From ccfb3d13d094804cd03774ed31fe32aa76e827ae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?=
 <valberg@orn.li>
Date: Wed, 15 Aug 2018 20:53:54 +0200
Subject: [PATCH] Fix access to backoffice with infodesk permissions.

---
 src/backoffice/templates/index.html             |  5 +++++
 src/backoffice/views.py                         | 15 +++++++++++----
 src/camps/migrations/0029_auto_20180815_2018.py | 17 +++++++++++++++++
 src/camps/models.py                             |  3 +++
 src/templates/includes/menuitems.html           |  2 +-
 5 files changed, 37 insertions(+), 5 deletions(-)
 create mode 100644 src/camps/migrations/0029_auto_20180815_2018.py

diff --git a/src/backoffice/templates/index.html b/src/backoffice/templates/index.html
index c8b94755..b3c7489d 100644
--- a/src/backoffice/templates/index.html
+++ b/src/backoffice/templates/index.html
@@ -14,6 +14,7 @@
 <div class="row">
     <p>
     <div class="list-group">
+      {% if perms.camps.infodesk_permission %}
       <a href="{% url 'backoffice:product_handout' camp_slug=camp.slug %}" class="list-group-item">
         <h4 class="list-group-item-heading">Hand Out Products</h4>
         <p class="list-group-item-text">Use this view to mark products such as merchandise, cabins, fridges and so on as handed out.</p>
@@ -26,6 +27,9 @@
         <h4 class="list-group-item-heading">Hand Out Badges</h4>
         <p class="list-group-item-text">Use this view to mark badges as handed out.</p>
       </a>
+      {% endif %}
+
+      {% if user.is_staff %}
       <a href="{% url 'backoffice:public_credit_names' camp_slug=camp.slug %}" class="list-group-item">
         <h4 class="list-group-item-heading">Approve Public Credit Names</h4>
         <p class="list-group-item-text">Use this view to check and approve users Public Credit Names</p>
@@ -50,6 +54,7 @@
         <h4 class="list-group-item-heading">Village Gear To Order</h4>
         <p class="list-group-item-text">Use this view to generate a list of village gear that needs to be ordered</p>
       </a>
+      {% endif %}
     </div>
 </div>
 
diff --git a/src/backoffice/views.py b/src/backoffice/views.py
index d75868f7..f2f0a551 100644
--- a/src/backoffice/views.py
+++ b/src/backoffice/views.py
@@ -1,6 +1,7 @@
 import logging
 from itertools import chain
 
+from django.contrib.auth.mixins import PermissionRequiredMixin
 from django.views.generic import TemplateView, ListView
 from django.views.generic.edit import UpdateView
 from django.shortcuts import redirect
@@ -8,6 +9,7 @@ from django.urls import reverse
 from django.contrib import messages
 from django.utils import timezone
 
+from camps.mixins import CampViewMixin
 from shop.models import OrderProductRelation
 from tickets.models import ShopTicket, SponsorTicket, DiscountTicket
 from profiles.models import Profile
@@ -18,11 +20,16 @@ from .mixins import BackofficeViewMixin
 logger = logging.getLogger("bornhack.%s" % __name__)
 
 
-class BackofficeIndexView(BackofficeViewMixin, TemplateView):
+
+class InfodeskMixin(CampViewMixin, PermissionRequiredMixin):
+    permission_required = ("camps.infodesk_permission")
+
+
+class BackofficeIndexView(InfodeskMixin, TemplateView):
     template_name = "index.html"
 
 
-class ProductHandoutView(BackofficeViewMixin, ListView):
+class ProductHandoutView(InfodeskMixin, ListView):
     template_name = "product_handout.html"
 
     def get_queryset(self, **kwargs):
@@ -34,7 +41,7 @@ class ProductHandoutView(BackofficeViewMixin, ListView):
         ).order_by('order')
 
 
-class BadgeHandoutView(BackofficeViewMixin, ListView):
+class BadgeHandoutView(InfodeskMixin, ListView):
     template_name = "badge_handout.html"
     context_object_name = 'tickets'
 
@@ -45,7 +52,7 @@ class BadgeHandoutView(BackofficeViewMixin, ListView):
         return list(chain(shoptickets, sponsortickets, discounttickets))
 
 
-class TicketCheckinView(BackofficeViewMixin, ListView):
+class TicketCheckinView(InfodeskMixin, BackofficeViewMixin, ListView):
     template_name = "ticket_checkin.html"
     context_object_name = 'tickets'
 
diff --git a/src/camps/migrations/0029_auto_20180815_2018.py b/src/camps/migrations/0029_auto_20180815_2018.py
new file mode 100644
index 00000000..e65b6d0c
--- /dev/null
+++ b/src/camps/migrations/0029_auto_20180815_2018.py
@@ -0,0 +1,17 @@
+# Generated by Django 2.1 on 2018-08-15 18:18
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('camps', '0028_auto_20180525_1025'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='camp',
+            options={'ordering': ['-title'], 'permissions': (('infodesk_permission', 'Infodesk permission'),), 'verbose_name': 'Camp', 'verbose_name_plural': 'Camps'},
+        ),
+    ]
diff --git a/src/camps/models.py b/src/camps/models.py
index 196ee48c..3a755ac9 100644
--- a/src/camps/models.py
+++ b/src/camps/models.py
@@ -16,6 +16,9 @@ class Camp(CreatedUpdatedModel, UUIDModel):
         verbose_name = 'Camp'
         verbose_name_plural = 'Camps'
         ordering = ['-title']
+        permissions = (
+            ("infodesk_permission", "Infodesk permission"),
+        )
 
     title = models.CharField(
         verbose_name='Title',
diff --git a/src/templates/includes/menuitems.html b/src/templates/includes/menuitems.html
index fe144075..308c3f1d 100644
--- a/src/templates/includes/menuitems.html
+++ b/src/templates/includes/menuitems.html
@@ -8,7 +8,7 @@
             {% if request.user.is_authenticated %}
             <a class="btn {% menubuttonclass 'rideshare' %}" href="{% url 'rideshare:list' camp_slug=camp.slug %}">Rideshare</a>
             {% endif %}
-            {% if request.user.is_staff %}
+            {% if request.user.is_staff or perms.camps.infodesk_permission %}
             <a class="btn {% menubuttonclass 'backoffice' %}" href="{% url 'backoffice:index' camp_slug=camp.slug %}">Backoffice</a>
             {% endif %}