Skip to content

Commit

Permalink
Improve withdrawal permissions and error handling
Browse files Browse the repository at this point in the history
The permissions on the `*withdraw` items should be `no_permissions`.
After a submission is withdrawn, nothing further should happen to it.

When `perform_transition` is called in the View, that function will
already check for valid transitions and raise an exception if needed.
So do not bother looking into the transitions, instead look directly
for the withdraw action. And expect exactly one of those, otherwise
raise an exception with details of expectations.

Issue #3296
  • Loading branch information
bickelj authored and frjo committed Aug 8, 2024
1 parent 3807d53 commit 13fc0ae
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 14 deletions.
16 changes: 11 additions & 5 deletions hypha/apply/funds/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
)
from django.contrib.auth.mixins import UserPassesTestMixin
from django.contrib.auth.models import Group
from django.core.exceptions import PermissionDenied
from django.core.exceptions import ImproperlyConfigured, PermissionDenied
from django.db.models import Count, Q
from django.forms import BaseModelForm
from django.http import (
Expand Down Expand Up @@ -1814,16 +1814,22 @@ def withdraw(self, request, *args, **kwargs):
obj = self.get_object()

withdraw_actions = [
action
for action in obj.workflow[obj.status].transitions.keys()
if "withdraw" in action
action for action in obj.workflow.keys() if "withdraw" in action
]

if len(withdraw_actions) > 0:
if len(withdraw_actions) == 1:
action = withdraw_actions[0]
obj.perform_transition(
action, self.request.user, request=self.request, notify=False
)
elif len(withdraw_actions) > 1:
raise ImproperlyConfigured(
f'In workflow "{obj.workflow}" too many withdraw actions: "{withdraw_actions}"'
)
elif len(withdraw_actions) < 1:
raise ImproperlyConfigured(
f'No withdraw actions found in workflow "{obj.workflow}"'
)

success_url = obj.get_absolute_url()
return HttpResponseRedirect(success_url)
Expand Down
13 changes: 4 additions & 9 deletions hypha/apply/funds/workflow.py
Original file line number Diff line number Diff line change
Expand Up @@ -391,7 +391,7 @@ def make_permissions(edit=None, review=None, view=None, withdraw=None):
"withdrawn": {
"display": _("Withdrawn"),
"stage": Request,
"permissions": staff_edit_permissions,
"permissions": no_permissions,
},
},
]
Expand Down Expand Up @@ -443,11 +443,6 @@ def make_permissions(edit=None, review=None, view=None, withdraw=None):
"stage": RequestExt,
"permissions": applicant_edit_permissions,
},
"ext_withdrawn": {
"display": _("Withdrawn"),
"stage": RequestExt,
"permissions": staff_edit_permissions,
},
},
{
"ext_internal_review": {
Expand Down Expand Up @@ -585,7 +580,7 @@ def make_permissions(edit=None, review=None, view=None, withdraw=None):
"ext_withdrawn": {
"display": _("Withdrawn"),
"stage": RequestExt,
"permissions": staff_edit_permissions,
"permissions": no_permissions,
},
},
]
Expand Down Expand Up @@ -803,7 +798,7 @@ def make_permissions(edit=None, review=None, view=None, withdraw=None):
"com_withdrawn": {
"display": _("Withdrawn"),
"stage": RequestCom,
"permissions": staff_edit_permissions,
"permissions": no_permissions,
},
},
]
Expand Down Expand Up @@ -1140,7 +1135,7 @@ def make_permissions(edit=None, review=None, view=None, withdraw=None):
"proposal_withdrawn": {
"display": _("Withdrawn"),
"stage": Proposal,
"permissions": staff_edit_permissions,
"permissions": no_permissions,
},
},
]
Expand Down

0 comments on commit 13fc0ae

Please sign in to comment.