-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
576/disable remove depts #660
base: develop
Are you sure you want to change the base?
Conversation
Question for the OO team: There is pre-existing capability for admins to create a new department through the |
Any reason to move the routes from |
Since an admin or area coordinator would have to authenticated to access these routes, I thought it made sense to place them in |
yeah to echo @dismantl while users do need to be authenticated to make these changes, the auth blueprint is pretty much for account management related stuff (e.g. password resets, account validation and all that), the main blueprint is the right place for the functionality you're adding here |
@dismantl @redshiftzero What you're both saying about the functionality's placement makes sense. I will move it from |
e58a6b8
to
008c800
Compare
This PR is now ready for review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hey i took a quick look at this, mostly I have a question inline about the expected functionality of the disabling department feature
.gitignore
Outdated
@@ -86,6 +86,7 @@ vagrant/puppet/.tmp | |||
|
|||
# Editor files | |||
.idea/ | |||
.vscode/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
duplicate? (see line 92 below)
OpenOversight/app/main/views.py
Outdated
@ac_or_admin_required | ||
def view_ac_dept(): | ||
dept_id = current_user.ac_department_id | ||
dept = Department.query.filter_by(id=dept_id).first() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
first()
-> one()
since we only expect one match
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 It makes sense to use one()
if we only expect one match.
Is there ever a situation where a user could be an area coordinator for more than one department? For example, are any LPL members area coordinators for more than one department?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah, so right now a user can only be an AC of a single department (ref)
|
||
def upgrade(): | ||
# ### commands auto generated by Alembic - please adjust! ### | ||
op.add_column('departments', sa.Column('is_active', sa.Boolean(), nullable=True)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
seems like as part of this migration we should populate this field with is_active=True
for existing departments?
def view_ac_dept(): | ||
dept_id = current_user.ac_department_id | ||
dept = Department.query.filter_by(id=dept_id).first() | ||
form = ChangeDepartmentStatusForm(is_active=dept.is_active) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
actually I have a higher level question about this PR - my expectation is that disabling a department means that:
- it won't show up as a department for users to browse or search unless they are the AC of that department (perhaps preparing their collection prior to enabling it) or the admin
- links to officers, tags, etc. in that department for users that are not the AC of that department or an admin should 404
right now it looks like in this PR we're toggling a field (is_active
) in the database but not using that field anywhere (other than displaying its value in the views available to ACs or admins) - let me know if i'm misunderstanding
OpenOversight/app/models.py
Outdated
@@ -33,9 +33,10 @@ class Department(db.Model): | |||
name = db.Column(db.String(255), index=True, unique=True, nullable=False) | |||
short_name = db.Column(db.String(100), unique=False, nullable=False) | |||
unique_internal_identifier_label = db.Column(db.String(100), unique=False, nullable=True) | |||
is_active = db.Column(db.Boolean, default=True) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we don't want this to be nullable, since a department is either active or disabled
5e8e4f7
to
a1fe164
Compare
Hey @redshiftzero and @r4v5, Here is my (heavily updated!) work on implementing restrictions around active/inactive departments. I had two specific points I wanted to ask about. Currently, when a user who doesn't have permissions to view an inactive department navigates to that department's These are technically the correct error codes, but I worry that the 403 could indicate to potential bad actors that a new department is being added to OO. Are you fine with me using 404 in the first situation? My second question is bigger. I had a hard time figuring out how to respect active/inactive restrictions and area coordinator privileges when working with FlaskForms that use query selectors. For example, when the AC of an inactive department navigates to the But, since the FlaskForm for the I had the same problem when working with the Thanks, |
a1fe164
to
82f7edc
Compare
This is OK, since the user won't learn which department it is since the slug is primary key 👍
So it looks like we can pass a
So if the user is logged in, we can define a query in the view functions where we use the |
Thanks, @redshiftzero. I will revisit this PR and work on passing a |
82f7edc
to
c0c4a6b
Compare
c0c4a6b
to
2f903c3
Compare
2f903c3
to
78ff915
Compare
This PR is now ready for re-review. |
Status
Ready for review.
Description of Changes
Fixes #576.
Changes proposed in this pull request:
Notes for Deployment
Screenshots (if appropriate)
Photo of departments dashboard
Photo of enable/disable department page for AC
Tests and linting
I have rebased my changes on current
develop
pytests pass in the development environment on my local machine
(The one test that fails,
lastname_capitalization
, has been fixed in another PR that is currently being reviewed.)flake8
checks pass