Skip to content
Snippets Groups Projects
Commit 6bceaa0b authored by Parbhat Puri's avatar Parbhat Puri
Browse files

GH-1147: Allow partners, community reviewers to access reviews in reviewers visibility

parent 2a649d74
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
opentech/apply/funds/templates/funds/includes/review_sidebar_item.html
+ 1
1
View file @ 6bceaa0b
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
<div>-</div> <div>-</div>
<div>-</div> <div>-</div>
{% else %} {% else %}
{% if request.user == reviewer or request.user.is_reviewer and review.reviewer_visibility or request.user.is_apply_staff %} {% if request.user == reviewer or request.user.is_reviewer and review.reviewer_visibility or request.user.is_partner and review.reviewer_visibility or request.user.is_community_reviewer and review.reviewer_visibility or request.user.is_apply_staff %}
<div> <div>
<a href="{% url 'apply:submissions:reviews:review' submission_pk=review.submission.id pk=review.id %}"> <a href="{% url 'apply:submissions:reviews:review' submission_pk=review.submission.id pk=review.id %}">
<div class="reviews-sidebar__name"> <div class="reviews-sidebar__name">
......
opentech/apply/review/views.py
+ 13
2
View file @ 6bceaa0b
...@@ -171,9 +171,20 @@ class ReviewDisplay(DetailView): ...@@ -171,9 +171,20 @@ class ReviewDisplay(DetailView):
review = self.get_object() review = self.get_object()
user = request.user user = request.user
author = review.author author = review.author
submission = review.submission
partner_has_access = submission.partners.filter(pk=request.user.pk).exists()
if user != author and not (user.is_reviewer and review.reviewer_visibility) and not user.is_apply_staff: if user.is_reviewer and not user.is_apply_staff:
raise PermissionDenied if user != author and not review.reviewer_visibility:
raise PermissionDenied
elif user.is_partner:
if user != author and not (partner_has_access and review.reviewer_visibility):
raise PermissionDenied
elif user.is_community_reviewer:
if user != author and not (submission.community_review and review.reviewer_visibility):
raise PermissionDenied
if review.is_draft: if review.is_draft:
return HttpResponseRedirect(reverse_lazy('apply:submissions:reviews:form', args=(review.submission.id,))) return HttpResponseRedirect(reverse_lazy('apply:submissions:reviews:form', args=(review.submission.id,)))
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment