From 1e5f3faf021a6a814649c12da7ffa02d120af5c3 Mon Sep 17 00:00:00 2001
From: Parbhat Puri <parbhatpuri17@gmail.com>
Date: Sat, 16 Feb 2019 17:33:23 +0530
Subject: [PATCH] Allow partners to view submission detail for which they are
 added as partner

---
 opentech/apply/funds/views.py  | 5 +++++
 opentech/apply/users/models.py | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/opentech/apply/funds/views.py b/opentech/apply/funds/views.py
index 53cf5217e..22356b94b 100644
--- a/opentech/apply/funds/views.py
+++ b/opentech/apply/funds/views.py
@@ -328,6 +328,11 @@ class AdminSubmissionDetailView(ReviewContextMixin, ActivityContextMixin, Delega
 
     def dispatch(self, request, *args, **kwargs):
         submission = self.get_object()
+        # Only allow partners in the submission they are added as partners
+        if request.user.is_partner:
+            partner_has_access = submission.partners.filter(pk=request.user.pk).exists()
+            if not partner_has_access:
+                raise PermissionDenied
         redirect = SubmissionSealedView.should_redirect(request, submission)
         return redirect or super().dispatch(request, *args, **kwargs)
 
diff --git a/opentech/apply/users/models.py b/opentech/apply/users/models.py
index 5dd11fdda..107f96633 100644
--- a/opentech/apply/users/models.py
+++ b/opentech/apply/users/models.py
@@ -103,7 +103,7 @@ class User(AbstractUser):
 
     @cached_property
     def is_applicant(self):
-        return not self.is_apply_staff and not self.is_reviewer
+        return not self.is_apply_staff and not self.is_reviewer and not self.is_partner
 
     class Meta:
         ordering = ('full_name', 'email')
-- 
GitLab