From 48e6f7cc104b113e01bc87872793fce758e31fb7 Mon Sep 17 00:00:00 2001
From: Fredrik Jonsson <frjo@xdeb.org>
Date: Tue, 23 Apr 2019 09:09:00 +0200
Subject: [PATCH] Allow review author to delete a review. Review object have no
title so just use object in template to write out str value.
---
.../templates/review/review_confirm_delete.html | 4 ++--
.../review/templates/review/review_detail.html | 16 ++++++++--------
opentech/apply/review/views.py | 11 ++++++++---
3 files changed, 18 insertions(+), 13 deletions(-)
diff --git a/opentech/apply/review/templates/review/review_confirm_delete.html b/opentech/apply/review/templates/review/review_confirm_delete.html
index 227b09d50..5084d5cc4 100644
--- a/opentech/apply/review/templates/review/review_confirm_delete.html
+++ b/opentech/apply/review/templates/review/review_confirm_delete.html
@@ -1,11 +1,11 @@
{% extends "base-apply.html" %}
-{% block title %}Deleting: {{object.title }}{% endblock %}
+{% block title %}Deleting: {{ object }}{% endblock %}
{% block content %}
<div class="admin-bar">
<div class="admin-bar__inner">
- <h2 class="heading heading--no-margin">Deleting: {{ object.title }}</h2>
+ <h2 class="heading heading--no-margin">Deleting: {{ object }}</h2>
</div>
</div>
diff --git a/opentech/apply/review/templates/review/review_detail.html b/opentech/apply/review/templates/review/review_detail.html
index 75f0743e0..cfbdd6f33 100644
--- a/opentech/apply/review/templates/review/review_detail.html
+++ b/opentech/apply/review/templates/review/review_detail.html
@@ -24,6 +24,14 @@
<svg class="icon icon--eye"><use xlink:href="#eye"></use></svg>
{{ review.get_visibility_display }}
</div>
+ {% if perms.funds.delete_review or request.user == review.author %}
+ <div>
+ <a class="link link--delete-review is-active" href="{% url 'apply:submissions:reviews:delete' submission_pk=object.submission.id pk=object.id %}">
+ Delete
+ <svg class="icon icon--delete"><use xlink:href="#delete"></use></svg>
+ </a>
+ </div>
+ {% endif %}
{% if not review.for_latest %}
<div>
<h5>Review was not against the latest version:</h5>
@@ -32,14 +40,6 @@
</p>
</div>
{% endif %}
- {% if perms.funds.delete_review %}
- <div>
- <a class="link link--delete-review is-active" href="{% url 'apply:submissions:reviews:delete' submission_pk=object.submission.id pk=object.id %}">
- Delete
- <svg class="icon icon--delete"><use xlink:href="#delete"></use></svg>
- </a>
- </div>
- {% endif %}
</div>
<div class="rich-text rich-text--answers">
diff --git a/opentech/apply/review/views.py b/opentech/apply/review/views.py
index cd7721378..c069a06b8 100644
--- a/opentech/apply/review/views.py
+++ b/opentech/apply/review/views.py
@@ -1,6 +1,7 @@
from collections import defaultdict
-from django.contrib.auth.decorators import login_required, permission_required
+from django.contrib.auth.decorators import login_required
+from django.contrib.auth.mixins import UserPassesTestMixin
from django.core.exceptions import PermissionDenied
from django.http import HttpResponseRedirect
from django.shortcuts import get_object_or_404
@@ -282,9 +283,13 @@ class ReviewListView(ListView):
)
-@method_decorator(permission_required('review.delete_review', raise_exception=True), name='dispatch')
-class ReviewDeleteView(DeleteView):
+class ReviewDeleteView(UserPassesTestMixin, DeleteView):
model = Review
+ raise_exception = True
+
+ def test_func(self):
+ review = self.get_object()
+ return self.request.user.has_perm('review.delete_review') or self.request.user == review.author
def delete(self, request, *args, **kwargs):
review = self.get_object()
--
GitLab