From 55bd2323f0a6d0deb1a7197284887c18ac083716 Mon Sep 17 00:00:00 2001
From: Mara Karagianni <m.karagianni@liqd.net>
Date: Tue, 16 Jan 2024 09:37:35 +0200
Subject: [PATCH 1/2] euth, dashboard: disable projects dashboard for
 non-admins

---
 .python-version                               |  1 +
 .../templates/euth_dashboard/dropdown.html    |  4 +++
 euth/dashboard/urls.py                        | 24 ++++++++++++++-
 euth/dashboard/views.py                       | 28 ++++++++++++++++++
 euth/projects/rules.py                        |  6 ++++
 .../templates/euth_users/indicator_menu.html  |  4 +++
 .../templates/a4dashboard/base_dashboard.html |  2 ++
 .../templates/a4dashboard/blueprint_list.html | 18 +++++++-----
 .../templates/a4dashboard/project_list.html   |  2 ++
 tests/dashboard/test_dashboard_views.py       | 29 ++++---------------
 10 files changed, 86 insertions(+), 32 deletions(-)
 create mode 100644 .python-version
 create mode 100644 euth/dashboard/views.py
 create mode 100644 euth/projects/rules.py

diff --git a/.python-version b/.python-version
new file mode 100644
index 000000000..0afbac8eb
--- /dev/null
+++ b/.python-version
@@ -0,0 +1 @@
+opin
diff --git a/euth/dashboard/templates/euth_dashboard/dropdown.html b/euth/dashboard/templates/euth_dashboard/dropdown.html
index 0e39c0586..2f2a73502 100644
--- a/euth/dashboard/templates/euth_dashboard/dropdown.html
+++ b/euth/dashboard/templates/euth_dashboard/dropdown.html
@@ -16,7 +16,11 @@
         <ul class="dropdown-menu" aria-labelledby="dLabel">
             {% for organisation in orgs %}
                 <li>
+                    {% if user.is_superuser %}
                     <a href="{% url 'a4dashboard:project-list' organisation_slug=organisation.slug %}" class="dropdown-item">{{ organisation.name }}</a>
+                    {% else %}
+                    <a href="{% url 'a4dashboard:organisation-edit' organisation_slug=organisation.slug %}" class="dropdown-item">{{ organisation.name }}</a>
+                    {% endif %}
                 </li>
             {% endfor %}
         </ul>
diff --git a/euth/dashboard/urls.py b/euth/dashboard/urls.py
index 163e42298..269b87201 100644
--- a/euth/dashboard/urls.py
+++ b/euth/dashboard/urls.py
@@ -1,6 +1,7 @@
 from django.urls import re_path
 
 from adhocracy4.dashboard.urls import urlpatterns as a4dashboard_urlpatterns
+from euth.dashboard import views
 from euth.organisations.views import DashboardOrganisationUpdateView
 
 app_name = 'a4dashboard'
@@ -8,5 +9,26 @@
 urlpatterns = [
     re_path(r'^organisations/(?P<organisation_slug>[-\w_]+)/settings/$',
             DashboardOrganisationUpdateView.as_view(),
-            name='organisation-edit')
+            name='organisation-edit'),
+    re_path(
+        r"^organisations/(?P<organisation_slug>[-\w_]+)/blueprints/$",
+        views.BlueprintAdminListView.as_view(),
+        name="blueprint-list",
+    ),
+    re_path(
+        r"^organisations/(?P<organisation_slug>[-\w_]+)/projects/$",
+        views.ProjectAdminListView.as_view(),
+        name="project-list",
+    ),
+    re_path(
+        r"^organisations/(?P<organisation_slug>[-\w_]+)/blueprints/"
+        r"(?P<blueprint_slug>[-\w_]+)/$",
+        views.ProjectAdminCreateView.as_view(),
+        name="project-create",
+    ),
+    re_path(
+        r"^publish/project/(?P<project_slug>[-\w_]+)/$",
+        views.ProjectAdminPublishView.as_view(),
+        name="project-publish",
+    ),
 ] + a4dashboard_urlpatterns
diff --git a/euth/dashboard/views.py b/euth/dashboard/views.py
new file mode 100644
index 000000000..57fbb750e
--- /dev/null
+++ b/euth/dashboard/views.py
@@ -0,0 +1,28 @@
+from adhocracy4.dashboard.views import BlueprintListView
+from adhocracy4.dashboard.views import ProjectCreateView
+from adhocracy4.dashboard.views import ProjectListView
+from adhocracy4.dashboard.views import ProjectPublishView
+
+
+class ProjectAdminListView(ProjectListView):
+    """Only admins can view dashboard"""
+
+    permission_required = "euth_projects.add_project"
+
+
+class ProjectAdminCreateView(ProjectCreateView):
+    """Only admins can create new projects"""
+
+    permission_required = "euth_projects.add_project"
+
+
+class ProjectAdminPublishView(ProjectPublishView):
+    """Only admins can publish new projects"""
+
+    permission_required = "euth_projects.change_project"
+
+
+class BlueprintAdminListView(BlueprintListView):
+    """Only admins can view list of blueprints"""
+
+    permission_required = "euth_projects.add_project"
diff --git a/euth/projects/rules.py b/euth/projects/rules.py
new file mode 100644
index 000000000..f0ac03efd
--- /dev/null
+++ b/euth/projects/rules.py
@@ -0,0 +1,6 @@
+import rules
+from rules.predicates import is_superuser
+
+rules.add_perm("euth_projects.add_project", is_superuser)
+
+rules.add_perm("euth_projects.change_project", is_superuser)
diff --git a/euth/users/templates/euth_users/indicator_menu.html b/euth/users/templates/euth_users/indicator_menu.html
index d167fc264..167388ad1 100644
--- a/euth/users/templates/euth_users/indicator_menu.html
+++ b/euth/users/templates/euth_users/indicator_menu.html
@@ -24,7 +24,11 @@
 
                 {% for organisation in request.user.organisations %}
                     <li>
+                        {% if request.user.is_superuser %}
                         <a href="{% url 'a4dashboard:project-list' organisation_slug=organisation.slug %}" class="dropdown-item">
+                        {% else %}
+                        <a href="{% url 'a4dashboard:organisation-edit' organisation_slug=organisation.slug %}" class="dropdown-item">
+                        {% endif %}
                             <img src="{{ organisation.logo|thumbnail_url:'org_avatar_small' }}" alt="" width="20"><span class="dropdown-text">{{ organisation.name }}</span>
                         </a>
                     </li>
diff --git a/euth_wagtail/templates/a4dashboard/base_dashboard.html b/euth_wagtail/templates/a4dashboard/base_dashboard.html
index 0a8d301d4..b543382c0 100644
--- a/euth_wagtail/templates/a4dashboard/base_dashboard.html
+++ b/euth_wagtail/templates/a4dashboard/base_dashboard.html
@@ -20,7 +20,9 @@
         <ul class="dashboard-header-tabs nav nav-tabs float-end" role="tablist">
          {% url 'a4dashboard:organisation-edit' organisation_slug=view.organisation.slug as organisation_edit_url %}
             <li role="presentation" class="dashboard-header-tab {% if not request.get_full_path == organisation_edit_url %} active {% endif %}">
+		{% if request.user.is_superuser %}
                 <a href="{% url 'a4dashboard:project-list' organisation_slug=view.organisation.slug %}" class="nav-link dashboard-header-link" aria-controls="projects" role="presentation" >{% trans 'Projects' %}</a>
+		{% endif %}
             </li>
             <li role="presentation" class="dashboard-header-tab {% if request.get_full_path == organisation_edit_url %} active {% endif %}">
                 <a href="{{ organisation_edit_url }}" class="nav-link dashboard-header-link" aria-controls="organisation" role="presentation" >{% trans 'Organisation' %}</a>
diff --git a/euth_wagtail/templates/a4dashboard/blueprint_list.html b/euth_wagtail/templates/a4dashboard/blueprint_list.html
index f96f265ca..863774826 100644
--- a/euth_wagtail/templates/a4dashboard/blueprint_list.html
+++ b/euth_wagtail/templates/a4dashboard/blueprint_list.html
@@ -1,29 +1,31 @@
 {% extends "a4dashboard/base_dashboard.html" %}
 {% load i18n static %}
 
-{% block title %}{% trans "New Project" %} &mdash; {{ block.super }}{% endblock%}
+{% if user.is_superuser %}
+{% block title %}{% translate "New Project" %} &mdash; {{ block.super }}{% endblock%}
+{% endif %}
 
 {% block dashboard_content %}
 <div class="container dashboard-content row">
     <div class="col-md-10 offset-md-1">
         <h1 class="dashboard-content-heading">
-            {% trans "What kind of project would you like to create?" %}
+            {% translate "What kind of project would you like to create?" %}
         </h1>
 
         <div class="blueprint-list">
 
             <div class="dst-tile">
                 <img src="{% static 'images/placeholder_transparent.png' %}" alt="Decision support tool">
-                <h2 class="sans-serif h4">{% trans 'Not sure which template?' %}</h2>
+                <h2 class="sans-serif h4">{% translate 'Not sure which template?' %}</h2>
                 <div class="dst-description">
-                    <h3 class="h5">{% trans "Try the Decision Support Tool (DST)!" %}</h3>
-                    {% trans "In just three minutes you'll find out which process suits your needs. It's easy." %}
+                    <h3 class="h5">{% translate "Try the Decision Support Tool (DST)!" %}</h3>
+                    {% translate "In just three minutes you'll find out which process suits your needs. It's easy." %}
                 </div>
 
                 <div class="dst-footer">
                     <a href="{% url 'blueprints-form' organisation_slug=view.organisation.slug %}"
                        class="btn btn-primary">
-                        {% trans 'Choose template'%}
+                        {% translate 'Choose template'%}
                     </a>
                 </div>
             </div>
@@ -46,10 +48,10 @@ <h2 class="sans-serif h4">{{ blueprint.title }}</h2>
                 <div class="blueprint-footer">
                     <a href="{% url 'a4dashboard:project-create' organisation_slug=view.organisation.slug blueprint_slug=blueprint_slug %}"
                        class="btn btn-primary">
-                        {% trans 'use this template' %}
+                        {% translate 'use this template' %}
                     </a>
 
-                    <button class="btn-link" type="button" data-bs-toggle="modal" data-bs-target="#dst-infopage-{{ blueprint_slug }}">{% trans 'Learn More' %}</button>
+                    <button class="btn-link" type="button" data-bs-toggle="modal" data-bs-target="#dst-infopage-{{ blueprint_slug }}">{% translate 'Learn More' %}</button>
                 </div>
 
                 {% include 'euth_blueprints/includes/infopage.html'%}
diff --git a/euth_wagtail/templates/a4dashboard/project_list.html b/euth_wagtail/templates/a4dashboard/project_list.html
index 03d54275a..6b1b1ff53 100644
--- a/euth_wagtail/templates/a4dashboard/project_list.html
+++ b/euth_wagtail/templates/a4dashboard/project_list.html
@@ -6,11 +6,13 @@
 {% block project_list %}
     <div class="dashboard-content-header">
         <h1 class="dashboard-content-left dashboard-content-heading">{% trans 'Projects' %}</h1>
+        {% if user.is_superuser %}
         <div class="dashboard-content-right">
             <a href="{% url 'a4dashboard:blueprint-list' organisation_slug=view.organisation.slug %}" class="btn btn-primary">
                 {% trans 'New Project' %}
             </a>
         </div>
+	{% endif %}
     </div>
 
     {% if project_list|length > 0 %}
diff --git a/tests/dashboard/test_dashboard_views.py b/tests/dashboard/test_dashboard_views.py
index cb518be99..b3ecb6149 100644
--- a/tests/dashboard/test_dashboard_views.py
+++ b/tests/dashboard/test_dashboard_views.py
@@ -44,8 +44,7 @@ def test_initiator_list_projects(client, project):
         'organisation_slug': project.organisation.slug,
     })
     response = client.get(url)
-    assert response.status_code == 200
-    assert project in list(response.context_data['project_list']) == [project]
+    assert response.status_code == 403
 
 
 @pytest.mark.django_db
@@ -57,17 +56,8 @@ def test_initiator_create_project(client, organisation):
         'blueprint_slug': 'brainstorming'
     })
     response = client.get(url)
-    assert response.status_code == 200
-
-    response = client.post(url, {
-        'name': 'Project name',
-        'description': 'Project info'
-    })
-    assert response.status_code == 302
-    assert redirect_target(response) == 'project-edit'
-    project = organisation.project_set.first()
-    assert project.is_draft
-    assert project.name == 'Project name'
+    # only admins can create new projects
+    assert response.status_code == 403
 
 
 @pytest.mark.django_db
@@ -317,22 +307,15 @@ def test_dashboard_organisation_delete_language(client, organisation):
         organisation.save()
 
 
-'''
 @pytest.mark.django_db
 def test_dashboard_blueprint(client, organisation):
-    from euth.blueprints.blueprints import blueprints
+    user = organisation.initiators.first()
+    client.login(username=user.email, password='password')
     url = reverse('a4dashboard:blueprint-list', kwargs={
         'organisation_slug': organisation.slug
     })
-    user = organisation.initiators.first()
-    response = client.get(url)
-    assert response.status_code == 302
-    assert redirect_target(response) == 'account_login'
-    client.login(username=user.email, password='password')
     response = client.get(url)
-    assert response.status_code == 200
-    assert response.context_data['view'].blueprints == blueprints
-'''
+    assert response.status_code == 403
 
 
 @pytest.mark.django_db

From ce28225622111e10c4b74af32142b4457233fbd2 Mon Sep 17 00:00:00 2001
From: Mara Karagianni <m.karagianni@liqd.net>
Date: Mon, 15 Jan 2024 16:16:15 +0200
Subject: [PATCH 2/2] gitignore pyenv version

---
 .gitignore      | 1 +
 .python-version | 1 -
 2 files changed, 1 insertion(+), 1 deletion(-)
 delete mode 100644 .python-version

diff --git a/.gitignore b/.gitignore
index 69f8a511b..0a7a051e6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -26,6 +26,7 @@ coverage.xml
 venv/
 /pyvenv.cfg
 /pip-selfcheck.json
+.python-version
 
 # Node
 node_modules/
diff --git a/.python-version b/.python-version
deleted file mode 100644
index 0afbac8eb..000000000
--- a/.python-version
+++ /dev/null
@@ -1 +0,0 @@
-opin