Skip to content

Commit

Permalink
fix: speakers can't be edited after the cfs ends
Browse files Browse the repository at this point in the history
  • Loading branch information
Travis CI committed Jan 20, 2020
1 parent ceb867e commit 110d5d1
Show file tree
Hide file tree
Showing 4 changed files with 34 additions and 7 deletions.
23 changes: 23 additions & 0 deletions app/api/helpers/speaker.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
from app.models.speakers_call import SpeakersCall
from app.api.helpers.permission_manager import has_access
from datetime import datetime
from app.api.helpers.exceptions import ForbiddenException


def can_edit_after_cfs_ends(event_id):
"""
Method to check that user has permission to edit the speaker or session
after the CFS ends
"""
speakers_call = SpeakersCall.query.filter_by(event_id=event_id).one()
if speakers_call:
speakers_call_tz = speakers_call.ends_at.tzinfo
if speakers_call.ends_at <= datetime.now().replace(tzinfo=speakers_call_tz) \
and not (has_access('is_admin') or has_access('is_organizer', event_id=event_id) or
has_access('is_coorganizer', event_id=event_id)):
return False
else:
return True
else:
raise ForbiddenException({'source': '/data/event-id'},
'Speaker Calls for event {id} not found'.format(id=event_id))
9 changes: 2 additions & 7 deletions app/api/sessions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
from app.api.helpers.notification import send_notif_new_session_organizer, send_notif_session_accept_reject
from app.api.helpers.permission_manager import has_access
from app.api.helpers.query import event_query
from app.api.helpers.speaker import can_edit_after_cfs_ends
from app.api.helpers.utilities import require_relationship
from app.api.schema.sessions import SessionSchema
from app.models import db
Expand All @@ -17,8 +18,6 @@
from app.models.session_type import SessionType
from app.models.speaker import Speaker
from app.models.track import Track
from app.models.speakers_call import SpeakersCall
from datetime import datetime
from app.models.user import User
from app.models.session_speaker_link import SessionsSpeakersLink
from app.settings import get_settings
Expand Down Expand Up @@ -150,11 +149,7 @@ def before_update_object(self, session, data, view_kwargs):
if session.is_locked and data.get('is_locked') == session.is_locked:
raise ForbiddenException({'source': '/data/attributes/is-locked'}, "Locked sessions cannot be edited")

speakers_call = safe_query(self, SpeakersCall, 'event_id', session.event_id, 'event-id')
speakers_call_tz = speakers_call.ends_at.tzinfo
if speakers_call.ends_at <= datetime.now().replace(tzinfo=speakers_call_tz) and \
not (has_access('is_admin') or has_access('is_organizer', event_id=session.event_id) or
has_access('is_coorganizer', event_id=session.event_id)):
if not can_edit_after_cfs_ends(session.event_id):
raise ForbiddenException({'source': ''},
"Cannot edit session after the call for speaker is ended")

Expand Down
5 changes: 5 additions & 0 deletions app/api/speakers.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
from app.api.helpers.permission_manager import has_access
from app.api.helpers.query import event_query
from app.api.helpers.utilities import require_relationship
from app.api.helpers.speaker import can_edit_after_cfs_ends
from app.api.schema.speakers import SpeakerSchema
from app.models import db
from app.models.event import Event
Expand Down Expand Up @@ -132,6 +133,10 @@ def before_update_object(self, speaker, data, view_kwargs):
:param view_kwargs:
:return:
"""
if not can_edit_after_cfs_ends(speaker.event_id):
raise ForbiddenException({'source': ''},
"Cannot edit speaker after the call for speaker is ended")

if data.get('photo_url') and data['photo_url'] != speaker.photo_url:
start_image_resizing_tasks(speaker, data['photo_url'])

Expand Down
4 changes: 4 additions & 0 deletions tests/hook_main.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1269,6 +1269,8 @@ def speaker_patch(transaction):
"""
with stash['app'].app_context():
speaker = SpeakerFactory()
speakers_call = SpeakersCallFactory()
db.session.add(speakers_call)
db.session.add(speaker)
db.session.commit()

Expand All @@ -1282,6 +1284,8 @@ def speaker_delete(transaction):
"""
with stash['app'].app_context():
speaker = SpeakerFactory()
speakers_call = SpeakersCallFactory()
db.session.add(speakers_call)
db.session.add(speaker)
db.session.commit()

Expand Down

0 comments on commit 110d5d1

Please sign in to comment.