simplify authorization/validation logic for verified users making proposals. Prevent unverified users from making proposals of any kind
This commit is contained in:
parent
8d8dda46e6
commit
2c8a52013c
|
@ -205,13 +205,6 @@ class Proposal(db.Model):
|
|||
if not hasattr(self, field):
|
||||
raise ValidationException("Proposal must have a {}".format(field))
|
||||
|
||||
from grant.utils.auth import get_authed_user
|
||||
current_user = get_authed_user()
|
||||
if current_user:
|
||||
if not current_user.email_verification.has_verified:
|
||||
message = "Please confirm your email before attempting to publish a proposal."
|
||||
raise ValidationException(message)
|
||||
|
||||
# Then run through regular validation
|
||||
Proposal.validate(vars(self))
|
||||
|
||||
|
|
|
@ -4,12 +4,12 @@ from flask_yoloapi import endpoint, parameter
|
|||
from grant.comment.models import Comment, comment_schema, comments_schema
|
||||
from grant.email.send import send_email
|
||||
from grant.milestone.models import Milestone
|
||||
from grant.settings import EXPLORER_URL
|
||||
from grant.user.models import User
|
||||
from grant.utils.auth import requires_auth, requires_team_member_auth, get_authed_user, internal_webhook
|
||||
from grant.utils.exceptions import ValidationException
|
||||
from grant.utils.misc import is_email, make_url, from_zat, make_preview
|
||||
from sqlalchemy import or_
|
||||
from grant.settings import EXPLORER_URL
|
||||
|
||||
from .models import (
|
||||
Proposal,
|
||||
|
|
|
@ -57,9 +57,12 @@ def requires_team_member_auth(f):
|
|||
if not proposal:
|
||||
return jsonify(message="No proposal exists with id {}".format(proposal_id)), 404
|
||||
|
||||
if not g.current_user in proposal.team:
|
||||
if g.current_user not in proposal.team:
|
||||
return jsonify(message="You are not authorized to modify this proposal"), 403
|
||||
|
||||
if not g.current_user.email_verification.has_verified:
|
||||
return jsonify(message="Please confirm your email."), 403
|
||||
|
||||
g.current_proposal = proposal
|
||||
return f(*args, **kwargs)
|
||||
|
||||
|
|
|
@ -1,11 +1,12 @@
|
|||
import React from 'react';
|
||||
import { connect } from 'react-redux';
|
||||
import { Link } from 'react-router-dom';
|
||||
import { Spin, List, Button, Divider, Popconfirm, message } from 'antd';
|
||||
import { Button, Divider, List, message, Popconfirm, Spin } from 'antd';
|
||||
import Placeholder from 'components/Placeholder';
|
||||
import { getIsVerified } from 'modules/auth/selectors';
|
||||
import Loader from 'components/Loader';
|
||||
import { ProposalDraft, STATUS } from 'types';
|
||||
import { fetchDrafts, createDraft, deleteDraft } from 'modules/create/actions';
|
||||
import { createDraft, deleteDraft, fetchDrafts } from 'modules/create/actions';
|
||||
import { AppState } from 'store/reducers';
|
||||
import './style.less';
|
||||
|
||||
|
@ -17,6 +18,7 @@ interface StateProps {
|
|||
createDraftError: AppState['create']['createDraftError'];
|
||||
isDeletingDraft: AppState['create']['isDeletingDraft'];
|
||||
deleteDraftError: AppState['create']['deleteDraftError'];
|
||||
isVerified: ReturnType<typeof getIsVerified>;
|
||||
}
|
||||
|
||||
interface DispatchProps {
|
||||
|
@ -51,8 +53,9 @@ class DraftList extends React.Component<Props, State> {
|
|||
isDeletingDraft,
|
||||
deleteDraftError,
|
||||
createDraftError,
|
||||
isVerified,
|
||||
} = this.props;
|
||||
if (createIfNone && drafts && !prevProps.drafts && !drafts.length) {
|
||||
if (isVerified && createIfNone && drafts && !prevProps.drafts && !drafts.length) {
|
||||
this.createDraft();
|
||||
}
|
||||
if (prevProps.isDeletingDraft && !isDeletingDraft) {
|
||||
|
@ -67,9 +70,20 @@ class DraftList extends React.Component<Props, State> {
|
|||
}
|
||||
|
||||
render() {
|
||||
const { drafts, isCreatingDraft } = this.props;
|
||||
const { drafts, isCreatingDraft, isVerified } = this.props;
|
||||
const { deletingId } = this.state;
|
||||
|
||||
if (!isVerified) {
|
||||
return (
|
||||
<div className="DraftList">
|
||||
<Placeholder
|
||||
title="Your email is not verified"
|
||||
subtitle="Please confirm your email before making a proposal."
|
||||
/>
|
||||
</div>
|
||||
);
|
||||
}
|
||||
|
||||
if (!drafts || isCreatingDraft) {
|
||||
return <Loader size="large" />;
|
||||
}
|
||||
|
@ -158,6 +172,7 @@ export default connect<StateProps, DispatchProps, OwnProps, AppState>(
|
|||
createDraftError: state.create.createDraftError,
|
||||
isDeletingDraft: state.create.isDeletingDraft,
|
||||
deleteDraftError: state.create.deleteDraftError,
|
||||
isVerified: getIsVerified(state),
|
||||
}),
|
||||
{
|
||||
fetchDrafts,
|
||||
|
|
Loading…
Reference in New Issue