hackerspace-ntnu · CJGutz · Apr 11, 2022 · Apr 11, 2022 · Apr 11, 2022 · Sep 1, 2022
diff --git a/news/admin.py b/news/admin.py
@@ -6,7 +6,7 @@
 @admin.register(Event)
 class Eventadmin(admin.ModelAdmin):
     fieldsets = [
-        ("Article", {"fields": ["title", "main_content"]}),
+        ("Article", {"fields": ["title", "main_content", "responsible"]}),
         ("Ingress", {"fields": ["ingress_content"]}),
         (
             "Dates",

diff --git a/news/templates/news/_event_admin_menu.html b/news/templates/news/_event_admin_menu.html
@@ -26,7 +26,7 @@ <h5>Administrator-meny</h5>
 							</a>
 						</li>
 					{% endif %}
-					{% if perms.news.delete_event %}
+					{% if perms.news.delete_event or is_author_or_responsible %}
 					<li class="collection-item"><a href="/events/{{ event.id }}/delete" class="modal-trigger hs-red-text">
                         <i class="material-icons">delete</i>
                         <span class="collection-icon-text">Slett arrangement</span></a>

diff --git a/news/templates/news/article.html b/news/templates/news/article.html
@@ -57,7 +57,7 @@ <h5>Administrator-meny</h5>
 				<div class="col s12">
 					<ul class='collection'>
 						<li class="collection-item"><a href="{% url 'news:edit' article.id %}"><i class="material-icons">edit</i><span class="collection-icon-text">Rediger artikkel</span></a></li>
-						{% if perms.news.delete_article %}
+						{% if perms.news.delete_article or is_author %}
 						<li class="collection-item"><a href="{% url 'news:delete' article.id %}" class="modal-trigger hs-red-text"><i class="material-icons">delete</i><span class="collection-icon-text">Slett artikkel</span></a></li>
 						{% endif %}
 					</ul>

diff --git a/news/templates/news/edit_event.html b/news/templates/news/edit_event.html
@@ -84,6 +84,10 @@ <h5>Generelt</h5>
                             {{ form.responsible }}
                             <label for="id_responsible">{{ form.responsible.label }}</label>
                             <span class="helper-text hs-red-text">{{ form.responsible.errors }}</span>
+                        {% if not is_author_or_responsible %}
+                            <p class="helper-text hs-red-text">Kun den ansvarlige og forfatteren av dette 
+                                    arrangementet kan endre på den ansvarlige</p>
+                        {% endif %}
                         </div>
                         <div class="input-field col s12 m6">
                             <i class="material-icons prefix">date_range</i>

diff --git a/news/views.py b/news/views.py
@@ -56,31 +56,36 @@ def dispatch(self, request, *args, **kwargs):
         return super(EventView, self).dispatch(request, *args, **kwargs)
 
     def get_context_data(self, **kwargs):
+        user = self.request.user
+
         context_data = super().get_context_data(**kwargs)
         context_data["userstatus"] = "ikke pålogget"
         context_data["expired_event"] = datetime.now() > self.object.time_end
         context_data[
             "food_preferences"
         ] = self.object.get_food_preferences_of_registered()
 
-        if self.request.user.is_authenticated:
-            context_data["userstatus"] = self.object.userstatus(self.request.user)
-            if self.object.is_waiting(self.request.user):
+        if user.is_authenticated:
+            context_data["userstatus"] = self.object.userstatus(user)
+            if self.object.is_waiting(user):
                 context_data["get_position"] = (
                     "Du er nummer "
-                    + str(self.object.get_position(user=self.request.user))
+                    + str(self.object.get_position(user=user))
                     + " på ventelisten"
                 )
             else:
                 context_data["get_position"] = "Du er ikke på ventelisten."
 
             if self.object.skills.all():
-                context_data["user_skills"] = self.request.user.profile.skills.all()
+                context_data["user_skills"] = user.profile.skills.all()
                 context_data[
                     "unreachable_skills"
-                ] = self.request.user.profile.filter_skills_reachability(
+                ] = user.profile.filter_skills_reachability(
                     self.object.skills.all(), reachable=False
                 )
+            context_data["is_author_or_responsible"] = (
+                user == self.object.author or user == self.object.responsible
+            )
 
         return context_data
 
@@ -301,6 +306,8 @@ def get_context_data(self, **kwargs):
         context["next_article"] = next_article
         context["previous_article"] = previous_article
 
+        context["is_author"] = self.request.user == self.object.author
+
         return context
 
 
@@ -313,6 +320,10 @@ class EventUpdateView(PermissionRequiredMixin, SuccessMessageMixin, UpdateView):
 
     def get_context_data(self, **kwargs):
         context = super(EventUpdateView, self).get_context_data(**kwargs)
+        context["is_author_or_responsible"] = (
+            self.request.user == self.object.author
+            or self.request.user == self.object.responsible
+        )
         if self.request.POST:
             context["uploads_form"] = uploadformset(
                 self.request.POST, self.request.FILES, instance=self.object
@@ -322,6 +333,15 @@ def get_context_data(self, **kwargs):
 
         return context
 
+    def get_form(self, *args, **kwargs):
+        form = super().get_form(*args, **kwargs)
+        if (
+            self.request.user != self.object.responsible
+            and self.request.user != self.object.author
+        ):
+            form.fields["responsible"].disabled = True
+        return form
+
     def form_valid(self, form):
         self.object = form.save(commit=False)
         context = self.get_context_data()
@@ -433,12 +453,28 @@ class ArticleDeleteView(PermissionRequiredMixin, DeleteView):
     success_url = "/news/"
     permission_required = "news.delete_article"
 
+    def has_permission(self):
+        user = self.request.user
+
+        perms = self.get_permission_required()
+        return user.has_perms(perms) or self.get_object().author == user
+
 
 class EventDeleteView(PermissionRequiredMixin, DeleteView):
     model = Event
     success_url = "/events/"
     permission_required = "news.delete_event"
 
+    def has_permission(self):
+        user = self.request.user
+
+        perms = self.get_permission_required()
+        return (
+            user.has_perms(perms)
+            or self.get_object().author == user
+            or self.get_object().responsible == user
+        )
+
 
 @login_required
 def register_on_event(request, event_id):

diff --git a/projectarchive/templates/projectarchive/article.html b/projectarchive/templates/projectarchive/article.html
@@ -54,8 +54,7 @@ <h3 class="hide-on-small-only">{{ projectarticle.title }}</h3>
 				</div>
 			</div>
 		</div>
-
-		{% if perms.projectarticle.change_projectarticle %}
+		{% if perms.projectarchive.change_projectarticle %}
 
 		<!-- Adminpanel -->
 		<div class="card-panel">
@@ -67,7 +66,7 @@ <h5>Administrator-meny</h5>
 				<div class="col s12">
 					<ul class='collection'>
 						<li class="collection-item"><a href="{% url 'projectarchive:edit' projectarticle.id %}"><i class="material-icons">edit</i><span class="collection-icon-text">Rediger artikkel</span></a></li>
-						{% if perms.projectarticle.delete_projectarticle %}
+						{% if perms.projectarchive.delete_projectarticle or is_author %}
 						<li class="collection-item"><a href="{% url 'projectarchive:delete' projectarticle.id %}" class="modal-trigger hs-red-text"><i class="material-icons">delete</i><span class="collection-icon-text">Slett artikkel</span></a></li>
 						{% endif %}
 					</ul>

diff --git a/projectarchive/views.py b/projectarchive/views.py
@@ -31,7 +31,7 @@ def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
 
         # Retrieve any user drafts if logged in
-        if self.request.user.has_perm("projectarchive.add_article"):
+        if self.request.user.has_perm("projectarchive.add_projectarticle"):
             context["drafts"] = Projectarticle.objects.order_by("-pub_date").filter(
                 author=self.request.user, draft=True
             )
@@ -63,14 +63,16 @@ def get_context_data(self, **kwargs):
 
         context = super().get_context_data(**kwargs)
 
+        context["is_author"] = self.request.user == self.object.author
+
         return context
 
 
 class ArticleCreateView(PermissionRequiredMixin, SuccessMessageMixin, CreateView):
     model = Projectarticle
     form_class = ArticleForm
     template_name = "projectarchive/edit_article.html"
-    permission_required = "projectarchive.add_article"
+    permission_required = "projectarchive.add_projectarticle"
 
     def get_success_message(self, cleaned_data):
         if self.object.draft:
@@ -89,7 +91,7 @@ class ArticleUpdateView(PermissionRequiredMixin, SuccessMessageMixin, UpdateView
     model = Projectarticle
     form_class = ArticleForm
     template_name = "projectarchive/edit_article.html"
-    permission_required = "projectarchive.change_article"
+    permission_required = "projectarchive.change_projectarticle"
     success_message = "Artikkelen er oppdatert."
 
     def get_success_url(self):
@@ -99,4 +101,11 @@ def get_success_url(self):
 class ArticleDeleteView(PermissionRequiredMixin, DeleteView):
     model = Projectarticle
     success_url = "/projectarchive/"
-    permission_required = "projectarchive.delete_article"
+    permission_required = "projectarchive.delete_projectarticle"
+
+    def has_permission(self):
+        user = self.request.user
+
+        perms = self.get_permission_required()
+        print(user, self.get_object().author)
+        return user.has_perms(perms) or self.get_object().author == user