diff --git a/app/content/views/registration.py b/app/content/views/registration.py index 4aa3bf68c..c41a86823 100644 --- a/app/content/views/registration.py +++ b/app/content/views/registration.py @@ -13,6 +13,7 @@ from app.common.pagination import BasePagination from app.common.permissions import ( BasicViewPermission, + check_has_access, is_admin_group_user, is_admin_user, ) @@ -157,7 +158,22 @@ def _admin_unregister(self, registration): def add_registration(self, request, *_args, **_kwargs): """Add registration to event for admins""" - if not is_admin_group_user(request): + event_id = self.kwargs.get("event_id", None) + user_id = request.data["user"] + + event = get_object_or_404(Event, id=event_id) + user = get_object_or_404(User, user_id=user_id) + + organizing_group = event.organizer + + is_member_or_leader_of_organizing_group = check_has_access( + [organizing_group], request + ) + + if ( + not is_admin_group_user(request) + and not is_member_or_leader_of_organizing_group + ): return Response( { "detail": "Du har ikke tillatelse til å opprette en påmelding på dette arrangementet" @@ -165,12 +181,6 @@ def add_registration(self, request, *_args, **_kwargs): status=status.HTTP_403_FORBIDDEN, ) - event_id = self.kwargs.get("event_id", None) - user_id = request.data["user"] - - event = get_object_or_404(Event, id=event_id) - user = get_object_or_404(User, user_id=user_id) - if not user.accepts_event_rules: return Response( { diff --git a/app/gallery/factories/_init_.py b/app/gallery/factories/_init_.py new file mode 100644 index 000000000..e69de29bb diff --git a/app/gallery/factories/album_factory.py b/app/gallery/factories/album_factory.py new file mode 100644 index 000000000..e2abd6592 --- /dev/null +++ b/app/gallery/factories/album_factory.py @@ -0,0 +1,15 @@ +import factory +from factory.django import DjangoModelFactory + +from app.gallery.models.album import Album + + +class AlbumFactory(DjangoModelFactory): + class Meta: + model = Album + + id = factory.Sequence(lambda n: f"picture_{n}") + image = factory.Faker("image") + title = factory.Faker("title") + image_alt = factory.Faker("image_alt") + description = factory.Faker("description") diff --git a/app/gallery/migrations/0003_alter_album_options.py b/app/gallery/migrations/0003_alter_album_options.py new file mode 100644 index 000000000..5d8f724bd --- /dev/null +++ b/app/gallery/migrations/0003_alter_album_options.py @@ -0,0 +1,17 @@ +# Generated by Django 4.2.5 on 2024-10-21 17:00 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ("gallery", "0002_remove_picture_album_album_id_alter_album_slug"), + ] + + operations = [ + migrations.AlterModelOptions( + name="album", + options={"ordering": ["-created_at"]}, + ), + ] diff --git a/app/gallery/models/album.py b/app/gallery/models/album.py index 43dfe6722..b3caf6821 100644 --- a/app/gallery/models/album.py +++ b/app/gallery/models/album.py @@ -18,6 +18,9 @@ class Album(BaseModel, BasePermissionModel, OptionalImage): slug = models.SlugField(max_length=50, primary_key=False) write_access = AdminGroup.all() + class Meta: + ordering = ["-created_at"] + def __str__(self): return self.title diff --git a/app/tests/content/test_registration_integration.py b/app/tests/content/test_registration_integration.py index 86d111158..eb7a39909 100644 --- a/app/tests/content/test_registration_integration.py +++ b/app/tests/content/test_registration_integration.py @@ -4,7 +4,7 @@ import pytest -from app.common.enums import AdminGroup +from app.common.enums import AdminGroup, Groups from app.common.enums import NativeGroupType as GroupType from app.common.enums import NativeMembershipType as MembershipType from app.common.enums import NativeUserStudy as StudyType @@ -1038,6 +1038,110 @@ def test_add_registration_to_event_as_member(member, event): assert response.status_code == status.HTTP_403_FORBIDDEN +@pytest.mark.django_db +@pytest.mark.parametrize( + "group_name", + [ + Groups.JUBKOM, + Groups.REDAKSJONEN, + Groups.FONDET, + Groups.PLASK, + Groups.DRIFT, + ], +) +def test_add_registration_to_event_as_group_member(event, member, group_name): + """ + A member of a specific group (not part of AdminGroup) should be able to add a + registration to an event if their group organized it. + """ + + member_group = add_user_to_group_with_name( + member, group_name, GroupType.SUBGROUP, MembershipType.MEMBER + ) + + event.organizer = member_group + event.save() + + data = {"user": member.user_id, "event": event.id} + url = f"{_get_registration_url(event=event)}add/" + + client = get_api_client(user=member) + response = client.post(url, data) + + assert response.status_code == status.HTTP_201_CREATED + + +@pytest.mark.django_db +@pytest.mark.parametrize( + "group_name", + [ + Groups.JUBKOM, + Groups.REDAKSJONEN, + Groups.FONDET, + Groups.PLASK, + Groups.DRIFT, + ], +) +def test_add_registration_to_event_as_group_member_of_non_organizing_group( + event, member, group_name +): + """ + A member of a specific group (not part of AdminGroup) should NOT be able to add a + registration to an event if their group did not organize it. + """ + add_user_to_group_with_name( + member, group_name, GroupType.SUBGROUP, MembershipType.MEMBER + ) + + event.organizer = GroupFactory(name="Different Organizer") + event.save() + + data = {"user": member.user_id, "event": event.id} + url = f"{_get_registration_url(event=event)}add/" + + client = get_api_client(user=member) + response = client.post(url, data) + + assert response.status_code == status.HTTP_403_FORBIDDEN + + +@pytest.mark.django_db +@pytest.mark.parametrize( + "group_name", + [ + Groups.JUBKOM, + Groups.REDAKSJONEN, + Groups.FONDET, + Groups.PLASK, + Groups.DRIFT, + ], +) +def test_add_registration_when_event_is_full(event, member, group_name): + """ + A member of the organizing group should be able to add a registration to an event + for another member even when the event is full, and the registration should be added to the waitlist. + """ + + member_group = add_user_to_group_with_name( + member, group_name, GroupType.SUBGROUP, MembershipType.MEMBER + ) + + event.organizer = member_group + event.limit = 1 + event.save() + + RegistrationFactory(event=event) + + data = {"user": member.user_id, "event": event.id} + url = f"{_get_registration_url(event=event)}add/" + + client = get_api_client(user=member) + response = client.post(url, data) + + assert response.status_code == status.HTTP_201_CREATED + assert event.registrations.get(user=member).is_on_wait + + @pytest.mark.django_db @pytest.mark.parametrize( ("order_status", "status_code"), diff --git a/app/tests/gallery/_init_.py b/app/tests/gallery/_init_.py new file mode 100644 index 000000000..e69de29bb