From 75cad4697874dc1e06f1758dd9915394f7287d63 Mon Sep 17 00:00:00 2001
From: Matthew Lemon <lemon@matthewlemon.com>
Date: Mon, 25 May 2020 16:09:41 +0100
Subject: in trying to create a Stakeholder model referenced from User, have
 removed updated_by fields in other models and factories - was getting
 circular dep error

---
 ctrack/organisations/views.py | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

(limited to 'ctrack/organisations/views.py')

diff --git a/ctrack/organisations/views.py b/ctrack/organisations/views.py
index fe88728..2476453 100644
--- a/ctrack/organisations/views.py
+++ b/ctrack/organisations/views.py
@@ -1,12 +1,11 @@
-from typing import Any
-from typing import Dict
+from typing import Any, Dict
 
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.db import transaction
 from django.urls import reverse_lazy
-from django.views.generic import DetailView, ListView, CreateView
+from django.views.generic import CreateView, DetailView, ListView
 
-from .forms import OrganisationCreateForm, AddressInlineFormSet
+from .forms import AddressInlineFormSet, OrganisationCreateForm
 from .models import Organisation
 
 
@@ -27,7 +26,7 @@ class OrganisationCreate(LoginRequiredMixin, CreateView):
         context = self.get_context_data()
         addresses = context["addresses"]
         with transaction.atomic():
-            form.instance.updated_by = self.request.user
+            #            form.instance.updated_by = self.request.user REMOVED updated_by
             self.object = form.save()
             if addresses.is_valid():
                 addresses.instance = self.object
@@ -52,18 +51,18 @@ class OrganisationDetailView(LoginRequiredMixin, DetailView):
 
     def get_context_data(self, **kwargs: Any) -> Dict[str, Any]:
         context = super().get_context_data()
-        org = kwargs['object']
+        org = kwargs["object"]
         no_addr = org.addresses.count()
         if no_addr > 1:
-            context['no_addr'] = no_addr
+            context["no_addr"] = no_addr
             addr = org.addresses.all()
-            context['addr'] = addr
+            context["addr"] = addr
         else:
-            context['no_addr'] = 1
+            context["no_addr"] = 1
             addr = org.addresses.first()
-            context['addr'] = addr
+            context["addr"] = addr
         people = org.person_set.all()
-        context['people'] = people
+        context["people"] = people
         applicable_systems = org.applicablesystem_set.all()
-        context['applicable_systems'] = applicable_systems
+        context["applicable_systems"] = applicable_systems
         return context
-- 
cgit v1.2.3


From fa674ad70439cea0de962b87e5ac4c4dc0fa16f7 Mon Sep 17 00:00:00 2001
From: Matthew Lemon <lemon@matthewlemon.com>
Date: Wed, 27 May 2020 16:21:51 +0100
Subject: working through permissions issues

---
 ctrack/organisations/views.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'ctrack/organisations/views.py')

diff --git a/ctrack/organisations/views.py b/ctrack/organisations/views.py
index 2476453..7a1d105 100644
--- a/ctrack/organisations/views.py
+++ b/ctrack/organisations/views.py
@@ -1,6 +1,6 @@
 from typing import Any, Dict
 
-from django.contrib.auth.mixins import LoginRequiredMixin
+from django.contrib.auth.mixins import LoginRequiredMixin, PermissionRequiredMixin
 from django.db import transaction
 from django.urls import reverse_lazy
 from django.views.generic import CreateView, DetailView, ListView
@@ -33,12 +33,14 @@ class OrganisationCreate(LoginRequiredMixin, CreateView):
                 addresses.save()
         return super().form_valid(form)
 
-    def get_success_url(self) -> str:
+    def get_success_url(self):
         return reverse_lazy("organisations:detail", kwargs={"slug": self.object.slug})
 
 
-class OrganisationListView(LoginRequiredMixin, ListView):
+class OrganisationListView(PermissionRequiredMixin, LoginRequiredMixin, ListView):
     model = Organisation
+    raise_exeption = True
+    permission_denied_message = "Sorry. You are not authorised to view that page."
 
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
-- 
cgit v1.2.3


From d2ae7679000b6299c408d34f88a1c5c66755288c Mon Sep 17 00:00:00 2001
From: Matthew Lemon <lemon@matthewlemon.com>
Date: Wed, 27 May 2020 17:07:18 +0100
Subject: need to fix permission denied 403 tests

---
 ctrack/organisations/views.py | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

(limited to 'ctrack/organisations/views.py')

diff --git a/ctrack/organisations/views.py b/ctrack/organisations/views.py
index 7a1d105..1bccd3e 100644
--- a/ctrack/organisations/views.py
+++ b/ctrack/organisations/views.py
@@ -1,6 +1,10 @@
 from typing import Any, Dict
 
-from django.contrib.auth.mixins import LoginRequiredMixin, PermissionRequiredMixin
+from django.contrib.auth.mixins import (
+    LoginRequiredMixin,
+    PermissionRequiredMixin,
+    UserPassesTestMixin,
+)
 from django.db import transaction
 from django.urls import reverse_lazy
 from django.views.generic import CreateView, DetailView, ListView
@@ -37,10 +41,11 @@ class OrganisationCreate(LoginRequiredMixin, CreateView):
         return reverse_lazy("organisations:detail", kwargs={"slug": self.object.slug})
 
 
-class OrganisationListView(PermissionRequiredMixin, LoginRequiredMixin, ListView):
+class OrganisationListView(LoginRequiredMixin, UserPassesTestMixin, ListView):
     model = Organisation
-    raise_exeption = True
-    permission_denied_message = "Sorry. You are not authorised to view that page."
+
+    def test_func(self):
+        return self.request.user.is_staff
 
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
-- 
cgit v1.2.3


From f0d3c954ea216351c4c6018dd17e132fc4a63ee2 Mon Sep 17 00:00:00 2001
From: Matthew Lemon <lemon@matthewlemon.com>
Date: Wed, 27 May 2020 20:58:50 +0100
Subject: permissions set for OrganisationListView

---
 ctrack/organisations/views.py | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'ctrack/organisations/views.py')

diff --git a/ctrack/organisations/views.py b/ctrack/organisations/views.py
index 1bccd3e..b929de4 100644
--- a/ctrack/organisations/views.py
+++ b/ctrack/organisations/views.py
@@ -41,11 +41,9 @@ class OrganisationCreate(LoginRequiredMixin, CreateView):
         return reverse_lazy("organisations:detail", kwargs={"slug": self.object.slug})
 
 
-class OrganisationListView(LoginRequiredMixin, UserPassesTestMixin, ListView):
+class OrganisationListView(LoginRequiredMixin, PermissionRequiredMixin, ListView):
     model = Organisation
-
-    def test_func(self):
-        return self.request.user.is_staff
+    permission_required = "organisations.view_organisation"
 
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
-- 
cgit v1.2.3