fix project admin permissions

992af3cc · Georgios D. Tsoukalas · 10049d18 · 992af3cc · 992af3cc · 992af3cc
Commit 992af3cc authored Feb 01, 2013 by Georgios D. Tsoukalas
--- a/snf-astakos-app/astakos/im/functions.py
+++ b/snf-astakos-app/astakos/im/functions.py
@@ -664,7 +664,8 @@ def submit_application(kw, request_user=None):

        if (request_user and
            (not precursor.owner == request_user and
-             not request_user.is_superuser)):
+             not request_user.is_superuser
+             and not request_user.is_project_admin())):
            m = _(astakos_messages.NOT_ALLOWED)
            raise PermissionDenied(m)


--- a/snf-astakos-app/astakos/im/models.py
+++ b/snf-astakos-app/astakos/im/models.py
@@ -1620,12 +1620,6 @@ class ProjectApplication(models.Model):
        except Project.DoesNotExist:
            return None

-    def can_be_approved(self):
-        return self.state == self.PENDING
-
-    def can_be_dismissed(self):
-        return self.state == self.DENIED
-
    def can_cancel(self):
        return self.state == self.PENDING


--- a/snf-astakos-app/astakos/im/templates/im/projects/project_detail.html
+++ b/snf-astakos-app/astakos/im/templates/im/projects/project_detail.html
@@ -65,7 +65,7 @@
      {% endif %}

      {% if admin_mode %}
-          {% if object.can_be_approved %}
+          {% if object.can_approve %}
              - <a style="font-size:0.7em"
                  href="{% url astakos.im.views.project_app_approve object.pk %}">
                  APPROVE</a>
@@ -76,7 +76,7 @@
      {% endif %}

      {% if owner_mode %}
-          {% if object.can_be_dismissed %}
+          {% if object.can_dismiss %}
             - <a style="font-size:0.7em"
                href="{% url astakos.im.views.project_app_dismiss object.pk %}">
                DISMISS</a>

--- a/snf-astakos-app/astakos/im/views.py
+++ b/snf-astakos-app/astakos/im/views.py
@@ -1144,7 +1144,8 @@ def project_modify(request, application_id):
    except ProjectApplication.DoesNotExist:
        raise Http404

-    if not request.user.owns_application(app):
+    user = request.user
+    if not (user.owns_application(app) or user.is_project_admin(app.id)):
        m = _(astakos_messages.NOT_ALLOWED)
        raise PermissionDenied(m)

@@ -1249,11 +1250,11 @@ def common_detail(request, chain_or_app_id, project_view=True):
    user = request.user
    is_project_admin = user.is_project_admin(application_id=application.id)
    is_owner = user.owns_application(application)
-    if not is_owner and not project_view:
+    if not (is_owner or is_project_admin) and not project_view:
        m = _(astakos_messages.NOT_ALLOWED)
        raise PermissionDenied(m)

-    if (not is_owner and project_view and
+    if (not (is_owner or is_project_admin) and project_view and
        not user.non_owner_can_view(project)):
        m = _(astakos_messages.NOT_ALLOWED)
        raise PermissionDenied(m)