Centralise access control logic

This commit is contained in:
Yingtong Li 2019-12-29 00:30:30 +11:00
parent b70ef9b8f6
commit c4eb45514f
Signed by: RunasSudo
GPG Key ID: 7234E476BF21C61A
4 changed files with 303 additions and 261 deletions

View File

@ -27,36 +27,30 @@
<span class="ui header">Status: {{ revision.get_state_display() }}</span>
{% if is_latest %}
{% if revision.state == import('sstreasury.models').BudgetState.DRAFT.value or revision.state == import('sstreasury.models').BudgetState.RESUBMIT.value %}
{% if revision.can_submit(request.user) %}
<button class="ui mini labeled primary icon button" type="submit" name="action" value="Submit" style="margin-left: 1em;" onclick="return confirm('Are you sure you want to submit this budget for Treasury approval? You will not be able to make any additional changes without withdrawing the budget.');"><i class="paper plane icon"></i> Submit</button>
{#{% if request.user.groups.filter(name='Secretary').exists() %}
<button class="ui mini labeled positive icon button" type="submit" name="action" value="Approve" onclick="return confirm('Are you sure you want to mark this budget as committee-approved?');"><i class="check icon"></i> Approve</button>
<button class="ui mini labeled basic negative icon button" type="submit" name="action" value="CmteReturn" onclick="return confirm('Are you sure you want to refuse this budget committee approval and return it for re-drafting?');"><i class="undo icon"></i> Return for re-drafting</button>
{% endif %}#}
{% elif revision.state == import('sstreasury.models').BudgetState.AWAIT_REVIEW.value and request.user.groups.filter(name='Treasury').exists() %}
{% endif %}
{% if revision.can_endorse(request.user) %}
<button class="ui mini labeled positive icon button" type="submit" name="action" value="Endorse" style="margin-left: 1em;" onclick="return confirm('Are you sure you want to give this budget Treasury endorsement?');"><i class="check icon"></i> Endorse</button>
<button class="ui mini labeled basic negative icon button" type="submit" name="action" value="Return" onclick="return confirm('Are you sure you want to refuse this budget Treasury endorsement and return it for re-drafting?');"><i class="undo icon"></i> Return for re-drafting</button>
{% elif revision.state != import('sstreasury.models').BudgetState.APPROVED.value and request.user.groups.filter(name='Secretary').exists() %}
{% endif %}
{% if revision.can_approve(request.user) %}
<button class="ui mini labeled positive icon button" type="submit" name="action" value="Approve" style="margin-left: 1em;" onclick="return confirm('Are you sure you want to mark this budget as committee-approved?');"><i class="check icon"></i> Approve</button>
<button class="ui mini labeled basic negative icon button" type="submit" name="action" value="CmteReturn" onclick="return confirm('Are you sure you want to refuse this budget committee approval and return it for re-drafting?');"><i class="undo icon"></i> Return for re-drafting</button>
{% elif revision.state == import('sstreasury.models').BudgetState.APPROVED.value %}
{# Blank #}
{% else %}
{% endif %}
{% if revision.can_withdraw(request.user) %}
<button class="ui mini labeled basic negative icon button" type="submit" name="action" value="Withdraw" style="margin-left: 1em;" onclick="return confirm('Are you sure you want to withdraw this budget from being considered for approval? The budget will be reverted to a draft.');"><i class="undo icon"></i> Withdraw</button>
{% endif %}
{% if revision.state == import('sstreasury.models').BudgetState.DRAFT.value or revision.state == import('sstreasury.models').BudgetState.RESUBMIT.value or (revision.state != import('sstreasury.models').BudgetState.APPROVED.value and (request.user.groups.filter(name='Treasury').exists() or request.user.groups.filter(name='Secretary').exists())) %}
{% if revision.can_edit(request.user) %}
<a class="ui mini labeled right floated icon button" href="{{ url('budget_edit', kwargs={'id': revision.budget.id}) }}"><i class="edit icon"></i> Edit</a>
<a class="ui mini labeled right floated icon button" href="{{ url('budget_print', kwargs={'id': revision.budget.id}) }}" target="_blank"><i class="print icon"></i> Print</a>
{% elif revision.state == import('sstreasury.models').BudgetState.APPROVED.value %}
<a class="ui mini labeled right floated icon button" href="{{ url('budget_print', kwargs={'id': revision.budget.id}) }}" target="_blank"><i class="print icon"></i> Print</a>
{% else %}
{% endif %}
<a class="ui mini labeled right floated icon button" href="{{ url('budget_print', kwargs={'id': revision.budget.id}) }}" target="_blank"><i class="print icon"></i> Print</a>
{% if not revision.can_edit(request.user) and revision.can_withdraw(request.user) %}
<div class="ui message">
<p>This budget has been submitted and is now awaiting approval. If you wish to edit this budget, you must first withdraw it. This will revert the budget to a draft.</p>
</div>

View File

@ -26,26 +26,25 @@
<form class="ui form" action="{{ url('claim_action', kwargs={'id': claim.id}) }}" method="POST">
<span class="ui header">Status: {{ claim.get_state_display() }}</span>
{% if claim.state == import('sstreasury.models').ClaimState.DRAFT.value or claim.state == import('sstreasury.models').ClaimState.RESUBMIT.value %}
{% if claim.can_submit(request.user) %}
<button class="ui mini labeled primary icon button" type="submit" name="action" value="Submit" style="margin-left: 1em;" onclick="return confirm('Are you sure you want to submit this claim for Treasury approval? You will not be able to make any additional changes without withdrawing the claim.');"><i class="paper plane icon"></i> Submit</button>
{% elif claim.state == import('sstreasury.models').ClaimState.AWAIT_REVIEW.value and request.user.groups.filter(name='Treasury').exists() %}
{% endif %}
{% if claim.can_approve(request.user) %}
<button class="ui mini labeled positive icon button" type="submit" name="action" value="Approve" style="margin-left: 1em;" onclick="return confirm('Are you sure you want to approve this claim?');"><i class="check icon"></i> Approve</button>
<button class="ui mini labeled basic negative icon button" type="submit" name="action" value="Return" onclick="return confirm('Are you sure you want to refuse this claim and return it for re-drafting?');"><i class="undo icon"></i> Return for re-drafting</button>
{% elif claim.state == import('sstreasury.models').ClaimState.APPROVED.value or claim.state == import('sstreasury.models').ClaimState.PAID.value %}
{# Blank #}
{% else %}
{% endif %}
{% if claim.can_withdraw(request.user) %}
<button class="ui mini labeled basic negative icon button" type="submit" name="action" value="Withdraw" style="margin-left: 1em;" onclick="return confirm('Are you sure you want to withdraw this budget from being considered for approval? The budget will be reverted to a draft.');"><i class="undo icon"></i> Withdraw</button>
{% endif %}
{% if claim.state == import('sstreasury.models').ClaimState.DRAFT.value or claim.state == import('sstreasury.models').ClaimState.RESUBMIT.value or (claim.state != import('sstreasury.models').ClaimState.APPROVED.value and claim.state != import('sstreasury.models').ClaimState.PAID.value and request.user.groups.filter(name='Treasury').exists()) %}
{% if claim.can_edit(request.user) %}
<a class="ui mini labeled right floated icon button" href="{{ url('claim_edit', kwargs={'id': claim.id}) }}"><i class="edit icon"></i> Edit</a>
<a class="ui mini labeled right floated icon button" href="{{ url('claim_print', kwargs={'id': claim.id}) }}" target="_blank"><i class="print icon"></i> Print</a>
{% elif claim.state == import('sstreasury.models').ClaimState.APPROVED.value or claim.state == import('sstreasury.models').ClaimState.PAID.value %}
<a class="ui mini labeled right floated icon button" href="{{ url('claim_print', kwargs={'id': claim.id}) }}" target="_blank"><i class="print icon"></i> Print</a>
{% else %}
{% endif %}
<a class="ui mini labeled right floated icon button" href="{{ url('claim_print', kwargs={'id': claim.id}) }}" target="_blank"><i class="print icon"></i> Print</a>
{% if not claim.can_edit(request.user) and claim.can_withdraw(request.user) %}
<div class="ui message">
<p>This claim has been submitted and is now awaiting processing. If you wish to edit this claim, you must first withdraw it. This will revert the claim to a draft.</p>
</div>
@ -111,7 +110,7 @@
<input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
<input class="ui primary button" type="submit" name="action" value="Comment">
{% if claim.state == import('sstreasury.models').ClaimState.AWAIT_REVIEW.value and request.user.groups.filter(name='Treasury').exists() %}
{% if claim.can_approve(request.user) %}
<button class="ui right floated labeled basic negative icon button" type="submit" name="action" value="Comment,Return" onclick="return confirm('Are you sure you want to refuse this claim and return it for re-drafting?');"><i class="undo icon"></i> Comment and return for re-drafting</button>
<button class="ui right floated labeled positive icon button" type="submit" name="action" value="Comment,Approve" onclick="return confirm('Are you sure you want to approve this claim?');"><i class="check icon"></i> Comment and approve</button>

View File

@ -17,6 +17,7 @@
from django.contrib.auth.models import User
from django.db import models
from django.utils import timezone
from jsonfield import JSONField
from enum import Enum
@ -74,12 +75,25 @@ class BudgetRevision(models.Model):
action = models.IntegerField(choices=[(v.value, v.description) for v in BudgetAction])
class Meta:
ordering = ['id']
def copy(self):
contributors = list(self.contributors.all())
self.pk, self.id = None, None
self.save()
self.contributors.add(*contributors)
def update_state(self, user, state):
self.copy()
self.author = user
self.time = timezone.now()
self.state = state.value
self.action = BudgetAction.UPDATE_STATE.value
self.save()
# Access control
def can_view(self, user):
if user == self.author:
return True
@ -87,12 +101,74 @@ class BudgetRevision(models.Model):
return True
if user.groups.filter(name='Treasury').exists():
return True
if (self.state == BudgetState.ENDORSED or self.state == BudgetState.APPROVED) and user.groups.filter(name='Committee').exists():
if (self.state == BudgetState.ENDORSED.value or self.state == BudgetState.APPROVED.value) and user.groups.filter(name='Committee').exists():
return True
return False
def can_edit(self, user):
# Cannot edit if cannot view
if not self.can_view(user):
return False
# No one can edit if already approved
if self.state == BudgetState.APPROVED.value:
return False
# Only Treasurer or Secretary may edit if submitted
if self.state != BudgetState.DRAFT.value and self.state != BudgetState.RESUBMIT.value:
if user.groups.filter(name='Treasury').exists() or user.groups.filter(name='Secretary').exists():
return True
return False
class Meta:
ordering = ['id']
# Otherwise the submitter may edit
if user == self.author:
return True
if user in self.contributors.all():
return True
if user.groups.filter(name='Treasury').exists():
return True
# Otherwise cannot edit
return False
def can_submit(self, user):
if not self.can_edit(user):
return False
if self.state == BudgetState.DRAFT.value or self.state == BudgetState.RESUBMIT.value:
return True
return False
def can_withdraw(self, user):
if not self.can_edit(user):
return False
if self.state == BudgetState.AWAIT_REVIEW.value or self.state == BudgetState.ENDORSED.value:
return True
return False
def can_endorse(self, user):
if not self.can_edit(user):
return False
if not user.groups.filter(name='Treasury').exists():
return False
if self.state == BudgetState.AWAIT_REVIEW.value:
return True
return False
def can_return(self, user):
return self.can_endorse(user)
def can_approve(self, user):
if not self.can_edit(user):
return False
if not user.groups.filter(name='Secretary').exists():
return False
if self.state == BudgetState.ENDORSED.value:
return True
return False
def can_cmtereturn(self, user):
return self.can_approve(user)
class ClaimState(DescriptionEnum):
DRAFT = 10, 'Draft'
@ -119,6 +195,20 @@ class ReimbursementClaim(models.Model):
items = JSONField(default=[])
def update_state(self, user, state):
self.state = state.value
self.save()
claim_history = ClaimHistory()
claim_history.claim = self
claim_history.author = user
claim_history.state = self.state
claim_history.time = timezone.now()
claim_history.action = ClaimAction.UPDATE_STATE.value
claim_history.save()
# Access control
def can_view(self, user):
if user == self.author:
return True
@ -126,6 +216,58 @@ class ReimbursementClaim(models.Model):
return True
return False
def can_edit(self, user):
# Cannot edit if cannot view
if not self.can_view(user):
return False
# No one can edit if already paid
if self.state == ClaimState.PAID.value:
return False
# Only Treasurer may edit if submitted
if self.state != ClaimState.DRAFT.value and self.state != ClaimState.RESUBMIT.value:
if user.groups.filter(name='Treasury').exists():
return True
return False
# Otherwise the submitter or Treasurer may edit
if user == self.author:
return True
if user in self.contributors.all():
return True
if user.groups.filter(name='Treasury').exists():
return True
# Otherwise cannot edit
return False
def can_submit(self, user):
if not self.can_edit(user):
return False
if self.state == ClaimState.DRAFT.value or self.state == ClaimState.RESUBMIT.value:
return True
return False
def can_withdraw(self, user):
if not self.can_edit(user):
return False
if self.state == ClaimState.AWAIT_REVIEW.value or self.state == ClaimState.APPROVED.value:
return True
return False
def can_approve(self, user):
if not self.can_edit(user):
return False
if not user.groups.filter(name='Treasury').exists():
return False
if self.state == ClaimState.AWAIT_REVIEW.value:
return True
return False
def can_return(self, user):
return self.can_approve(user)
class ClaimReceipt(models.Model):
claim = models.ForeignKey(ReimbursementClaim, on_delete=models.CASCADE)
uploaded_file = models.FileField()

View File

@ -32,10 +32,107 @@ import functools
import itertools
import json
# HELPER DECORATORS
def uses_budget(viewfunc):
@functools.wraps(viewfunc)
def func(request, id):
budget = models.Budget.objects.get(id=id)
revision = budget.budgetrevision_set.reverse()[0]
return viewfunc(request, budget, revision)
return func
def budget_viewable(viewfunc):
@functools.wraps(viewfunc)
def func(request, budget, revision):
if not revision.can_view(request.user):
raise PermissionDenied
return viewfunc(request, budget, revision)
return func
def budget_editable(viewfunc):
@functools.wraps(viewfunc)
def func(request, budget, revision):
if not revision.can_edit(request.user):
raise PermissionDenied
return viewfunc(request, budget, revision)
return func
def uses_claim(viewfunc):
@functools.wraps(viewfunc)
def func(request, id):
claim = models.ReimbursementClaim.objects.get(id=id)
return viewfunc(request, claim)
return func
def claim_viewable(viewfunc):
@functools.wraps(viewfunc)
def func(request, claim):
if not claim.can_view(request.user):
raise PermissionDenied
return viewfunc(request, claim)
return func
def claim_editable(viewfunc):
@functools.wraps(viewfunc)
def func(request, claim):
if not claim.can_edit(request.user):
raise PermissionDenied
return viewfunc(request, claim)
return func
# HELPER FUNCTIONS
def revision_from_form(budget, revision, form):
revision.budget = budget
revision.name = form['name']
revision.date = form['date'] if form['date'] else None
revision.comments = form['comments']
revision.revenue = json.loads(form['revenue'])
revision.revenue_comments = form['revenue_comments']
revision.expense = json.loads(form['expense'])
revision.expense_comments = form['expense_comments']
revision.expense_no_emergency_fund = True if form.get('expense_no_emergency_fund', False) else False
revision.save()
contributors = form['contributors'].split('\n')
for contributor in contributors:
validate_email(contributor.strip())
for contributor in contributors:
try:
user = User.objects.get(email=contributor.strip())
except User.DoesNotExist:
user = User.objects.create_user(contributor.strip().split('@')[0], contributor.strip())
revision.contributors.add(user)
revision.save()
return revision
def claim_from_form(claim, form):
claim.purpose = form['purpose']
claim.date = form['date'] if form['date'] else None
claim.budget_id = form['budget_id']
claim.comments = form['comments']
claim.state = models.ClaimState.DRAFT.value
claim.items = json.loads(form['items'])
claim.save()
return claim
# INDEX VIEW
@login_required
def index(request):
return render(request, 'sstreasury/index.html')
# BUDGET VIEWS
@login_required
def budget_list(request):
budgets_action = []
@ -77,13 +174,10 @@ def budget_list(request):
})
@login_required
def budget_view(request, id):
budget = models.Budget.objects.get(id=id)
@uses_budget
def budget_view(request, budget, revision):
if 'revision' in request.GET:
revision = budget.budgetrevision_set.get(id=int(request.GET['revision']))
else:
revision = budget.budgetrevision_set.reverse()[0]
if not revision.can_view(request.user):
raise PermissionDenied
@ -98,13 +192,10 @@ def budget_view(request, id):
})
@login_required
def budget_print(request, id):
budget = models.Budget.objects.get(id=id)
@uses_budget
def budget_print(request, budget, revision):
if 'revision' in request.GET:
revision = budget.budgetrevision_set.get(id=int(request.GET['revision']))
else:
revision = budget.budgetrevision_set.reverse()[0]
if not revision.can_view(request.user):
raise PermissionDenied
@ -114,35 +205,6 @@ def budget_print(request, id):
'is_latest': 'revision' not in request.GET
})
def revision_from_form(budget, revision, form):
revision.budget = budget
revision.name = form['name']
revision.date = form['date'] if form['date'] else None
revision.comments = form['comments']
revision.revenue = json.loads(form['revenue'])
revision.revenue_comments = form['revenue_comments']
revision.expense = json.loads(form['expense'])
revision.expense_comments = form['expense_comments']
revision.expense_no_emergency_fund = True if form.get('expense_no_emergency_fund', False) else False
revision.save()
contributors = form['contributors'].split('\n')
for contributor in contributors:
validate_email(contributor.strip())
for contributor in contributors:
try:
user = User.objects.get(email=contributor.strip())
except User.DoesNotExist:
user = User.objects.create_user(contributor.strip().split('@')[0], contributor.strip())
revision.contributors.add(user)
revision.save()
return revision
@login_required
def budget_new(request):
if request.method == 'POST':
@ -170,39 +232,6 @@ def budget_new(request):
'contributors': request.user.email
})
def uses_budget(viewfunc):
@functools.wraps(viewfunc)
def func(request, id):
budget = models.Budget.objects.get(id=id)
revision = budget.budgetrevision_set.reverse()[0]
return viewfunc(request, budget, revision)
return func
def budget_viewable(viewfunc):
@functools.wraps(viewfunc)
def func(request, budget, revision):
if not revision.can_view(request.user):
raise PermissionDenied
return viewfunc(request, budget, revision)
return func
def budget_editable(viewfunc):
@functools.wraps(viewfunc)
def func(request, budget, revision):
if revision.state == models.BudgetState.APPROVED.value:
raise PermissionDenied
if revision.state != models.BudgetState.DRAFT.value and revision.state != models.BudgetState.RESUBMIT.value:
if not request.user.groups.filter(name='Treasury').exists():
raise PermissionDenied
if not revision.can_view(request.user):
raise PermissionDenied
return viewfunc(request, budget, revision)
return func
@login_required
@uses_budget
@budget_editable
@ -253,16 +282,11 @@ def budget_action(request, budget, revision):
emailer.send_mail([user.email], 'New comment on budget: {}'.format(revision.name), 'sstreasury/email/commented.md', {'revision': revision, 'comment': comment})
if 'Submit' in actions:
if revision.state != models.BudgetState.DRAFT.value and revision.state != models.BudgetState.RESUBMIT.value:
if not revision.can_submit(request.user):
raise PermissionDenied
with transaction.atomic():
revision.copy()
revision.author = request.user
revision.time = timezone.now()
revision.state = models.BudgetState.AWAIT_REVIEW.value
revision.action = models.BudgetAction.UPDATE_STATE.value
revision.save()
revision.update_state(request.user, models.BudgetState.AWAIT_REVIEW)
emailer = Emailer()
for user in User.objects.filter(groups__name='Treasury'):
@ -271,29 +295,18 @@ def budget_action(request, budget, revision):
emailer.send_mail([user.email], 'Budget submitted: {}'.format(revision.name), 'sstreasury/email/submitted_drafter.md', {'revision': revision})
if 'Withdraw' in actions:
if revision.state == models.BudgetState.DRAFT.value or revision.state == models.BudgetState.RESUBMIT.value or revision.state == models.BudgetState.APPROVED.value:
raise PermissionDenied
revision.copy()
revision.author = request.user
revision.time = timezone.now()
revision.state = models.BudgetState.DRAFT.value
revision.action = models.BudgetAction.UPDATE_STATE.value
revision.save()
if 'Endorse' in actions:
if revision.state != models.BudgetState.AWAIT_REVIEW.value:
raise PermissionDenied
if not request.user.groups.filter(name='Treasury').exists():
if not revision.can_withdraw(user):
raise PermissionDenied
with transaction.atomic():
revision.copy()
revision.author = request.user
revision.time = timezone.now()
revision.state = models.BudgetState.ENDORSED.value
revision.action = models.BudgetAction.UPDATE_STATE.value
revision.save()
revision.update_state(request.user, models.BudgetState.DRAFT)
if 'Endorse' in actions:
if not revision.can_endorse(user):
raise PermissionDenied
with transaction.atomic():
revision.update_state(request.user, models.BudgetState.ENDORSED)
emailer = Emailer()
for user in User.objects.filter(groups__name='Secretary'):
@ -302,54 +315,33 @@ def budget_action(request, budget, revision):
emailer.send_mail([user.email], 'Budget endorsed, awaiting committee approval: {}'.format(revision.name), 'sstreasury/email/endorsed.md', {'revision': revision})
if 'Return' in actions:
if revision.state != models.BudgetState.AWAIT_REVIEW.value:
raise PermissionDenied
if not request.user.groups.filter(name='Treasury').exists():
if not revision.can_return(user):
raise PermissionDenied
with transaction.atomic():
revision.copy()
revision.author = request.user
revision.time = timezone.now()
revision.state = models.BudgetState.RESUBMIT.value
revision.action = models.BudgetAction.UPDATE_STATE.value
revision.save()
revision.update_state(request.user, models.BudgetState.RESUBMIT)
emailer = Emailer()
for user in revision.contributors.all():
emailer.send_mail([user.email], 'Action required: Budget returned for re-drafting: {}'.format(revision.name), 'sstreasury/email/returned.md', {'revision': revision})
if 'Approve' in actions:
if revision.state == models.BudgetState.APPROVED.value:
raise PermissionDenied
if not request.user.groups.filter(name='Secretary').exists():
raise PermissionDenied
if not revision.can_approve(user):
return PermissionDenied
with transaction.atomic():
revision.copy()
revision.author = request.user
revision.time = timezone.now()
revision.state = models.BudgetState.APPROVED.value
revision.action = models.BudgetAction.UPDATE_STATE.value
revision.save()
revision.update_state(request.user, models.BudgetState.APPROVED)
emailer = Emailer()
for user in revision.contributors.all():
emailer.send_mail([user.email], 'Budget approved: {}'.format(revision.name), 'sstreasury/email/approved.md', {'revision': revision})
if 'CmteReturn' in actions:
if revision.state == models.BudgetState.APPROVED.value:
raise PermissionDenied
if not request.user.groups.filter(name='Secretary').exists():
raise PermissionDenied
if not revision.can_cmtereturn(user):
return PermissionDenied
with transaction.atomic():
revision.copy()
revision.author = request.user
revision.time = timezone.now()
revision.state = models.BudgetState.RESUBMIT.value
revision.action = models.BudgetAction.UPDATE_STATE.value
revision.save()
revision.update_state(request.user, models.BudgetState.RESUBMIT)
emailer = Emailer()
for user in revision.contributors.all():
@ -392,19 +384,6 @@ def claim_list(request):
'claims_closed': claims_closed
})
def claim_from_form(claim, form):
claim.purpose = form['purpose']
claim.date = form['date'] if form['date'] else None
claim.budget_id = form['budget_id']
claim.comments = form['comments']
claim.state = models.ClaimState.DRAFT.value
claim.items = json.loads(form['items'])
claim.save()
return claim
@login_required
def claim_new(request):
if request.method == 'POST':
@ -412,7 +391,6 @@ def claim_new(request):
claim = models.ReimbursementClaim()
claim.author = request.user
claim.time = timezone.now()
#revision.action = models.BudgetAction.CREATE.value
claim.state = models.BudgetState.DRAFT.value
claim = claim_from_form(claim, request.POST)
@ -437,38 +415,6 @@ def claim_new(request):
'claim': claim
})
def uses_claim(viewfunc):
@functools.wraps(viewfunc)
def func(request, id):
claim = models.ReimbursementClaim.objects.get(id=id)
return viewfunc(request, claim)
return func
def claim_viewable(viewfunc):
@functools.wraps(viewfunc)
def func(request, claim):
if not claim.can_view(request.user):
raise PermissionDenied
return viewfunc(request, claim)
return func
def claim_editable(viewfunc):
@functools.wraps(viewfunc)
def func(request, claim):
if claim.state == models.ClaimState.PAID.value:
raise PermissionDenied
if claim.state != models.ClaimState.DRAFT.value and claim.state != models.ClaimState.RESUBMIT.value:
if not request.user.groups.filter(name='Treasury').exists():
raise PermissionDenied
if not claim.can_view(request.user):
raise PermissionDenied
return viewfunc(request, claim)
return func
@login_required
@uses_claim
@claim_viewable
@ -541,20 +487,11 @@ def claim_action(request, claim):
emailer.send_mail([comment.author], 'New comment on reimbursement claim: {}'.format(revision.name), 'sstreasury/email/claim_commented.md', {'claim': claim, 'comment': comment})
if 'Submit' in actions:
if claim.state != models.ClaimState.DRAFT.value and claim.state != models.ClaimState.RESUBMIT.value:
if not claim.can_submit(request.user):
raise PermissionDenied
with transaction.atomic():
claim.state = models.ClaimState.AWAIT_REVIEW.value
claim.save()
claim_history = models.ClaimHistory()
claim_history.claim = claim
claim_history.author = request.user
claim_history.state = claim.state
claim_history.time = timezone.now()
claim_history.action = models.ClaimAction.UPDATE_STATE.value
claim_history.save()
claim.update_state(request.user, models.ClaimState.AWAIT_REVIEW)
emailer = Emailer()
for user in User.objects.filter(groups__name='Treasury'):
@ -562,58 +499,28 @@ def claim_action(request, claim):
emailer.send_mail([claim.author.email], 'Reimbursement claim submitted: {}'.format(claim.purpose), 'sstreasury/email/claim_submitted_drafter.md', {'claim': claim})
if 'Withdraw' in actions:
if claim.state == models.ClaimState.DRAFT.value or claim.state == models.ClaimState.RESUBMIT.value or claim.state == models.ClaimState.PAID.value:
raise PermissionDenied
claim.state = models.ClaimState.DRAFT.value
claim.save()
claim_history = models.ClaimHistory()
claim_history.claim = claim
claim_history.author = request.user
claim_history.state = claim.state
claim_history.time = timezone.now()
claim_history.action = models.ClaimAction.UPDATE_STATE.value
claim_history.save()
if 'Approve' in actions:
if claim.state != models.ClaimState.AWAIT_REVIEW.value:
raise PermissionDenied
if not request.user.groups.filter(name='Treasury').exists():
if not claim.can_withdraw(request.user):
raise PermissionDenied
with transaction.atomic():
claim.state = models.ClaimState.APPROVED.value
claim.save()
claim.update_state(request.user, models.ClaimState.DRAFT)
claim_history = models.ClaimHistory()
claim_history.claim = claim
claim_history.author = request.user
claim_history.state = claim.state
claim_history.time = timezone.now()
claim_history.action = models.ClaimAction.UPDATE_STATE.value
claim_history.save()
if 'Approve' in actions:
if not claim.can_approve(request.user):
raise PermissionDenied
with transaction.atomic():
claim.update_state(request.user, models.ClaimState.APPROVED)
emailer = Emailer()
emailer.send_mail([claim.author.email], 'Claim approved, awaiting payment: {}'.format(claim.purpose), 'sstreasury/email/claim_approved.md', {'claim': claim})
if 'Return' in actions:
if claim.state != models.ClaimState.AWAIT_REVIEW.value:
raise PermissionDenied
if not request.user.groups.filter(name='Treasury').exists():
if not claim.can_approve(request.user):
raise PermissionDenied
with transaction.atomic():
claim.state = models.ClaimState.RESUBMIT.value
claim.save()
claim_history = models.ClaimHistory()
claim_history.claim = claim
claim_history.author = request.user
claim_history.state = claim.state
claim_history.time = timezone.now()
claim_history.action = models.ClaimAction.UPDATE_STATE.value
claim_history.save()
claim.update_state(request.user, models.ClaimState.RESUBMIT)
emailer = Emailer()
emailer.send_mail([claim.author.email], 'Action required: Reimbursement claim returned for re-drafting: {}'.format(claim.purpose), 'sstreasury/email/claim_returned.md', {'claim': claim})