diff --git a/finances/templates/finances/_subsidy_card.html b/finances/templates/finances/_subsidy_card.html
index 5cf03b69fd1bff098de1ff48d3ba2fbe05da2218..bace5687ab21895a9e2eec449043a6b22ea062e1 100644
--- a/finances/templates/finances/_subsidy_card.html
+++ b/finances/templates/finances/_subsidy_card.html
@@ -78,7 +78,7 @@
<tr>
<td><a href="{{ att.get_absolute_url }}" target="_blank">{{ att.name }}</a></td>
{% if perms.scipost.can_manage_subsidies or "can_view_org_contacts" in user_org_perms %}
- <td>{% if att.publicly_visible %}<i class="fa fa-check-circle text-success"></i>{% else %}<i class="fa fa-times-circle text-danger"></i>{% endif %}</td>
+ <td>{% if att.publicly_visible %}<i class="fa fa-check-circle text-success"></i>{% else %}<i class="fa fa-times-circle text-danger"></i>{% endif %} <a href="{% url 'finances:subsidy_attachment_toggle_public_visibility' attachment_id=att.id %}" class="small">Make it {% if att.publicly_visible %}in{% endif %}visible</a></td>
{% if perms.scipost.can_manage_subsidies %}
<td><a href="{% url 'finances:subsidyattachment_update' pk=att.id %}"><span class="text-warning">Update</span></a></td>
<td><a href="{% url 'finances:subsidyattachment_delete' pk=att.id %}"><span class="text-danger">Delete</span></a></td>
diff --git a/finances/urls.py b/finances/urls.py
index dd19ee96e037d62437157afd3b1331b0b8a06cf5..1d85d1dd24f33bda72d50d5b3b7ac304feb62497 100644
--- a/finances/urls.py
+++ b/finances/urls.py
@@ -18,8 +18,6 @@ urlpatterns = [
url(r'^subsidies/(?P<pk>[0-9]+)/delete/$', views.SubsidyDeleteView.as_view(),
name='subsidy_delete'),
url(r'^subsidies/(?P<pk>[0-9]+)/$', views.SubsidyDetailView.as_view(), name='subsidy_details'),
- url(r'^subsidies/(?P<subsidy_id>[0-9]+)/attachments/(?P<attachment_id>[0-9]+)$',
- views.subsidy_attachment, name='subsidy_attachment'),
url(r'^subsidies/(?P<subsidy_id>[0-9]+)/attachments/add/$',
views.SubsidyAttachmentCreateView.as_view(),
name='subsidyattachment_create'),
@@ -29,6 +27,11 @@ urlpatterns = [
url(r'^subsidies/attachments/(?P<pk>[0-9]+)/delete/$',
views.SubsidyAttachmentDeleteView.as_view(),
name='subsidyattachment_delete'),
+ url(r'^subsidies/attachments/(?P<attachment_id>[0-9]+)/toggle_visibility/$',
+ views.subsidy_attachment_toggle_public_visibility,
+ name='subsidy_attachment_toggle_public_visibility'),
+ url(r'^subsidies/(?P<subsidy_id>[0-9]+)/attachments/(?P<attachment_id>[0-9]+)$',
+ views.subsidy_attachment, name='subsidy_attachment'),
# Timesheets
url(r'^timesheets$', views.timesheets, name='timesheets'),
diff --git a/finances/views.py b/finances/views.py
index 1b77c1e85f53ff60d5c16290424a9948110f902c..4addb6a7e4b0655d8dc31cce92bd4ebb086c1984 100644
--- a/finances/views.py
+++ b/finances/views.py
@@ -10,7 +10,7 @@ from django.contrib.auth.mixins import LoginRequiredMixin
from django.core.exceptions import PermissionDenied
from django.core.urlresolvers import reverse_lazy
from django.http import Http404, HttpResponse
-from django.shortcuts import get_object_or_404, render
+from django.shortcuts import get_object_or_404, render, redirect
from django.views.generic.detail import DetailView
from django.views.generic.edit import CreateView, UpdateView, DeleteView
from django.views.generic.list import ListView
@@ -142,6 +142,21 @@ class SubsidyAttachmentDeleteView(PermissionsMixin, DeleteView):
return reverse_lazy('finances:subsidy_details', kwargs={'pk': self.object.subsidy.id})
+def subsidy_attachment_toggle_public_visibility(request, attachment_id):
+ """
+ Method to toggle the public visibility of an attachment to a Subsidy.
+ Callable by Admin and Contacts for the relevant Organization.
+ """
+ attachment = get_object_or_404(SubsidyAttachment, pk=attachment_id)
+ if not (request.user.has_perm('scipost.can_manage_subsidies') or
+ request.user.has_perm('can_view_org_contacts', attachment.subsidy.organization)):
+ raise PermissionDenied
+ attachment.publicly_visible = not attachment.publicly_visible
+ attachment.save()
+ messages.success(request, 'Attachment visibility set to %s' % attachment.publicly_visible)
+ return redirect(attachment.subsidy.get_absolute_url())
+
+
def subsidy_attachment(request, subsidy_id, attachment_id):
attachment = get_object_or_404(SubsidyAttachment.objects,
subsidy__id=subsidy_id, id=attachment_id)