From e322e786d6961f852517fed40355b0cd767d842b Mon Sep 17 00:00:00 2001
From: Todd Dembrey <todd.dembrey@torchbox.com>
Date: Wed, 7 Mar 2018 16:15:19 +0000
Subject: [PATCH] Provide a way to filter what users can see

---
 opentech/apply/activity/forms.py  |  8 ++++++++
 opentech/apply/activity/models.py | 12 ++++++++++++
 opentech/apply/activity/views.py  |  4 ++--
 opentech/apply/funds/forms.py     |  2 ++
 opentech/apply/utils/views.py     | 11 ++++++++---
 5 files changed, 32 insertions(+), 5 deletions(-)

diff --git a/opentech/apply/activity/forms.py b/opentech/apply/activity/forms.py
index 180975a03..fd857e845 100644
--- a/opentech/apply/activity/forms.py
+++ b/opentech/apply/activity/forms.py
@@ -13,3 +13,11 @@ class CommentForm(forms.ModelForm):
         widgets = {
             'visibility': forms.RadioSelect(),
         }
+
+    def __init__(self, *args, user=None, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.visibility_choices = self._meta.model.visibility_choices_for(user)
+        if len(self.visibility_choices) > 1:
+            self.fields['visibility'].choices = self.visibility_choices
+        else:
+            self.fields['visibility'].widget = forms.HiddenInput()
diff --git a/opentech/apply/activity/models.py b/opentech/apply/activity/models.py
index 9ae8a7d59..a052f0422 100644
--- a/opentech/apply/activity/models.py
+++ b/opentech/apply/activity/models.py
@@ -56,3 +56,15 @@ class Activity(models.Model):
 
     def __str__(self):
         return '{}: for "{}"'.format(self.get_type_display(), self.submission)
+
+
+    @classmethod
+    def visibility_for(cls, user):
+        if user.is_apply_staff:
+            return [PUBLIC, INTERNAL]
+        return [PUBLIC]
+
+
+    @classmethod
+    def visibility_choices_for(cls, user):
+        return [(choice, VISIBILITY[choice]) for choice in cls.visibility_for(user)]
diff --git a/opentech/apply/activity/views.py b/opentech/apply/activity/views.py
index 87b74748d..c0f42b5b3 100644
--- a/opentech/apply/activity/views.py
+++ b/opentech/apply/activity/views.py
@@ -43,6 +43,6 @@ class CommentFormView(DelegatedViewMixin, CreateView):
         return self.object.submission.get_absolute_url() + '#communications'
 
     @classmethod
-    def contribute_form(cls, submission):
+    def contribute_form(cls, submission, user):
         # We dont want to pass the submission as the instance
-        return super().contribute_form(None)
+        return super().contribute_form(None, user=user)
diff --git a/opentech/apply/funds/forms.py b/opentech/apply/funds/forms.py
index 620234f5f..ecb4996be 100644
--- a/opentech/apply/funds/forms.py
+++ b/opentech/apply/funds/forms.py
@@ -11,6 +11,7 @@ class ProgressSubmissionForm(forms.ModelForm):
         fields: list = []
 
     def __init__(self, *args, **kwargs):
+        kwargs.pop('user')
         super().__init__(*args, **kwargs)
         choices = [(action, action) for action in self.instance.phase.action_names]
         action_field = self.fields['action']
@@ -29,6 +30,7 @@ class UpdateSubmissionLeadForm(forms.ModelForm):
         fields = ('lead',)
 
     def __init__(self, *args, **kwargs):
+        kwargs.pop('user')
         super().__init__(*args, **kwargs)
         lead_field = self.fields['lead']
         lead_field.label = f'Update lead from { self.instance.lead } to'
diff --git a/opentech/apply/utils/views.py b/opentech/apply/utils/views.py
index fa435b4e3..ea9c48876 100644
--- a/opentech/apply/utils/views.py
+++ b/opentech/apply/utils/views.py
@@ -22,7 +22,7 @@ class ViewDispatcher(View):
 class DelegateableView(DetailView):
     """A view which passes its context to child form views to allow them to post to the same URL """
     def get_context_data(self, **kwargs):
-        forms = dict(form_view.contribute_form(self.object) for form_view in self.form_views.values())
+        forms = dict(form_view.contribute_form(self.object, self.request.user) for form_view in self.form_views.values())
         return super().get_context_data(
             **forms,
             **kwargs,
@@ -48,6 +48,11 @@ class DelegatedViewMixin(View):
     def get_template_names(self):
         return self.kwargs['template_names']
 
+    def get_form_kwargs(self):
+        kwargs = super().get_form_kwargs()
+        kwargs['user'] = self.request.user
+        return kwargs
+
     def get_context_data(self, **kwargs):
         # Use the previous context but override the validated form
         form = kwargs.pop('form')
@@ -56,5 +61,5 @@ class DelegatedViewMixin(View):
         return super().get_context_data(**kwargs)
 
     @classmethod
-    def contribute_form(cls, submission):
-        return cls.context_name, cls.form_class(instance=submission)
+    def contribute_form(cls, submission, user):
+        return cls.context_name, cls.form_class(instance=submission, user=user)
-- 
GitLab