Add AffiliationDeleteView; general improvements

44cffa5b · Jean-Sébastien Caux · 2a282d41 · 44cffa5b · 44cffa5b · 44cffa5b
Commit 44cffa5b authored 5 years ago by Jean-Sébastien Caux
--- a/journals/templatetags/lookup.py
+++ b/journals/templatetags/lookup.py
@@ -62,8 +62,8 @@ class OrganizationLookup(LookupChannel):
        return item.full_name_with_acronym

    def check_auth(self, request):
-        """Check if has organization administrative permissions."""
-        if not request.user.has_perm('scipost.can_manage_organizations'):
+        """Allow use by logged-in users (e.g. for Affiliations handling)."""
+        if not request.user.is_authenticated():
            raise PermissionDenied



--- a/profiles/models.py
+++ b/profiles/models.py
@@ -203,7 +203,8 @@ class Affiliation(models.Model):
                    '-date_until']

    def __str__(self):
-        return '{ profile }, { organization } [{ date_from } to { date_until }]'.format(
-            profile=self.profile, organization=self.organization,
-            date_from=self.date_from.strftime('Y-m-d'),
-            date_until=self.date_until.strftime('Y-m-d'))
+        return '%s, %s [%s to %s]' % (
+            str(self.profile),
+            str(self.organization),
+            self.date_from.strftime('%Y-%m-%d') if self.date_from else 'Undefined',
+            self.date_until.strftime('%Y-%m-%d') if self.date_until else 'Undefined')
--- a/profiles/templates/profiles/_affiliations_table.html
+++ b/profiles/templates/profiles/_affiliations_table.html
+<table class="table">
+  <thead class="thead-default">
+    <tr>
+      <th>Organization</th>
+      <th>Category</th>
+      <th>From</th>
+      <th>Until</th>
+      {% if actions %}
+      <td>Actions</td>
+      {% endif %}
+    </tr>
+  </thead>
+  <tbody>
+    {% for aff in contributor.profile.affiliations.all %}
+    <tr>
+      <td>{{ aff.organization }}<br/>&nbsp;<em>{{ aff.description }}</em></td>
+      <td>{{ aff.get_category_display }}</td>
+      <td>{% if aff.date_from %}{{ aff.date_from|date:'Y-m-d' }}{% else %}Undefined{% endif %}</td>
+      <td>{% if aff.date_until %}{{ aff.date_until|date:'Y-m-d' }}{% else %}Undefined{% endif %}</td>
+      {% if actions %}
+      <td>
+	<ul class="list-unstyled">
+	  <li><a href="{% url 'profiles:affiliation_update' profile_id=contributor.profile.id pk=aff.id %}" class="text-warning">Update</a></li>
+	  <li><a href="{% url 'profiles:affiliation_delete' profile_id=contributor.profile.id pk=aff.id %}" class="text-danger">Delete</a></li>
+	</ul>
+      </td>
+      {% endif %}
+    </tr>
+    {% empty %}
+    <tr><td colspan="4">No Affiliation has been defined</td></tr>
+    {% endfor %}
+  </tbody>
+</table>
--- a/profiles/templates/profiles/affiliation_confirm_delete.html
+++ b/profiles/templates/profiles/affiliation_confirm_delete.html
+{% extends 'profiles/base.html' %}
+
+{% load bootstrap %}
+
+{% block breadcrumb_items %}
+    {{ block.super }}
+    <span class="breadcrumb-item">Delete {{ affiliation.description }}</span>
+{% endblock %}
+
+{% block pagetitle %}: Delete Affiliation{% endblock pagetitle %}
+
+{% block content %}
+<div class="row">
+    <div class="col-12">
+        <h1 class="highlight">Delete Affiliation</h1>
+	{% include 'profiles/_affiliations_table.html' with contributor=affiliation.profile.contributor actions=False %}
+    </div>
+</div>
+<div class="row">
+  <div class="col-12">
+    <form method="post">
+      {% csrf_token %}
+      <h3 class="mb-2">Are you sure you want to delete this Affiliation?</h3>
+      <input type="submit" class="btn btn-danger" value="Yes, delete it" />
+    </form>
+  </div>
+</div>
+
+{% endblock content %}
--- a/profiles/urls.py
+++ b/profiles/urls.py
@@ -78,8 +78,13 @@ urlpatterns = [
        name='affiliation_create'
    ),
    url(
-        r'^affiliation/(?P<pk>[0-9]+)/update/$',
+        r'^(?P<profile_id>[0-9]+)/affiliation/(?P<pk>[0-9]+)/update/$',
        views.AffiliationUpdateView.as_view(),
        name='affiliation_update'
    ),
+    url(
+        r'^(?P<profile_id>[0-9]+)/affiliation/(?P<pk>[0-9]+)/delete/$',
+        views.AffiliationDeleteView.as_view(),
+        name='affiliation_delete'
+    ),
 ]
--- a/profiles/views.py
+++ b/profiles/views.py
@@ -392,8 +392,7 @@ class AffiliationCreateView(UserPassesTestMixin, CreateView):
        """
        if self.request.user.has_perm('scipost.can_create_profiles'):
            return True
-        profile = get_object_or_404(Profile, pk=self.kwargs.get('profile_id'))
-        return self.request.user.contributor.profile is profile
+        return self.request.user.contributor.profile.id == int(self.kwargs.get('profile_id'))

    def get_initial(self, *args, **kwargs):
        initial = super().get_initial(*args, **kwargs)
@@ -421,12 +420,35 @@ class AffiliationUpdateView(UserPassesTestMixin, UpdateView):

    def test_func(self):
        """
-        Allow creating an Affiliation if user is Admin, EdAdmin or is
+        Allow updating an Affiliation if user is Admin, EdAdmin or is
+        the Contributor to which this Profile is related.
+        """
+        if self.request.user.has_perm('scipost.can_create_profiles'):
+            return True
+        return self.request.user.contributor.profile.id == int(self.kwargs.get('profile_id'))
+
+    def get_success_url(self):
+        """
+        If request.user is Admin or EdAdmin, redirect to profile detail view.
+        Otherwise if request.user is Profile owner, return to personal page.
+        """
+        if self.request.user.has_perm('scipost.can_create_profiles'):
+            return reverse_lazy('profiles:profile_detail',
+                                kwargs={'pk': self.object.profile.id})
+        return reverse_lazy('scipost:personal_page')
+
+
+class AffiliationDeleteView(UserPassesTestMixin, DeleteView):
+    model = Affiliation
+
+    def test_func(self):
+        """
+        Allow deleting an Affiliation if user is Admin, EdAdmin or is
        the Contributor to which this Profile is related.
        """
        if self.request.user.has_perm('scipost.can_create_profiles'):
            return True
-        return self.request.user.contributor.profile is self.object.profile
+        return self.request.user.contributor.profile.id == int(self.kwargs.get('profile_id'))

    def get_success_url(self):
        """

--- a/scipost/templates/partials/scipost/personal_page/account.html
+++ b/scipost/templates/partials/scipost/personal_page/account.html
@@ -152,33 +152,7 @@
    <ul>
      <li><a href="{% url 'profiles:affiliation_create' profile_id=contributor.profile.id %}">Add a new Affiliation</a></li>
    </ul>
-    <table class="table">
-      <thead class="thead-default">
-	<tr>
-	  <th>Organization</th>
-	  <th>Category</th>
-	  <th>From</th>
-	  <th>Until</th>
-	  <td>Actions</td>
-	</tr>
-      </thead>
-      <tbody>
-	{% for aff in contributor.profile.affiliations.all %}
-	<tr>
-	  <td>{{ aff.organization }}<br/>&nbsp;{{ aff.description }}</td>
-	  <td>{{ aff.get_category_display }}</td>
-	  <td>{{ aff.date_from|date:'Y-m-d' }}</td>
-	  <td>{{ aff.date_until|date:'Y-m-d' }}</td>
-	  <td>
-	    <ul class="list-unstyled">
-	      <li><a href="{% url 'profiles:affiliation_update' pk=aff.id %}" class="text-warning">Update</a></li>
-	    </ul>
-	</tr>
-	{% empty %}
-	<tr><td colspan="4">No Affiliation has been defined</td></tr>
-	{% endfor %}
-      </tbody>
-    </table>
+    {% include 'profiles/_affiliations_table.html' with contributor=contributor actions=True %}
  </div>
 </div>