kobotoolbox
diff --git a/‎dependencies/pip/dev_requirements.txt‎
Lines changed: 2 additions & 2 deletions b/‎dependencies/pip/dev_requirements.txt‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎dependencies/pip/requirements.in‎
Lines changed: 1 addition & 1 deletion b/‎dependencies/pip/requirements.in‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎dependencies/pip/requirements.txt‎
Lines changed: 2 additions & 2 deletions b/‎dependencies/pip/requirements.txt‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎jsapp/js/account/organizations/requireOrgOwner.component.tsx‎
Lines changed: 0 additions & 33 deletions b/‎jsapp/js/account/organizations/requireOrgOwner.component.tsx‎
Lines changed: 0 additions & 33 deletions
diff --git a/‎jsapp/js/account/organizations/validateOrgPermissions.component.tsx‎
Lines changed: 49 additions & 0 deletions b/‎jsapp/js/account/organizations/validateOrgPermissions.component.tsx‎
Lines changed: 49 additions & 0 deletions
diff --git a/‎jsapp/js/account/routes.tsx‎
Lines changed: 35 additions & 10 deletions b/‎jsapp/js/account/routes.tsx‎
Lines changed: 35 additions & 10 deletions
diff --git a/‎jsapp/js/envStore.ts‎
Lines changed: 2 additions & 4 deletions b/‎jsapp/js/envStore.ts‎
Lines changed: 2 additions & 4 deletions
diff --git a/‎kobo/apps/audit_log/audit_actions.py‎
Lines changed: 8 additions & 0 deletions b/‎kobo/apps/audit_log/audit_actions.py‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎kobo/apps/audit_log/base_views.py‎
Lines changed: 16 additions & 8 deletions b/‎kobo/apps/audit_log/base_views.py‎
Lines changed: 16 additions & 8 deletions
@@ -414,7 +414,7 @@ oauthlib==3.2.2
     #   -r dependencies/pip/requirements.in
     #   django-oauth-toolkit
     #   requests-oauthlib
-openpyxl==3.0.9
+openpyxl==3.1.3
     # via
     #   -r dependencies/pip/requirements.in
     #   pyxform
@@ -537,7 +537,7 @@ pytz==2024.1
     # via
     #   flower
     #   pandas
-pyxform==1.9.0
+pyxform==2.1.1
     # via
     #   -r dependencies/pip/requirements.in
     #   formpack
 
@@ -75,7 +75,7 @@ openpyxl
 psycopg
 pymongo
 python-dateutil
-pyxform==1.9.0
+pyxform==2.1.1
 requests
 regex
 responses
 
@@ -336,7 +336,7 @@ oauthlib==3.2.2
     #   -r dependencies/pip/requirements.in
     #   django-oauth-toolkit
     #   requests-oauthlib
-openpyxl==3.0.9
+openpyxl==3.1.3
     # via
     #   -r dependencies/pip/requirements.in
     #   pyxform
@@ -412,7 +412,7 @@ pytz==2024.1
     # via
     #   flower
     #   pandas
-pyxform==1.9.0
+pyxform==2.1.1
     # via
     #   -r dependencies/pip/requirements.in
     #   formpack
 
@@ -0,0 +1,49 @@
+import React, {Suspense, useEffect} from 'react';
+import {useNavigate} from 'react-router-dom';
+import LoadingSpinner from 'js/components/common/loadingSpinner';
+import {ACCOUNT_ROUTES} from 'js/account/routes.constants';
+import {useOrganizationQuery} from 'js/account/stripe.api';
+import {OrganizationUserRole} from '../stripe.types';
+
+interface Props {
+  children: React.ReactNode;
+  validRoles?: OrganizationUserRole[];
+  mmoOnly?: boolean;
+  redirect?: boolean;
+}
+
+/**
+ * Use to handle display of pages that should only be accessible to certain user roles
+ * or members of MMOs. Defaults to allowing access for all users, so you must supply
+ * any restrictions.
+ */
+export const ValidateOrgPermissions = ({
+  children,
+  validRoles = undefined,
+  mmoOnly = false,
+  redirect = true,
+}: Props) => {
+  const navigate = useNavigate();
+  const orgQuery = useOrganizationQuery();
+  const hasValidRole = validRoles ? validRoles.includes(
+    orgQuery.data?.request_user_role ?? OrganizationUserRole.member
+  ) : true;
+  const hasValidOrg = mmoOnly ? orgQuery.data?.is_mmo : true;
+
+  // Redirect to Account Settings if conditions not met
+  useEffect(() => {
+    if (
+      redirect &&
+      orgQuery.data &&
+      (!hasValidRole || !hasValidOrg)
+    ) {
+      navigate(ACCOUNT_ROUTES.ACCOUNT_SETTINGS);
+    }
+  }, [redirect, orgQuery.data, navigate]);
+
+  return redirect && hasValidRole && hasValidOrg ? (
+    <Suspense fallback={null}>{children}</Suspense>
+  ) : (
+    <LoadingSpinner />
+  );
+};
@@ -1,7 +1,8 @@
 import React from 'react';
 import {Navigate, Route} from 'react-router-dom';
 import RequireAuth from 'js/router/requireAuth';
-import {RequireOrgOwner} from 'js/account/organizations/requireOrgOwner.component';
+import {ValidateOrgPermissions} from 'js/account/organizations/validateOrgPermissions.component';
+import {OrganizationUserRole} from './stripe.types';
 import {
   ACCOUNT_ROUTES,
   AccountSettings,
@@ -35,9 +36,9 @@ export default function routes() {
         index
         element={
           <RequireAuth>
-            <RequireOrgOwner>
+            <ValidateOrgPermissions validRoles={[OrganizationUserRole.owner]}>
               <PlansRoute />
-            </RequireOrgOwner>
+            </ValidateOrgPermissions>
           </RequireAuth>
         }
       />
@@ -46,9 +47,9 @@ export default function routes() {
         index
         element={
           <RequireAuth>
-            <RequireOrgOwner>
+            <ValidateOrgPermissions validRoles={[OrganizationUserRole.owner]}>
               <AddOnsRoute />
-            </RequireOrgOwner>
+            </ValidateOrgPermissions>
           </RequireAuth>
         }
       />
@@ -57,17 +58,31 @@ export default function routes() {
         index
         element={
           <RequireAuth>
-            <RequireOrgOwner>
+            <ValidateOrgPermissions
+              validRoles={[
+                OrganizationUserRole.owner,
+                OrganizationUserRole.admin,
+              ]}
+            >
               <DataStorage activeRoute={ACCOUNT_ROUTES.USAGE} />
-            </RequireOrgOwner>
+            </ValidateOrgPermissions>
           </RequireAuth>
         }
       />
       <Route
         path={ACCOUNT_ROUTES.USAGE_PROJECT_BREAKDOWN}
         element={
           <RequireAuth>
-            <DataStorage activeRoute={ACCOUNT_ROUTES.USAGE_PROJECT_BREAKDOWN} />
+            <ValidateOrgPermissions
+              validRoles={[
+                OrganizationUserRole.owner,
+                OrganizationUserRole.admin,
+              ]}
+            >
+              <DataStorage
+                activeRoute={ACCOUNT_ROUTES.USAGE_PROJECT_BREAKDOWN}
+              />
+            </ValidateOrgPermissions>
           </RequireAuth>
         }
       />
@@ -93,15 +108,25 @@ export default function routes() {
             path={ACCOUNT_ROUTES.ORGANIZATION_MEMBERS}
             element={
               <RequireAuth>
-                <div>Organization members view to be implemented</div>
+                <ValidateOrgPermissions mmoOnly>
+                  <div>Organization members view to be implemented</div>
+                </ValidateOrgPermissions>
               </RequireAuth>
             }
           />
           <Route
             path={ACCOUNT_ROUTES.ORGANIZATION_SETTINGS}
             element={
               <RequireAuth>
-                <div>Organization settings view to be implemented</div>
+                <ValidateOrgPermissions
+                  validRoles={[
+                    OrganizationUserRole.owner,
+                    OrganizationUserRole.admin,
+                  ]}
+                  mmoOnly
+                >
+                  <div>Organization settings view to be implemented</div>
+                </ValidateOrgPermissions>
               </RequireAuth>
             }
           />
 
@@ -22,8 +22,7 @@ export interface EnvironmentResponse {
   transcription_languages: TransxLanguages;
   translation_languages: TransxLanguages;
   submission_placeholder: string;
-  // TODO: Remove optional marker when PR#5182 is merged
-  use_team_label?: boolean;
+  use_team_label: boolean;
   frontend_min_retry_time: number;
   frontend_max_retry_time: number;
   asr_mt_features_enabled: boolean;
@@ -215,8 +214,7 @@ class EnvStore {
     this.data.project_metadata_fields = response.project_metadata_fields;
     this.data.user_metadata_fields = response.user_metadata_fields;
     this.data.submission_placeholder = response.submission_placeholder;
-    // TODO: Assign response value when PR#5182 is merged
-    this.data.use_team_label = true;
+    this.data.use_team_label = response.use_team_label;
     this.data.mfa_localized_help_text = response.mfa_localized_help_text;
     this.data.mfa_enabled = response.mfa_enabled;
     this.data.mfa_per_user_availability = response.mfa_per_user_availability;
 
@@ -2,17 +2,25 @@
 
 
 class AuditAction(models.TextChoices):
+    ADD_MEDIA = 'add-media'
     ARCHIVE = 'archive'
     AUTH = 'auth'
+    CONNECT_PROJECT = 'connect-project'
     CREATE = 'create'
     DELETE = 'delete'
+    DELETE_MEDIA = 'delete-media'
+    DELETE_SERVICE = 'delete-service'
     DEPLOY = 'deploy'
     DISABLE_SHARING = 'disable-sharing'
+    DISCONNECT_PROJECT = 'disconnect-project'
     ENABLE_SHARING = 'enable-sharing'
     IN_TRASH = 'in-trash'
+    MODIFY_IMPORTED_FIELDS = 'modify-imported-fields'
+    MODIFY_SERVICE = 'modify-service'
     MODIFY_SHARING = 'modify_sharing'
     PUT_BACK = 'put-back'
     REDEPLOY = 'redeploy'
+    REGISTER_SERVICE = 'register-service'
     REMOVE = 'remove'
     UNARCHIVE = 'unarchive'
     UPDATE = 'update'
 
@@ -49,32 +49,40 @@ def get_object(self):
             return obj
         audit_log_data = {}
         for field in self.logged_fields:
-            value = get_nested_field(obj, field)
-            audit_log_data[field] = value
+            field_path = field[1] if isinstance(field, tuple) else field
+            field_label = field[0] if isinstance(field, tuple) else field
+            value = get_nested_field(obj, field_path)
+            audit_log_data[field_label] = value
         self.request._request.initial_data = audit_log_data
         return obj
 
     def perform_update(self, serializer):
         self.perform_update_override(serializer)
         audit_log_data = {}
         for field in self.logged_fields:
-            value = get_nested_field(serializer.instance, field)
-            audit_log_data[field] = value
+            field_path = field[1] if isinstance(field, tuple) else field
+            field_label = field[0] if isinstance(field, tuple) else field
+            value = get_nested_field(serializer.instance, field_path)
+            audit_log_data[field_label] = value
         self.request._request.updated_data = audit_log_data
 
     def perform_create(self, serializer):
         self.perform_create_override(serializer)
         audit_log_data = {}
         for field in self.logged_fields:
-            value = get_nested_field(serializer.instance, field)
-            audit_log_data[field] = value
+            field_path = field[1] if isinstance(field, tuple) else field
+            field_label = field[0] if isinstance(field, tuple) else field
+            value = get_nested_field(serializer.instance, field_path)
+            audit_log_data[field_label] = value
         self.request._request.updated_data = audit_log_data
 
     def perform_destroy(self, instance):
         audit_log_data = {}
         for field in self.logged_fields:
-            value = get_nested_field(instance, field)
-            audit_log_data[field] = value
+            field_path = field[1] if isinstance(field, tuple) else field
+            field_label = field[0] if isinstance(field, tuple) else field
+            value = get_nested_field(instance, field_path)
+            audit_log_data[field_label] = value
         self.request._request.initial_data = audit_log_data
         self.perform_destroy_override(instance)