simplify authorization/validation logic for verified users making proposals. Prevent unverified users from making proposals of any kind

2019-01-28 18:51:10 -06:00 · 2019-01-28 18:51:10 -06:00 · 2c8a52013c
parent 8d8dda46e6
commit 2c8a52013c
4 changed files with 24 additions and 13 deletions
--- a/backend/grant/proposal/models.py
+++ b/backend/grant/proposal/models.py
@ -205,13 +205,6 @@ class Proposal(db.Model):
            if not hasattr(self, field):
                raise ValidationException("Proposal must have a {}".format(field))

-        from grant.utils.auth import get_authed_user
-        current_user = get_authed_user()
-        if current_user:
-            if not current_user.email_verification.has_verified:
-                message = "Please confirm your email before attempting to publish a proposal."
-                raise ValidationException(message)
-
        # Then run through regular validation
        Proposal.validate(vars(self))

--- a/backend/grant/proposal/views.py
+++ b/backend/grant/proposal/views.py
@ -4,12 +4,12 @@ from flask_yoloapi import endpoint, parameter
 from grant.comment.models import Comment, comment_schema, comments_schema
 from grant.email.send import send_email
 from grant.milestone.models import Milestone
+from grant.settings import EXPLORER_URL
 from grant.user.models import User
 from grant.utils.auth import requires_auth, requires_team_member_auth, get_authed_user, internal_webhook
 from grant.utils.exceptions import ValidationException
 from grant.utils.misc import is_email, make_url, from_zat, make_preview
 from sqlalchemy import or_
-from grant.settings import EXPLORER_URL

 from .models import (
    Proposal,
--- a/backend/grant/utils/auth.py
+++ b/backend/grant/utils/auth.py
@ -57,9 +57,12 @@ def requires_team_member_auth(f):
        if not proposal:
            return jsonify(message="No proposal exists with id {}".format(proposal_id)), 404

-        if not g.current_user in proposal.team:
+        if g.current_user not in proposal.team:
            return jsonify(message="You are not authorized to modify this proposal"), 403

+        if not g.current_user.email_verification.has_verified:
+            return jsonify(message="Please confirm your email."), 403
+
        g.current_proposal = proposal
        return f(*args, **kwargs)

--- a/frontend/client/components/DraftList/index.tsx
+++ b/frontend/client/components/DraftList/index.tsx
@ -1,11 +1,12 @@
 import React from 'react';
 import { connect } from 'react-redux';
 import { Link } from 'react-router-dom';
-import { Spin, List, Button, Divider, Popconfirm, message } from 'antd';
+import { Button, Divider, List, message, Popconfirm, Spin } from 'antd';
 import Placeholder from 'components/Placeholder';
+import { getIsVerified } from 'modules/auth/selectors';
 import Loader from 'components/Loader';
 import { ProposalDraft, STATUS } from 'types';
-import { fetchDrafts, createDraft, deleteDraft } from 'modules/create/actions';
+import { createDraft, deleteDraft, fetchDrafts } from 'modules/create/actions';
 import { AppState } from 'store/reducers';
 import './style.less';

@ -17,6 +18,7 @@ interface StateProps {
  createDraftError: AppState['create']['createDraftError'];
  isDeletingDraft: AppState['create']['isDeletingDraft'];
  deleteDraftError: AppState['create']['deleteDraftError'];
+  isVerified: ReturnType<typeof getIsVerified>;
 }

 interface DispatchProps {
@ -51,8 +53,9 @@ class DraftList extends React.Component<Props, State> {
      isDeletingDraft,
      deleteDraftError,
      createDraftError,
+      isVerified,
    } = this.props;
-    if (createIfNone && drafts && !prevProps.drafts && !drafts.length) {
+    if (isVerified && createIfNone && drafts && !prevProps.drafts && !drafts.length) {
      this.createDraft();
    }
    if (prevProps.isDeletingDraft && !isDeletingDraft) {
@ -67,9 +70,20 @@ class DraftList extends React.Component<Props, State> {
  }

  render() {
-    const { drafts, isCreatingDraft } = this.props;
+    const { drafts, isCreatingDraft, isVerified } = this.props;
    const { deletingId } = this.state;

+    if (!isVerified) {
+      return (
+        <div className="DraftList">
+          <Placeholder
+            title="Your email is not verified"
+            subtitle="Please confirm your email before making a proposal."
+          />
+        </div>
+      );
+    }
+
    if (!drafts || isCreatingDraft) {
      return <Loader size="large" />;
    }
@ -158,6 +172,7 @@ export default connect<StateProps, DispatchProps, OwnProps, AppState>(
    createDraftError: state.create.createDraftError,
    isDeletingDraft: state.create.isDeletingDraft,
    deleteDraftError: state.create.deleteDraftError,
+    isVerified: getIsVerified(state),
  }),
  {
    fetchDrafts,