From eee2be2de6619ab816951b300f1ff9ab8ceecd1a Mon Sep 17 00:00:00 2001
From: Jorran de Wit <jorrandewit@outlook.com>
Date: Wed, 1 Nov 2017 22:24:59 +0100
Subject: [PATCH] Lock it

---
 affiliations/models.py                                    | 2 +-
 affiliations/views.py                                     | 5 +++++
 scipost/management/commands/add_groups_and_permissions.py | 7 +++++++
 scipost/models.py                                         | 2 +-
 scipost/templates/scipost/personal_page.html              | 6 +++++-
 5 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/affiliations/models.py b/affiliations/models.py
index 974921535..37d2365ca 100644
--- a/affiliations/models.py
+++ b/affiliations/models.py
@@ -25,4 +25,4 @@ class Affiliation(models.Model):
         return '{name} ({country})'.format(name=self.name, country=self.get_country_display())
 
     def get_absolute_url(self):
-        return reverse('affiliations:affiliation_details', args=(self.object.id,))
+        return reverse('affiliations:affiliation_details', args=(self.id,))
diff --git a/affiliations/views.py b/affiliations/views.py
index bae15ec4b..09167354f 100644
--- a/affiliations/views.py
+++ b/affiliations/views.py
@@ -1,6 +1,8 @@
 from django.shortcuts import redirect
 from django.contrib import messages
+from django.contrib.auth.decorators import permission_required
 from django.urls import reverse
+from django.utils.decorators import method_decorator
 from django.views.generic.edit import UpdateView
 from django.views.generic.list import ListView
 from django.shortcuts import get_object_or_404
@@ -9,11 +11,13 @@ from .forms import AffiliationMergeForm
 from .models import Affiliation
 
 
+@method_decorator(permission_required('scipost.can_manage_affiliations'), name='dispatch')
 class AffiliationListView(ListView):
     model = Affiliation
     paginate_by = 100
 
 
+@method_decorator(permission_required('scipost.can_manage_affiliations'), name='dispatch')
 class AffiliationUpdateView(UpdateView):
     model = Affiliation
     pk_url_kwarg = 'affiliation_id'
@@ -33,6 +37,7 @@ class AffiliationUpdateView(UpdateView):
         return super().form_valid(*args, **kwargs)
 
 
+@permission_required('scipost.can_manage_affiliations')
 def merge_affiliations(request, affiliation_id):
     """
     Merge Affiliation (affiliation_id) into the Affliation chosen in the form.
diff --git a/scipost/management/commands/add_groups_and_permissions.py b/scipost/management/commands/add_groups_and_permissions.py
index f94c68084..1b99ccf50 100644
--- a/scipost/management/commands/add_groups_and_permissions.py
+++ b/scipost/management/commands/add_groups_and_permissions.py
@@ -262,6 +262,12 @@ class Command(BaseCommand):
             name='Can view timesheets',
             content_type=content_type)
 
+        # Affiliations administration
+        can_manage_affiliations, created = Permission.objects.get_or_create(
+            codename='can_manage_affiliations',
+            name='Can manage affiliations',
+            content_type=content_type)
+
         # Mailchimp
         can_manage_mailchimp, created = Permission.objects.get_or_create(
             codename='can_manage_mailchimp',
@@ -293,6 +299,7 @@ class Command(BaseCommand):
             can_manage_mailchimp,
             can_view_all_production_streams,
             can_promote_to_production_team,
+            can_manage_affiliations,
         ])
 
         FinancialAdmin.permissions.set([
diff --git a/scipost/models.py b/scipost/models.py
index 813cb7caf..d16a28a8b 100644
--- a/scipost/models.py
+++ b/scipost/models.py
@@ -227,7 +227,7 @@ class RegistrationInvitation(models.Model):
 
 
 class CitationNotification(models.Model):
-    contributor = models.ForeignKey(Contributor, on_delete=models.CASCADE)
+    contributor = models.ForeignKey('scipost.Contributor', on_delete=models.CASCADE)
     cited_in_submission = models.ForeignKey('submissions.Submission',
                                             on_delete=models.CASCADE,
                                             blank=True, null=True)
diff --git a/scipost/templates/scipost/personal_page.html b/scipost/templates/scipost/personal_page.html
index c46cb0555..f6626aed7 100644
--- a/scipost/templates/scipost/personal_page.html
+++ b/scipost/templates/scipost/personal_page.html
@@ -314,6 +314,11 @@
                                     <li><a href="{% url 'mailing_lists:overview' %}">Manage mailing lists</a></li>
                                 {% endif %}
                             </ul>
+
+                            <h3>SciPost Administation</h3>
+                            <ul>
+                                <li><a href="{% url 'affiliations:affiliations' %}">Manage Affiliations database</a></li>
+                            </ul>
                         {% endif %}
 
                         {% if perms.scipost.can_view_timesheets %}
@@ -354,7 +359,6 @@
                               <li><a href="{% url 'submissions:pool' %}">Submissions Pool</a></li>
                               <li><a href="{% url 'submissions:treated_submissions_list' %}">Fully treated Submissions</a>{% if nr_treated_submissions_without_pdf %} ({{nr_treated_submissions_without_pdf}} unfinished){% endif %}</li>
                               <li><a href="{% url 'journals:harvest_citedby_list' %}">Harvest citedby data</a></li>
-                              <li><a href="{% url 'affiliations:affiliations' %}">Manage Affiliations</a></li>
                               <li><a href="{% url 'journals:manage_comment_metadata' %}">Manage Comment metadata</a></li>
                               <li><a href="{% url 'colleges:fellowships' %}">Manage Fellowships</a></li>
                               <li><a href="{% url 'journals:manage_metadata' %}">Manage Publication metadata</a></li>
-- 
GitLab