City Council"),
+        )
+        m.marking_session.set([MarkingSession.objects.get(label="Default")])
+        self.client.force_login(u)
+        response = self.client.get(url)
+        self.assertEquals(403, response.status_code)
+
+    def test_properties_not_found(self):
+        url = reverse(
+            "authority_properties",
+            args=(
+                "Aberdeenshire Council",
+                "Audit",
+            ),
+        )
+
+        u = User.objects.get(username="admin")
+        self.client.force_login(u)
+        response = self.client.get(url)
+        self.assertEquals(404, response.status_code)
+
+        url = reverse(
+            "authority_properties",
+            args=(
+                "Aberdeenshire Council",
+                "First Mark",
+            ),
+        )
+        url = f"/Second%20Session{url}"
+        response = self.client.get(url)
+        self.assertEquals(404, response.status_code)
+
+
+class TestProperyForm(BaseTestCase):
+    def test_form(self):
+        url = reverse(
+            "authority_properties",
+            args=(
+                "Aberdeenshire Council",
+                "Right of Reply",
+            ),
+        )
+
+        properties = SessionProperty.objects.filter(
+            marking_session__label="Default",
+            authority__name="Aberdeenshire Council",
+            stage__type="Right of Reply",
+        )
+
+        response = self.client.get(url)
+        self.assertEquals(200, response.status_code)
+
+        self.assertEquals(0, properties.count())
+
+        response = self.client.post(url, data={"ror_property": "Property Data"})
+
+        self.assertEqual(response.status_code, 200)
+        # msg = response.context.get("message", "")
+        # self.assertEquals(msg, "Your answers have been saved.")
+
+        self.assertEquals(1, properties.count())
+
+        p = properties.first()
+        self.assertEquals(p.name, "ror_property")
+        self.assertEquals(p.value, "Property Data")

crowdsourcer/views/marking.py

@@ -1,6 +1,8 @@
 import logging
 
-from django.shortcuts import redirect
+from django.core.exceptions import PermissionDenied
+from django.http import Http404
+from django.shortcuts import get_object_or_404, redirect
 from django.urls import reverse
 from django.views.generic import FormView, ListView, TemplateView
 
@@ -304,11 +306,54 @@ class SectionPropertiesView(FormView):
     template_name = "crowdsourcer/authority_properties.html"
     form = SectionPropertyForm
 
+    def check_permissions(self):
+        denied = True
+        user = self.request.user
+
+        if user.is_superuser:
+            return True
+
+        if user.is_anonymous:
+            raise PermissionDenied
+
+        if not user.marker.marking_session.filter(
+            pk=self.request.current_session.pk
+        ).exists():
+            raise PermissionDenied
+
+        stage = get_object_or_404(ResponseType, type=self.kwargs["stage"])
+        authority = get_object_or_404(PublicAuthority, name=self.kwargs["name"])
+
+        if (
+            user.marker.response_type == stage
+            and Assigned.objects.filter(
+                user=user,
+                response_type=stage,
+                marking_session=self.request.current_session,
+                authority=authority,
+            ).exists()
+        ):
+            denied = False
+        elif (
+            stage.type == "Right of Reply"
+            and user.marker.response_type == stage
+            and user.marker.authority == authority
+        ):
+            denied = False
+
+        if denied:
+            raise PermissionDenied
+
     def get_initial(self):
         kwargs = super().get_initial()
         stage = ResponseType.objects.get(type=self.kwargs["stage"])
         authority = PublicAuthority.objects.get(name=self.kwargs["name"])
 
+        if not SessionProperties.objects.filter(
+            marking_session=self.request.current_session, stage=stage
+        ).exists():
+            raise Http404
+
         properties = SessionProperty.objects.filter(
             marking_session=self.request.current_session,
             authority=authority,
@@ -321,6 +366,8 @@ def get_initial(self):
         return kwargs
 
     def get_form(self):
+        self.check_permissions()
+
         stage = self.kwargs["stage"]
         properties = SessionProperties.objects.filter(
             marking_session=self.request.current_session, stage__type=stage