Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 15 additions & 1 deletion hypha/apply/funds/permissions.py
Original file line number Diff line number Diff line change
@@ -1,10 +1,13 @@
from django.apps import apps
from django.conf import settings
from django.core.exceptions import PermissionDenied
from django.utils.translation import gettext as _
from rolepermissions.permissions import register_object_checker

from hypha.apply.funds.models.co_applicants import CoApplicant, CoApplicantRole
from hypha.apply.funds.models.reviewer_role import ReviewerSettings
from hypha.apply.funds.models.submissions import DRAFT_STATE
from hypha.home.models import ApplyHomePage

from ..users.roles import STAFF_GROUP_NAME, SUPERADMIN, TEAMADMIN_GROUP_NAME, StaffAdmin

Expand Down Expand Up @@ -213,11 +216,22 @@ def can_view_submission(user, submission):
if (
user.is_apply_staff
or submission.user == user
or user.is_reviewer
or submission.co_applicants.filter(user=user).exists()
):
return True, ""

# By default, reviewers can see all submissions. This can be configured in Wagtail Admin > Apply > Reviewer Settings
if user.is_reviewer:
site = ApplyHomePage.objects.first().get_site()
reviewer_settings = ReviewerSettings.for_site(site)
ApplicationSubmission = apps.get_model("funds", "ApplicationSubmission")
if reviewer_settings.use_settings:
return ApplicationSubmission.objects.for_reviewer_settings(
user, reviewer_settings
).filter(pk=submission.pk).exists(), ""
else:
return True, ""

if user.is_community_reviewer and submission.community_review:
return True, ""

Expand Down
37 changes: 36 additions & 1 deletion hypha/apply/funds/tests/test_permissions.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
CoApplicantInviteStatus,
CoApplicantRole,
)
from hypha.apply.funds.models.reviewer_role import ReviewerSettings
from hypha.apply.funds.tests.factories import ApplicationSubmissionFactory
from hypha.apply.funds.workflows import DRAFT_STATE
from hypha.apply.users.tests.factories import (
Expand All @@ -18,6 +19,7 @@
StaffFactory,
UserFactory,
)
from hypha.home.factories import ApplySiteFactory

from ..permissions import (
can_access_drafts,
Expand Down Expand Up @@ -221,12 +223,45 @@ def test_submission_owner_can_view(self):
result, _ = can_view_submission(applicant, submission)
self.assertTrue(result)

def test_reviewer_can_view(self):
def test_reviewer_can_view_by_default(self):
reviewer = ReviewerFactory()
submission = ApplicationSubmissionFactory()
result, _ = can_view_submission(reviewer, submission)
self.assertTrue(result)

# Basic tests to ensure functionality, more in-depth tests happen in hypha/apply/funds/tests/test_views.py::TestReviewerSubmissionView
def test_reviewer_cannot_view_unassigned_when_configured(self):
reviewer = ReviewerFactory()
apply_site = ApplySiteFactory()
reviewer_settings, _ = ReviewerSettings.objects.get_or_create(
site_id=apply_site.id
)
reviewer_settings.use_settings = True
reviewer_settings.submission = "all"
reviewer_settings.outcome = "all"
reviewer_settings.assigned = True
reviewer_settings.save()

submission = ApplicationSubmissionFactory()
result, _ = can_view_submission(reviewer, submission)
self.assertFalse(result)

def test_reviewer_can_view_assigned_when_configured(self):
reviewer = ReviewerFactory()
apply_site = ApplySiteFactory()
reviewer_settings, _ = ReviewerSettings.objects.get_or_create(
site_id=apply_site.id
)
reviewer_settings.use_settings = True
reviewer_settings.submission = "all"
reviewer_settings.outcome = "all"
reviewer_settings.assigned = True
reviewer_settings.save()

submission = ApplicationSubmissionFactory(reviewers=[reviewer])
result, _ = can_view_submission(reviewer, submission)
self.assertTrue(result)

def test_unrelated_user_cannot_view(self):
user = UserFactory()
submission = ApplicationSubmissionFactory()
Expand Down
4 changes: 1 addition & 3 deletions hypha/apply/funds/views/all.py
Original file line number Diff line number Diff line change
Expand Up @@ -129,13 +129,11 @@ def submissions_all(
else:
qs = ApplicationSubmission.objects.current()

# Reviewers also have access to this view but should only see a subset of submissions.
# By default, reviewers can see all submissions. This can be configured in Wagtail Admin > Apply > Reviewer Settings
if request.user.is_reviewer:
reviewer_settings = ReviewerSettings.for_request(request)
if reviewer_settings.use_settings:
qs = qs.for_reviewer_settings(request.user, reviewer_settings)
else:
qs = qs.filter(reviewers=request.user)

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was good to get cleared up.


if not can_access_drafts or not show_drafts:
qs = qs.exclude_draft()
Expand Down
10 changes: 0 additions & 10 deletions hypha/apply/funds/views/submission_detail.py
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,6 @@

from ..models import (
ApplicationSubmission,
ReviewerSettings,
)
from ..permissions import (
can_alter_archived_submissions,
Expand Down Expand Up @@ -142,15 +141,6 @@ def dispatch(self, request, *args, **kwargs):
"submission_view", request.user, object=submission, raise_exception=True
)

reviewer_settings = ReviewerSettings.for_request(request)
if reviewer_settings.use_settings:
queryset = ApplicationSubmission.objects.for_reviewer_settings(
request.user, reviewer_settings
)
# Reviewer can't view submission which is not listed in ReviewerSubmissionsTable
if not queryset.filter(id=submission.id).exists():
raise PermissionDenied

return super().dispatch(request, *args, **kwargs)


Expand Down