From 92070ec28234c20a06e744462278e6adc8e658a0 Mon Sep 17 00:00:00 2001 From: fuzzylogic2000 Date: Mon, 19 Sep 2022 17:07:28 +0200 Subject: [PATCH] apps/votes/dashboard: show code generation only to admins --- meinberlin/apps/votes/dashboard.py | 1 + meinberlin/apps/votes/views.py | 2 +- .../a4dashboard/includes/nav_modules_item.html | 2 ++ .../dashboard_components/test_token_generation.py | 13 ++++++++----- 4 files changed, 12 insertions(+), 6 deletions(-) diff --git a/meinberlin/apps/votes/dashboard.py b/meinberlin/apps/votes/dashboard.py index 8c564b51fb..887987865e 100644 --- a/meinberlin/apps/votes/dashboard.py +++ b/meinberlin/apps/votes/dashboard.py @@ -38,6 +38,7 @@ class GenerateVotesComponent(DashboardComponent): identifier = 'voting_token_generation' weight = 49 label = _('Generate voting codes') + for_superuser_only = True def is_effective(self, module): return module.blueprint_type == 'PB3' diff --git a/meinberlin/apps/votes/views.py b/meinberlin/apps/votes/views.py index dba8363797..f48ff12e1a 100644 --- a/meinberlin/apps/votes/views.py +++ b/meinberlin/apps/votes/views.py @@ -111,7 +111,7 @@ class VotingGenerationDashboardView( 'You are allowed to generate {} more.'), _('Only {} tokens are allowed per module. ' 'You are allowed to generate {} more.')) - permission_required = 'a4projects.change_project' + permission_required = 'is_superuser' template_name = 'meinberlin_votes/voting_code_dashboard.html' def _get_number_of_tokens(self): diff --git a/meinberlin/templates/a4dashboard/includes/nav_modules_item.html b/meinberlin/templates/a4dashboard/includes/nav_modules_item.html index 755136aed8..f0e07b69ac 100644 --- a/meinberlin/templates/a4dashboard/includes/nav_modules_item.html +++ b/meinberlin/templates/a4dashboard/includes/nav_modules_item.html @@ -23,6 +23,7 @@
diff --git a/tests/votes/dashboard_components/test_token_generation.py b/tests/votes/dashboard_components/test_token_generation.py index 9ad42e3b2e..b38cad095d 100644 --- a/tests/votes/dashboard_components/test_token_generation.py +++ b/tests/votes/dashboard_components/test_token_generation.py @@ -16,7 +16,7 @@ @patch('meinberlin.apps.votes.tasks.BATCH_SIZE', 10) @pytest.mark.django_db def test_token_generate_view(client, phase_factory, module_factory, - voting_token_factory): + voting_token_factory, admin): phase, module, project, item = setup_phase( phase_factory, None, VotingPhase) other_module = module_factory() @@ -25,10 +25,15 @@ def test_token_generate_view(client, phase_factory, module_factory, voting_token_factory(module=module, is_active=False) voting_token_factory(module=other_module) + # initiator cannot access token generation view initiator = module.project.organisation.initiators.first() url = component.get_base_url(module) client.login(username=initiator.email, password='password') response = client.get(url) + assert response.status_code == 403 + # admin can access view and generate tokens + client.login(username=admin.email, password='password') + response = client.get(url) assert response.status_code == 200 assert 'number_of_module_tokens' in response.context number_of_module_tokens = response.context['number_of_module_tokens'] @@ -55,16 +60,14 @@ def test_token_generate_view(client, phase_factory, module_factory, @patch('meinberlin.apps.votes.views.TOKENS_PER_MODULE', 5) @pytest.mark.django_db def test_token_generate_view_max_validation( - client, phase_factory, voting_token_factory, rf): + client, phase_factory, voting_token_factory, rf, admin): phase, module, project, item = setup_phase( phase_factory, None, VotingPhase) - initiator = module.project.organisation.initiators.first() voting_token_factory(module=module) voting_token_factory(module=module) - initiator = module.project.organisation.initiators.first() url = component.get_base_url(module) - client.login(username=initiator.email, password='password') + client.login(username=admin.email, password='password') data = { 'number_of_tokens': 5 }