-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Show who can see archived submissions #3646
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added notes to make the code more modular and readable.
hypha/apply/funds/templates/funds/applicationsubmission_detail.html
Outdated
Show resolved
Hide resolved
The po and pot files I mostly update in separate PR for practical reasons. If you update po and pot files in more than one PR you tend to get merge conflicts. No problem keeping them here, good to get them updated. |
@theskumar this is great feedback, thanks a ton! I was originally working to make it more sentence-like (ie. "role, role and role") but wondered how that would impact translations if different linguistics were to come into play. If that might be an issue I can refactor my last commit. Definitely makes sense to have it more modular though. |
Reverting this back to a draft as I add features from #3389. |
…ult settings to allow Staff Admin to have all both perms
# If a user without archive edit access is somehow able to access batch archive submissions | ||
# (ie. they were looking at the submission list when permissions changed) "refresh" the page | ||
if not can_alter_archived_submissions(self.request.user): | ||
return HttpResponseRedirect(self.request.path) |
Check warning
Code scanning / CodeQL
URL redirection from remote source
# If a user without archive edit access is somehow able to access "Unarchive Submission" | ||
# (ie. they were looking at the submission when permissions changed) "refresh" the page | ||
if not can_alter_archived_submissions(self.request.user): | ||
return HttpResponseRedirect(self.request.path) |
Check warning
Code scanning / CodeQL
URL redirection from remote source
# If a user without archive edit access is somehow able to access "Archive Submission" | ||
# (ie. they were looking at the submission when permissions changed) "refresh" the page | ||
if not can_alter_archived_submissions(self.request.user): | ||
return HttpResponseRedirect(self.request.path) |
Check warning
Code scanning / CodeQL
URL redirection from remote source
@frjo @theskumar I believe this is ready to go. The only piece that is still up for discussion would be the behavior of the
Let me know your thoughts! |
Explicit is better than implicit. I would suggest going with -- |
@theskumar All sounds good! The functionality for the 403 page is pretty much mirrored from the 404. It can be customized in Wagtail admin and is triggered when any |
This was also tested in the archive context (user with staff role attempted to view an archived submission) and worked well. |
This was tested by @Techslammer & all worked as intended. The latest changes of the 403 page hadn't been deployed to test but that was a minor change that shouldn't change too much. Can retest with that if you'd prefer @frjo, otherwise I'll mark it as ready. Have a nice weekend y'all! |
Closes #3388 & Closes #3389. This PR adds an indication as to what user roles can see an archived submission based off of [existing settings](#3388 (comment)).
Closes #3388 & Closes #3389. This PR adds an indication as to what user roles can see an archived submission based off of [existing settings](#3388 (comment)).
Closes #3388 & Closes #3389.
This PR adds an indication as to what user roles can see an archived submission based off of existing settings.
Screenshots
With default Hypha settings

After updating settings to allow Staff and Staff Admin to see archives

After updating settings to only allow Staff Admin (not Staff) to see archives
