{% trans "Informations complémentaires" %}
diff --git a/geocity/apps/submissions/templates/submissions/submission_validations_edit.html b/geocity/apps/submissions/templates/submissions/submission_validations_edit.html
new file mode 100644
index 000000000..055d7f332
--- /dev/null
+++ b/geocity/apps/submissions/templates/submissions/submission_validations_edit.html
@@ -0,0 +1,27 @@
+{% extends "base_generic.html" %}
+{% load static %}
+{% load i18n %}
+{% load bootstrap4 %}
+
+{% block content %}
+ {{ title }}
+
+
+{% endblock %}
+
+{% block scripts %}
+
+{% endblock %}
diff --git a/geocity/apps/submissions/urls.py b/geocity/apps/submissions/urls.py
index 119a1dc14..808aa6db0 100644
--- a/geocity/apps/submissions/urls.py
+++ b/geocity/apps/submissions/urls.py
@@ -131,4 +131,9 @@
views.SubmissionPaymentRedirect.as_view(),
name="submission_payment_redirect",
),
+ path(
+ "validations/
/edit",
+ views.submission_validations_edit,
+ name="submission_validations_edit",
+ ),
]
diff --git a/geocity/apps/submissions/views.py b/geocity/apps/submissions/views.py
index 036dd8462..4a4a2f8ae 100644
--- a/geocity/apps/submissions/views.py
+++ b/geocity/apps/submissions/views.py
@@ -282,6 +282,9 @@ def get_context_data(self, **kwargs):
self.request.user, self.submission
),
"can_validate_submission": can_validate_submission,
+ "has_permission_to_edit_submission_validations": permissions.has_permission_to_edit_submission_validations(
+ self.request.user, self.submission
+ ),
"directives": self.submission.get_submission_directives(),
"prolongation_enabled": prolongation_enabled,
"document_enabled": self.submission.has_document_enabled(),
@@ -293,6 +296,7 @@ def get_context_data(self, **kwargs):
== self.submission.forms.count(),
"inquiry_in_progress": self.submission.status
== models.Submission.STATUS_INQUIRY_IN_PROGRESS,
+ "current_user": self.request.user,
},
}
@@ -2210,3 +2214,57 @@ def get(self, request, pk, *args, **kwargs):
return redirect(payment_url)
return redirect(reverse_lazy("submissions:submissions_list"))
+
+
+# TODO: SET PERMISSIONS
+@login_required
+@check_mandatory_2FA
+def submission_validations_edit(request, submission_id):
+
+ # Check that user is authorize to see submission
+ submission = get_object_or_404(
+ models.Submission.objects.filter_for_user(request.user), pk=submission_id
+ )
+
+ # Check that user is authorized to edit submission validations
+ if not permissions.has_permission_to_edit_submission_validations(
+ request.user, submission
+ ):
+ # TODO: be nicer whith user
+ raise PermissionDenied
+
+ submissionValidationFormset = modelformset_factory(
+ models.SubmissionValidation,
+ form=forms.SubmissionValidationsForm,
+ edit_only=True,
+ extra=0,
+ )
+ if request.method == "POST":
+ if request.method == "POST":
+ formset = submissionValidationFormset(request.POST)
+ if formset.is_valid():
+ formset.save()
+ if "save_continue" in request.POST:
+ return redirect(
+ "submissions:submission_validations_edit",
+ submission_id=submission_id,
+ )
+ else:
+ return redirect(
+ "submissions:submission_detail",
+ submission_id=submission_id,
+ )
+
+ else:
+ formset = submissionValidationFormset(
+ queryset=models.SubmissionValidation.objects.filter(
+ submission=submission_id
+ )
+ )
+ return render(
+ request,
+ "submissions/submission_validations_edit.html",
+ {
+ "formset": formset,
+ },
+ )
diff --git a/geocity/tests/submissions/functional/test_submission_validation.py b/geocity/tests/submissions/functional/test_submission_validation.py
index 1199b871f..760815da8 100644
--- a/geocity/tests/submissions/functional/test_submission_validation.py
+++ b/geocity/tests/submissions/functional/test_submission_validation.py
@@ -1,13 +1,15 @@
+from django.contrib.auth.models import Permission
from django.core import mail
from django.test import TestCase
from django.urls import reverse
from geocity.apps.submissions import models as submissions_models
+from geocity.apps.submissions.models import Submission, SubmissionValidation
from geocity.tests import factories
from geocity.tests.utils import LoggedInSecretariatMixin, get_parser
-class SubmissionValidationRequestTestcase(LoggedInSecretariatMixin, TestCase):
+class SubmissionValidationRequestTestCase(LoggedInSecretariatMixin, TestCase):
def test_secretariat_can_request_validation(self):
validator_groups = factories.ValidatorGroupFactory.create_batch(
2, department__administrative_entity=self.administrative_entity
@@ -131,7 +133,7 @@ def test_validation_request_sends_mail_to_selected_validators(self):
self.assertEqual(mail.outbox[0].to, [validator_user.email])
-class SubmissionValidationTestcase(TestCase):
+class SubmissionValidationTestCase(TestCase):
def test_validator_can_see_assigned_submissions(self):
validation = factories.SubmissionValidationFactory()
validator = factories.ValidatorUserFactory(
@@ -321,3 +323,184 @@ def test_secretary_email_is_sent_when_submission_is_validated(self):
"Les services chargés de la validation d'une demande ont donné leur préavis",
mail.outbox[0].message().as_string(),
)
+
+
+class SubmissionValidationOnDetailsTestCase(TestCase):
+ def setUp(self):
+ super().setUp()
+ """Generate validations and users
+ """
+
+ self.edit_submission_validations = Permission.objects.get(
+ codename="edit_submission_validations",
+ content_type__app_label="submissions",
+ )
+
+ # Create submission
+ self.submission = factories.SubmissionFactory(
+ status=Submission.STATUS_PROCESSING
+ )
+
+ # Create all cases of validations
+ self.validation_1 = factories.SubmissionValidationFactory(
+ comment_is_visible_by_author=True,
+ submission=self.submission,
+ comment="Requested and visible",
+ validation_status=SubmissionValidation.STATUS_REQUESTED,
+ )
+ self.validation_2 = factories.SubmissionValidationFactory(
+ comment_is_visible_by_author=False,
+ submission=self.submission,
+ comment="Approved and hidden",
+ validation_status=SubmissionValidation.STATUS_APPROVED,
+ )
+ self.validation_3 = factories.SubmissionValidationFactory(
+ comment_is_visible_by_author=True,
+ submission=self.submission,
+ comment="Approved and visible",
+ validation_status=SubmissionValidation.STATUS_APPROVED,
+ )
+ self.validation_4 = factories.SubmissionValidationFactory(
+ comment_is_visible_by_author=True,
+ submission=self.submission,
+ comment="Rejected and visible",
+ validation_status=SubmissionValidation.STATUS_REJECTED,
+ )
+
+ # Create pilot group
+ self.pilot_group = factories.GroupFactory(name="pilot")
+
+ # Create department
+ department = factories.PermitDepartmentFactory(
+ group=self.pilot_group, is_backoffice=True
+ )
+
+ # Create pilot user
+ self.pilot = factories.SecretariatUserFactory(
+ groups=[self.pilot_group], email="secretary@geocity.ch"
+ )
+
+ # Create validator
+ self.validator = factories.ValidatorUserFactory(
+ groups=[
+ self.validation_1.department.group,
+ factories.ValidatorGroupFactory(),
+ ],
+ )
+
+ # Define author
+ self.author = self.submission.author
+
+ # Set department for submission.administrative_entity
+ self.submission.administrative_entity.departments.set([department])
+
+ # Create used form
+ self.form = factories.FormFactory()
+
+ # Assign form to submission
+ self.submission.forms.set([self.form])
+
+ def test_author_can_only_see_visible_validation_comment(self):
+ self.client.login(username=self.author.username, password="password")
+
+ response = self.client.get(
+ reverse(
+ "submissions:submission_detail",
+ kwargs={"submission_id": self.submission.pk},
+ ),
+ )
+
+ self.assertEqual(response.status_code, 200)
+
+ content = response.content.decode()
+
+ # Button should not appear
+ self.assertNotIn("Modifier les validations", content)
+
+ # Check comment and status for comment_is_visible_by_author=True appears
+ # Check comment and status for comment_is_visible_by_author=False dont appears
+ self.assertIn(self.validation_1.comment, content)
+ self.assertIn(self.validation_3.comment, content)
+ self.assertIn(self.validation_4.comment, content)
+ self.assertNotIn(self.validation_2.comment, content)
+
+ self.assertIn("fa fa-check-circle", content)
+ self.assertIn("fa fa-clock-o", content)
+ self.assertIn("fa fa-times-circle", content)
+
+ # Check comment_is_visible_by_author never appears
+ self.assertNotIn("Commentaire visible par l'auteur de la demande", content)
+
+ def test_pilot_can_edit_validation_only_with_perms(self):
+ self.client.login(username=self.pilot.username, password="password")
+
+ response = self.client.get(
+ reverse(
+ "submissions:submission_detail",
+ kwargs={"submission_id": self.submission.pk},
+ ),
+ )
+
+ self.assertEqual(response.status_code, 200)
+
+ content = response.content.decode()
+
+ # Button should not appear
+ self.assertNotIn("Modifier les validations", content)
+
+ # Can see all comments
+ self.assertIn(self.validation_1.comment, content)
+ self.assertIn(self.validation_2.comment, content)
+ self.assertIn(self.validation_3.comment, content)
+ self.assertIn(self.validation_4.comment, content)
+
+ # See all icons
+ self.assertIn("fa fa-check-circle", content)
+ self.assertIn("fa fa-clock-o", content)
+ self.assertIn("fa fa-times-circle", content)
+
+ # Add permission
+ self.pilot_group.permissions.add(self.edit_submission_validations)
+
+ # Check permission is assigned correctly
+ self.assertTrue(self.pilot.has_perm("submissions.edit_submission_validations"))
+
+ # Refresh response
+ response = self.client.get(
+ reverse(
+ "submissions:submission_detail",
+ kwargs={"submission_id": self.submission.pk},
+ ),
+ )
+
+ self.assertEqual(response.status_code, 200)
+
+ content = response.content.decode()
+
+ # Button should appear
+ self.assertIn("Modifier les validations", content)
+
+ def test_validator_cant_edit_validation_even_with_perms(self):
+ # Add permission
+ self.validator.user_permissions.add(self.edit_submission_validations)
+
+ # Check permission is assigned correctly
+ self.assertTrue(
+ self.validator.has_perm("submissions.edit_submission_validations")
+ )
+
+ self.client.login(username=self.pilot.username, password="password")
+
+ response = self.client.get(
+ reverse(
+ "submissions:submission_detail",
+ kwargs={"submission_id": self.submission.pk},
+ ),
+ )
+
+ self.assertEqual(response.status_code, 200)
+
+ content = response.content.decode()
+
+ # Button should not appear
+ self.assertNotIn("Modifier les validations", content)