Changeset ecf87c8

Timestamp:

Jun 5, 2013, 5:53:11 AM (13 years ago)

Author:

Alex Dehnert <adehnert@…>

Branches:

master, stable, stage

Children:

17c118f

Parents:

242566d (diff), 72a3d90 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.

git-author:

Alex Dehnert <adehnert@…> (06/05/13 05:53:05)

git-committer:

Alex Dehnert <adehnert@…> (06/05/13 05:53:11)

Message:

Merge branch 'space-access'

This branch was created to fix ASA-#96 ("Differentiate between spaces CAC does
and does not manage access to"), but also fixes a wide variety of other
space-related issues.

• space-access: (23 commits) Fill in the office access timeframe Fix grammar ({e,a}ffect) Punt another spurious slash Use "Space Access" more consistently Add "Details" link to "Space access" page Rename 50-030 to 50-032 and set its lock type Space: tell groups CAC should reply (ASA-#235) Warn people off the "Space access" page (ASA-#233) Don't let people edit spaces the DB doesn't manage More Walker rooms Correct Walker room access Add info_url to the admin Incorporate feedback from CAC Update the space emails with non-DB-managed info Comment space/diffs.py's locker code a bit better Show lock types on manage access page Describe the lock types and list on space summary Add list of lock types and assign them to rooms Use pagename "groups", not "group" WIP: more non-CAC space work ...

Location:

asadb

Files:

• space/admin.py (modified) (2 diffs)
• space/diffs.py (modified) (7 diffs)
• space/fixtures/LockTypes.xml (added)
• space/migrations/0005_add_lock_type.py (added)
• space/migrations/0006_lock_types_setup.py (added)
• space/models.py (modified) (1 diff)
• space/views.py (modified) (3 diffs)
• template/index.html (modified) (1 diff)
• template/space/group-change-email.txt (modified) (1 diff)
• template/space/lock_types.html (added)
• template/space/manage-access.html (modified) (3 diffs)
• template/space/summary.html (modified) (2 diffs)
• urls.py (modified) (1 diff)
• util/diff_static_data.sh (modified) (1 diff)
• groups/views.py (modified) (2 diffs)
• template/groups/account_lookup.html (modified) (1 diff)
• template/groups/diffs/new-group-announce.txt (modified) (2 diffs)

asadb/space/admin.py

@@ -6 +6 @@
 import util.admin
 
+class Admin_LockType(VersionAdmin):
+    list_display = (
+        'id',
+        'name',
+        'slug',
+        'info_addr',
+        'info_url',
+        'db_update',
+    )
+    list_display_links = ( 'id', 'name', 'slug', )
+    search_fields = ('name', 'slug', 'info_addr', 'info_url', 'db_update', )
+admin.site.register(space.models.LockType, Admin_LockType)
+
 class Admin_Space(VersionAdmin):
     list_display = (
@@ -11 +24 @@
         'number',
         'asa_owned',
+        'lock_type',
         'merged_acl',
     )
     list_display_links = ( 'id', 'number', )
+    list_filter = ('lock_type', )
     search_fields = ('number', )
 admin.site.register(space.models.Space, Admin_Space)

asadb/space/diffs.py

@@ -8 +8 @@
     cur_file = os.path.abspath(__file__)
     django_dir = os.path.abspath(os.path.join(os.path.dirname(cur_file), '..'))
+    django_dir_parent = os.path.abspath(os.path.join(os.path.dirname(cur_file), '../..'))
     sys.path.append(django_dir)
+    sys.path.append(django_dir_parent)
     os.environ['DJANGO_SETTINGS_MODULE'] = 'settings'
 
 from django.core.mail import EmailMessage
+from django.core.urlresolvers import reverse
 from django.db import connection
 from django.db.models import Q
@@ -100 +103 @@
 
     def list_office_changes(self, ):
-        cac_lines = []
+        systems_lines = {
+            'cac-card': [],
+            'none': [],
+        }
         group_lines = []
-        def append_change(mit_id, verb, name):
-            cac_lines.append("%s:\t%s:\t%s" % (mit_id, verb, name))
-            group_lines.append("%s:\t%s" % (verb, name))
         for space_pk, space_data in self.offices.items():
+            lock_type = all_spaces[space_pk].lock_type
+            system_lines = systems_lines[lock_type.db_update]
+            def append_change(mit_id, verb, name):
+                system_lines.append("%s:\t%s:\t%s" % (mit_id, verb, name))
+                group_lines.append("%s:\t%s" % (verb, name))
+
             line = "Changes in %s:" % (all_spaces[space_pk].number, )
-            cac_lines.append(line)
+            system_lines.append(line)
             group_lines.append(line)
+
+            if lock_type.db_update == 'none':
+                tmpl =  'Warning: You submitted changes affecting this space, but this space is ' + \
+                        'a "%s" space, and is not managed through the ASA DB. See ' + \
+                        'https://asa.mit.edu%s for details on how to update spaces of this type.'
+                line = tmpl % (lock_type.name, reverse('space-lock-type'), )
+                group_lines.append(line)
+
             for mit_id, (old_names, new_names) in space_data.items():
                 if mit_id is None: mit_id = "ID unknown"
@@ -125 +142 @@
                         else:
                             append_change(mit_id, "Add", name)
-            cac_lines.append("")
+            system_lines.append("")
             group_lines.append("")
 
-        cac_msg = "\n".join(cac_lines)
+        systems_msg = dict([
+            (system, '\n'.join(lines), ) for (system, lines) in systems_lines.items()
+        ])
         group_msg = "\n".join(group_lines)
-        return cac_msg, group_msg
+        return systems_msg, group_msg
 
     def add_locker_signatories(self, space_access, time):
@@ -177 +196 @@
 
 def safe_add_change_real(change_by_name, change):
+    """Add a new change to our dict of pending changes.
+
+    If a different change has already been added for this person (eg, "Remove"
+    instead of "Keep", or with a different list of groups), error.  This should
+    always succeed; if it doesn't, the code is buggy. We worry about this
+    because we want to be really sure that the email that goes to just CAC is
+    compatible with the emails that go to each groups. Since we iterate over
+    the changes once per group, we want to be sure that for each group
+    iteration we're building compatible information.
+    """
+
     name = change.name
     if name in change_by_name:
@@ -200 +230 @@
         print "ID=%s (%s):\n\t%s\t(%s)\n\t%s\t(%s)\n" % (mit_id, unchanged, old_by_names, old_by_group, new_by_names, new_by_group, ),
         for group_pk in joint_keys(old_by_group, new_by_group):
+            # TODO: Do we need to do an iteration for each group? This seems
+            # slightly questionable. Can we just loop over all known names?
+
             old_names = old_by_group[group_pk]
             new_names = new_by_group[group_pk]
@@ -267 +300 @@
     cac_locker_msgs = []
 
-    process_spaces =  space.models.Space.objects.all()
+    process_spaces =  space.models.Space.objects.all().select_related('lock_type')
     for the_space in process_spaces:
         new_cac_msgs = space_specific_access(the_space, group_data, old_time, new_time)
@@ -274 +307 @@
 
     changed_groups = []
+    cac_chars = 0
     for group_pk, group_info in group_data.items():
         group_info.add_office_signatories(old_time, new_time)
-        cac_changes, group_office_changes = group_info.list_office_changes()
+        systems_changes, group_office_changes = group_info.list_office_changes()
         if group_info.changes:
-            changed_groups.append((group_info.group, cac_changes, group_office_changes, group_info.locker_messages, ))
+            cac_chars += len(systems_changes['cac-card'])
+            changed_groups.append((group_info.group, systems_changes['cac-card'], group_office_changes, group_info.locker_messages, ))
 
     asa_rcpts = ['asa-space@mit.edu', 'asa-db@mit.edu', ]
-    if changed_groups:
+    if cac_chars > 0 or cac_locker_msgs:
         util.emails.email_from_template(
             tmpl='space/cac-change-email.txt',

asadb/space/models.py

@@ -11 +11 @@
 EXPIRE_OFFSET   = datetime.timedelta(seconds=1)
 
+LOCK_DB_UPDATE_NONE = 'none'
+LOCK_DB_UPDATE_CAC_CARD = 'cac-card'
+lock_db_update_choices = (
+    (LOCK_DB_UPDATE_NONE, "No database management"),
+    (LOCK_DB_UPDATE_CAC_CARD, "CAC-managed card-based access"),
+)
+
+class LockType(models.Model):
+    name = models.CharField(max_length=50)
+    slug = models.SlugField(unique=True, )
+    description = models.TextField()
+    info_addr = models.EmailField(default='asa-exec@mit.edu', help_text='Address groups should email to get more information about managing access through this lock type.')
+    info_url = models.URLField(blank=True, help_text='URL that groups can visit to get more information about this lock type.')
+    db_update = models.CharField(max_length=20, default='none', choices=lock_db_update_choices)
+
+    def __unicode__(self, ):
+        return self.name
+
+
 class Space(models.Model):
     number = models.CharField(max_length=20, unique=True, )
     asa_owned = models.BooleanField(default=True, )
+    lock_type = models.ForeignKey(LockType)
     merged_acl = models.BooleanField(default=False, help_text="Does this room have a single merged ACL, that combines all groups together, or CAC maintain a separate ACL per-group? Generally, the shared storage offices get a merged ACL and everything else doesn't.")
     notes = models.TextField(blank=True, )

asadb/space/views.py

@@ -90 +90 @@
         'allow_edit': allow_edit,
         'extras_indices': extras_indices,
-        'pagename':'group',
+        'pagename':'groups',
     }
     return render_to_response('space/manage-access.html', context, context_instance=RequestContext(request), )
@@ -112 +112 @@
         'locker_num',
         'group__name',
-    ).select_related('space', 'group')
+    ).select_related('space', 'space__lock_type', 'group')
     office_assignments = assignments.filter(locker_num='')
 
@@ -127 +127 @@
         'offices': office_assignments,
         'lockers': locker_rooms,
-        'pagename':'group',
+        'pagename':'groups',
     }
     return render_to_response('space/summary.html', context, context_instance=RequestContext(request), )
+
+def lock_types(request, ):
+    lock_types = space.models.LockType.objects.order_by('name')
+    context = {
+        'lock_types': lock_types,
+        'pagename': 'groups',
+    }
+    return render_to_response('space/lock_types.html', context, context_instance=RequestContext(request), )

asadb/template/index.html

@@ -58 +58 @@
     </ul></li>
     <li><a href='{% url space-summary %}'>Space assignments</a>
+        <ul>
+        <li><a href='{% url space-lock-type %}'>Lock Types</a></li>
         {% if perms.groups.view_group_private_info %}
-        <ul>
         <li><a href='{% url space-dump-locker-access %}'>Locker access (CSV)</a></li>
         <li><a href='{% url space-dump-office-access %}'>Office access (CSV)</a></li>
+        {% endif %}
         </ul>
-        {% endif %}
     </li>
     <li><a href='{% url about %}'>About the ASA Database</a><ul>

asadb/template/space/group-change-email.txt

@@ -1 +1 @@
 {% autoescape off %}Hi {{group.name}},
-    Thank you for updating space access on the ASA database today. We've forwarded the following changes on to CAC:
+
+Thank you for updating space access on the ASA database today. We are forwarding these changes to CAC, which generally updates access within one week. They will reply when the update has been done; if you don't get a reply, the message may have been lost and you should reply-all to this email reminding them.
+
+We believe you made the following changes:
 
 {% if office_msg %}

asadb/template/space/manage-access.html

@@ -1 +1 @@
 {% extends "base.html" %}
 
-{% block title %}{{group.name}}: Office Access{% endblock %}
+{% block title %}{{group.name}}: Space Access{% endblock %}
 {% block content %}
 
-<h1>{{group.name}}: Office Access</h1>
+<h1>{{group.name}}: Space Access</h1>
 
 {% include "groups/group_tools.part.html" %}
@@ -48 +48 @@
     <th>{{assignment.space}}</th>
     <td>
+        {% with assignment.space.lock_type as lock_type %}
+        {% if lock_type.db_update == "none" %}
+        <p><strong>Warning: Access to this office is not managed through the ASA DB.</strong></p>
+        <p><em><a href='{% url space-lock-type %}'>{{lock_type.name}}</a></em>: {{lock_type.description}}{% if lock_type.info_url %} <a href='{{lock_type.info_url}}'>Details.</a>{%endif%}</p>
+        <p>Contact <a href='mailto:{{lock_type.info_addr}}'>{{lock_type.info_addr}}</a> for more information.</p>
+
+        {% else %}
+
+        <p>We recommend managing access on the <a href='{% url groups:group-manage-officers group.id %}'>update people</a> page if possible. You should only need to use this page if:</p>
+        <ul>
+            <li>You need to grant access to somebody who does not have an Athena account, or</li>
+            <li>Your group has several offices, and somebody needs access to one or more of the offices, but should not have access to all of them</li>
+        </ul>
+
         <table class='pretty-table'>
             <tr>
@@ -67 +81 @@
             </tr>{% endfor %}
         </table>
+
+        {% endif %}
+        {% endwith %}
+
     </td>
 </tr>

asadb/template/space/summary.html

@@ -27 +27 @@
     <th>Room</th>
     <th>Group</th>
+    <th><a href='{% url space-lock-type %}'>Lock Type</a></th>
     <th>Access</th>
 </tr>
@@ -33 +34 @@
     <td>{{office.space.number}}</td>
     <td><a href='{% url groups:group-detail office.group.pk %}'>{{office.group}}</a></td>
+    <td>{{office.space.lock_type.name}}</td>
     <td><a href='{% url groups:group-space-access office.group.pk %}'>Access</a></td>
 </tr>

asadb/urls.py

@@ -86 +86 @@
     url(r'^space/dump/office-access.csv$', space.views.dump_office_access, name='space-dump-office-access', ),
     url(r'^space/$', space.views.summary, name='space-summary', ),
+    url(r'^space/lock_types.html$', space.views.lock_types, name='space-lock-type', ),
 
     # Uncomment the admin/doc line below and add 'django.contrib.admindocs' 

asadb/util/diff_static_data.sh

@@ -12 +12 @@
 ../../manage.py dumpdata --format=xml --indent=4 groups.ActivityCategory > groups_initial_data.xml
 ../../manage.py dumpdata --format=xml --indent=4 forms.FYSMCategory > forms_initial_data.xml
-git add {groups,forms}_initial_data.xml
+../../manage.py dumpdata --format=xml --indent=4 space.LockType --format=xml --indent=4 > space_lock_types.xml
+git add {groups,forms}_initial_data.xml space_lock_types.xml
 
 echo

asadb/groups/views.py

@@ -630 +630 @@
         self.fields['constitution_url'].required = True
         self.fields['constitution_url'].help_text = "Please put a copy of your finalized constitution on a publicly-accessible website (e.g. your group's, or your own, Public folder), and link to it in the box above."
+        self.fields['group_email'].required = True
         self.fields['athena_locker'].required = True
         self.fields['athena_locker'].help_text = "In general, this is limited to twelve characters. You should stick to letters, numbers, and hyphens. (Underscores and dots are also acceptable, but may cause problems in some situations.)"
@@ -849 +850 @@
             group_startup.save()
 
-            group.group_status = groups.models.GroupStatus.objects.get(slug='active')
+            group.group_status = groups.models.GroupStatus.objects.get(slug='suspended')
             group.constitution_url = ""
             group.recognition_date = datetime.datetime.now()
             group.set_updater(request.user)
+
+            note = groups.models.GroupNote(
+                author=request.user.username,
+                body="Approved group for recognition.",
+                acl_read_group=True,
+                acl_read_offices=True,
+                group=group,
+            ).save()
 
             group.save()

asadb/template/groups/account_lookup.html

@@ -41 +41 @@
 </tr>
 </table>
+{% endif %}
+
+{% if account_number %}
+<p>You may be able to find information about account {{account_number}} in <a href='https://rolesweb.mit.edu/cgi-bin/roleauth2.pl?category=SAP+SAP-related&amp;func_name=CAN+SPEND+OR+COMMIT+FUNDS&amp;qual_code=F{{account_number}}&amp;skip_root=Y'>Roles</a>.</p>
 {% endif %}
 

asadb/template/groups/diffs/new-group-announce.txt

@@ -5 +5 @@
 to the MIT community!
 
-The last step to finalize the group recognition is for you to finish entering the
-group's complete information into the ASA Database:
+Your group is currently *suspended*. The last step to finalize the group
+recognition is for you to finish entering the group's complete information into
+the ASA Database:
 
       http://web.mit.edu/asa/www/asa-db.shtml
@@ -29 +30 @@
 can modify the information and that MIT personal certificates are
 required to access the group's account in the ASA Database.
+
+Once you have completed these steps, you must *notify asa-groups@mit.edu* to
+become an active group.
 
 *** Please keep this e-mail for further reference. ***