Switch to use Django Permissions for identifying HR permissions, in addition move HR templates

hr/models.py

@@ -117,6 +117,12 @@ class Application(models.Model):
     def __unicode__(self):
         return self.character.name
 
+    class Meta:
+        permissions = (
+            ("can_accept", "Can accept / reject applications"),
+            ("can_view_all", "Can view all applications"),
+            ("can_view_corp", "Can view corp applications"),
+        )
 
 class Recommendation(models.Model):
     """ User recommendation for a application """

hr/templates/hr/applications/accept.html

@@ -0,0 +1,14 @@
+{% extends "base.html" %}
+
+{% block title %}Accept Application{% endblock %}
+
+{% block content %}
+<p>Fill in a note you want to send to the user.</p>
+<form action="{% url hr.views.accept_application applicationid %}" method="post">
+<table>
+{{ form.as_table }}
+{% csrf_token %}
+</table>
+<input type="submit" value="Apply" />
+</form>
+{% endblock %}

hr/templates/hr/applications/add.html

@@ -0,0 +1,15 @@
+{% extends "base.html" %}
+
+{% block title %}Create Application{% endblock %}
+
+{% block content %}
+<p>Select the character you wish to apply with, then the corporation you wish to apply for.</p>
+
+<form action="{% url hr.views.add_application %}" method="post">
+<table>
+{{ form.as_table }}
+</table>
+{% csrf_token %}
+<input type="submit" value="Apply" />
+</form>
+{% endblock %}

hr/templates/hr/applications/add_message.html

@@ -0,0 +1,13 @@
+{% extends "base.html" %}
+
+{% block title %}Send Message to Applicant{% endblock %}
+
+{% block content %}
+<form action="{% url hr.views.add_message applicationid %}" method="post">
+<table>
+{{ form.as_table }}
+</table>
+{% csrf_token %}
+<input type="submit" value="Apply" />
+</form>
+{% endblock %}

hr/templates/hr/applications/add_note.html

@@ -0,0 +1,13 @@
+{% extends "base.html" %}
+
+{% block title %}Add Note to Application{% endblock %}
+
+{% block content %}
+<form action="{% url hr.views.add_note applicationid %}" method="post">
+<table>
+{{ form.as_table }}
+</table>
+{% csrf_token %}
+<input type="submit" value="Apply" />
+</form>
+{% endblock %}

hr/templates/hr/applications/admin/view_list.html

@@ -0,0 +1,35 @@
+{% extends "base.html" %}
+
+{% block title %}Applications{% endblock %}
+
+{% block content %}
+
+<h3>Search All Applications</h3>
+<form method="GET" action="{% url hr.views.admin_applications %}">
+<input type="text" name="q" />
+<input type="submit" value="Search" />
+</form>
+
+{% if apps %}
+<table>
+<tr><th><a href="{% url hr.views.admin_applications %}?o=id">Application ID</a></th>
+    <th><a href="{% url hr.views.admin_applications %}?o=character">Character</a></th>
+    <th><a href="{% url hr.views.admin_applications %}?o=corporation">Corporation</a></th>
+    <th>Application Status</th>
+    <th>Last Action Date</th>
+    <th>Last Action User</th></tr>
+{% for app in apps %}
+<tr {% if app.alt_application %}id="alt-application"{% endif %}><td><a href="{% url hr.views.view_application app.id %}">{{ app.id }}</a></td>
+    <td>{{ app.character }}</td>
+    <td>{{ app.corporation }}</td>
+    <td>{{ app.get_status_display }}</td>
+    <td>{{ app.last_action.date }}</td>
+    <td>{{ app.last_action.user }}</td>
+</tr>
+{% endfor %}
+</table>
+{% else %}
+<p>No applications found.</p>
+{% endif %}
+
+{% endblock %}

hr/templates/hr/applications/noadd.html

@@ -0,0 +1,7 @@
+{% extends "base.html" %}
+
+{% block title %}Create Application{% endblock %}
+
+{% block content %}
+<p>Unfortunatly, no Corporations are accepting applications at the moment.</p>
+{% endblock %}

hr/templates/hr/applications/reject.html

@@ -0,0 +1,14 @@
+{% extends "base.html" %}
+
+{% block title %}Reject Application{% endblock %}
+
+{% block content %}
+<p>Fill in the rejection reason below, please note, this will be sent out to the user.</p>
+<form action="{% url hr.views.reject_application applicationid %}" method="post">
+<table>
+{{ form.as_table }}
+</table>
+{% csrf_token %}
+<input type="submit" value="Apply" />
+</form>
+{% endblock %}

hr/templates/hr/applications/view.html

@@ -0,0 +1,173 @@
+{% extends "base.html" %}
+
+{% load humanize %}
+{% load if_extra %}
+{% load installed %}
+
+{% block title %}View Application{% endblock %}
+
+{% block content %}
+<h3>Application Details</h3>
+
+<ul>
+<li>Applying Auth User: <a href="{% url sso.views.user_view app.user %}">{{ app.user }}</a></li>
+<li>Applying Character: <a href="{% url eve_api.views.eveapi_character app.character.id %}">{{ app.character }}</a></li>
+<li>Applying To: <a href="{% url eve_api.views.eveapi_corporation app.corporation.id %}">{{ app.corporation }}</a></li>
+<li>Application Status: <b>{{ app.get_status_display }}</b></li>
+<li>Blacklist Status: <b>{% if app.blacklisted %}<font color='red'>BLACKLISTED</font>{% else %}<font color='geen'>OK</font>{% endif %}</b></li>
+</ul>
+
+{% ifnotequal app.status 5 %}
+<h3>Actions</h3>
+<div class="skill_controls">
+<p>
+{% if app.status < 1 %}
+<a href="{% url hr.views.update_application app.id 1 %}">Submit Application</a>
+{% else %}
+<a href="{% url hr.views.update_application app.id 0 %}">Withdraw Application</a>
+{% endif %}
+<a href="{% url hr.views.add_message app.id %}">Add Message</a>
+{% if hrstaff %}
+<a href="{% url hr.views.add_note app.id %}">Add Staff Note</a>
+{% if app.status < 2 or app.status = 4 or app.status = 6 %}
+{% if perms.hr.can_accept %}
+<a href="{% url hr.views.reject_application app.id %}">Reject Application</a>
+{% ifequal app.blacklisted 0 %}
+<a href="{% url hr.views.accept_application app.id %}">Accept Application</a>
+{% endifequal %}
+{% endif %}
+{% ifnotequal app.status 4 %}
+<a href="{% url hr.views.update_application app.id 4 %}">Mark as In Query</a>
+{% endifnotequal %}
+{% ifnotequal app.status 6 %}
+<a href="{% url hr.views.update_application app.id 6 %}">Flag for Review</a>
+{% endifnotequal %}
+{% endif %}
+{% ifequal app.status 3 %}
+<a href="{% url hr.views.update_application app.id 5 %}">Mark as Complete</a>
+{% endifequal %}
+{% endif %}
+</p>
+</div>
+{% endifnotequal %}
+
+{% if audit %}
+<h3>Event Log</h3>
+<table width="100%">
+<tr><th width="50px">Event Type</th><th width="75px">User</th><th width="50px">Date</th><th>Event Details</th></tr>
+{% for a in audit %}
+<tr><td>{{ a.get_event_display }}</td><td>{{ a.user }}</td><td>{{ a.date|date:"Y/m/d H:i:s" }}</td><td>{{ a.text|linebreaks }}</td></tr>
+{% endfor %}
+</table>
+{% endif %}
+
+{% if app.blacklisted %}
+<h3>Blacklist Triggers</h3>
+<table>
+<tr><th>Blacklist Type</th><th>Blacklisted Value</th><th>Reason</th><th>Source</th></tr>
+{% for a in app.blacklist_values %}
+<tr><td>{{ a.get_type_display }}</td><td>{{ a.value }}</td><td>{{ a.reason }}</td><td>{{ a.source }}</td></tr>
+{% endfor %}
+</table>
+{% endif %}
+
+{% if app.recommendation_set.all %}
+<h3>Recommendations</h3>
+<table>
+<tr><th>User</th><th>Character</th><th>Corporation</th><th>Valid Recommendation</th><th>Total User Recomendations</th></tr>
+{% for rec in app.recommendation_set.all %}
+<tr><td><a href="{% url sso.views.user_view rec.user %}">{{ rec.user }}</a></td>
+<td><a href="{% url eve_api.views.eveapi_character rec.user_character.id %}">{{ rec.user_character }}</a></td>
+<td><a href="http://evemaps.dotlan.net/corp/{{ rec.user_character.corporation.name }}">{{ rec.user_character.corporation }}</a></td>
+<td>{% if rec.is_valid %}<font color="green">Yes</font>{% else %}<font color="red">No</font>{% endif %}</td>
+<td>{{ rec.user.recommendation_set.all.count }}</td>
+</tr>
+{% endfor %}
+</table>
+{% endif %}
+
+{% if hrstaff %}
+<h3>EVE Characters</h3>
+<table>
+<tr><th>Character</th><th>Corp / Alliance</th><th>ISK</th><th>SP</th><th>Links</th></tr>
+{% for acc in app.user.eveaccount_set.all %}
+{% for char in acc.characters.all %}
+<tr><td><a href="{% url eve_api.views.eveapi_character char.id %}">{{ char.name }}</a></td>
+    <td><a href="http://evemaps.dotlan.net/corp/{{ char.corporation }}">{{ char.corporation }}</a>{% if char.corporation.alliance %} / 
+        <a href="http://evemaps.dotlan.net/alliance/{{ char.corporation.alliance }}">{{ char.corporation.alliance }}</a>{% endif %}
+    </td>
+    <td align="right">{{ char.balance|intcomma }} ISK</td>
+    <td align="right">{{ char.total_sp|intcomma }} SP</td>
+    <td>{% if request.is_igb %}<a href="javascript:CCPEVE.showInfo(1377, {{ char.id }})">Show In Eve</a> / {% endif %}<a href="https://gate.eveonline.com/Profile/{{ char.name }}/">EveGate Profile</a> / <a href="http://eve-search.com/search/author/{{ char.name }}">EveSearch</a></td>
+</tr>
+{% endfor %}
+{% endfor %}
+</table>
+{% if "reddit"|installed %}
+{% if app.user.redditaccount_set.all %}
+<h3>Reddit Accounts</h3>
+<table>
+<tr><th>Account</th><th>Karma</th><th>Validated</th><th>Creation Date</th><th>Matches Criteria?</th></tr>
+{% for acc in app.user.redditaccount_set.all %}
+<tr><td><a href="http://reddit.com/user/{{ acc.username }}/">{{ acc.username }}</a></td>
+    <td>{{ acc.link_karma }} / {{ acc.comment_karma }}</td>
+    <td>{% if acc.validated %}Validated{%else %}<b>NOT VALIDATED</b>{% endif %}</td>
+    <td>{{ acc.date_created }}</td>
+    <td>{% if acc.is_valid %}<font color="green">Yes</font>{% else %}<font color="red">No</font>{% endif %}</td>
+</tr>
+{% endfor %}
+</table>
+
+<h3>Recent Reddit Posts</h3>
+
+<span id="loadlink">
+<a href="javascript:redditposts()">Load recent Reddit posts</a>
+</span>
+
+<script type="text/javascript">
+function createRequestObject() {
+    var ro;
+    var browser = navigator.appName;
+    if(browser == "Microsoft Internet Explorer"){
+        ro = new ActiveXObject("Microsoft.XMLHTTP");
+    }else{
+        ro = new XMLHttpRequest();
+    }
+    return ro;
+}
+
+var http = createRequestObject();
+
+function redditposts(action) {
+    http.open('get', '{% url hr.views.view_application app.id %}?redditxhr');
+    http.onreadystatechange = handleResponse;
+    http.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
+    http.send(null);
+}
+
+function handleResponse() {
+    if(http.readyState == 4){
+        var response = eval('(' + http.responseText + ')');
+        var update = new Array();
+
+        document.getElementById('loadlink').style.display = 'none';
+
+        var out = '';
+        for (var obj in response) {
+            if (response[obj]['kind'] == 2) {
+                var out = out + "<p><b><a href=\"http://reddit.com" + response[obj]['permalink'] + "\">" + response[obj]['title'] + "</a></b> - (/r/" + response[obj]['subreddit']+ ")</p>";
+            } else {
+                var out = out + "<p>" + response[obj]['body'] + "<br/><b>/r/" + response[obj]['subreddit'] + "</b> <a href=\"" + response[obj]['permalink'] + "\">Permalink</a></p>";
+            }
+        }
+        document.getElementById('redditposts').innerHTML = out;
+    }
+}
+</script>
+
+<div id="redditposts">
+</div>
+{% endif %}
+{% endif %}
+{% endif %}
+{% endblock %}

hr/templates/hr/applications/view_list.html

@@ -0,0 +1,22 @@
+{% extends "base.html" %}
+
+{% block title %}Applications{% endblock %}
+
+{% block content %}
+<p>This list shows your current open applications</p>
+{% if apps %}
+<table>
+<tr><th>Application ID</th><th>Character</th><th>Corporation</th><th>Application Status</th></tr>
+{% for app in apps %}
+<tr><td><a href="{% url hr.views.view_application app.id %}">{{ app.id }}</a></td>
+    <td>{{ app.character }}</td>
+    <td>{{ app.corporation }}</td>
+    <td>{{ app.get_status_display }}</td>
+</tr>
+{% endfor %}
+</table>
+{% else %}
+<p>You have no current applications</p>
+{% endif %}
+
+{% endblock %}

hr/templates/hr/emails/accepted.txt

@@ -0,0 +1,13 @@
+Hi {{ app.character }},
+
+Congratulations, Your application to {{ app.corporation }} has been accepted. You will be accepted into the {{ app.corporation }} within the next 24 hours.
+
+{% if note %}
+{{ note }}
+{% endif %}
+
+If you have any further questions regarding your application, please contact {{ app.corporation }} via the normal channels.
+
+Regards,
+
+{{ app.corporation }} HR Bot

hr/templates/hr/emails/accepted_subject.txt

@@ -0,0 +1 @@
+Application to {{ app.corporation }} accepted.

hr/templates/hr/emails/message.txt

@@ -0,0 +1,13 @@
+Hi {{ app.character }},
+
+A message was sent to you regarding your current application to {{ app.corporation }}:
+
+{% if note %}
+{{ note }}
+{% endif %}
+
+If you have any further questions regarding your application, please contact {{ app.corporation }} via the normal channels.
+
+Regards,
+
+{{ app.corporation }} HR Bot

hr/templates/hr/emails/message_subject.txt

@@ -0,0 +1 @@
+A message regarding your application to {{ app.corporation }}.

hr/templates/hr/emails/rejected.txt

@@ -0,0 +1,15 @@
+Hi {{ app.character }},
+
+Your application to {{ app.corporation }} has been rejected.
+
+{% if note %}
+{{ note }}
+{% else %}
+One of our Personnel people will contact you in a seperate method to explain why you have been rejected. 
+{% endif %}
+
+If you have any further questions regarding your application, please contact {{ app.corporation }} via the normal channels.
+
+Regards,
+
+{{ app.corporation }} HR Bot

hr/templates/hr/emails/rejected_subject.txt

@@ -0,0 +1 @@
+Application to {{ app.corporation }} rejected.

hr/templates/hr/index.html

@@ -0,0 +1,22 @@
+{% extends "base.html" %}
+
+{% block title %}HR{% endblock %}
+
+{% block content %}
+<h3>Applications</h3>
+<p><a href="{% url hr.views.view_applications %}">View your current open applications</a><br/>
+<a href="{% url hr.views.add_application %}">Create a application</a><br/></p>
+<h3>Recommendations</h3>
+<p>
+<a href="{% url hr.views.view_recommendations %}">View your current open recommendations</a><br/>
+<a href="{% url hr.views.add_recommendation %}">Add a recommendation</a><br/>
+</p>
+
+{% if hrstaff %}
+<h3>HR Admin</h3>
+<p>
+<a href="{% url hr.views.admin_applications %}">View applications</a><br/>
+</p>
+{% endif %}
+
+{% endblock %}

hr/templates/hr/recommendations/add.html

@@ -0,0 +1,17 @@
+{% extends "base.html" %}
+
+{% block title %}Add Recommendation{% endblock %}
+
+{% block content %}
+<p>Select a character you wish to recommend from, then select your friend's current application.
+
+The person you are recommending needs to have created their application before you can add a recommendation.</p>
+
+<form action="{% url hr.views.add_recommendation %}" method="post">
+<table>
+{{ form.as_table }}
+</table>
+{% csrf_token %}
+<input type="submit" value="Add Recommendation" />
+</form>
+{% endblock %}

hr/templates/hr/recommendations/view_list.html

@@ -0,0 +1,26 @@
+{% extends "base.html" %}
+
+{% block title %}Recommendations{% endblock %}
+
+{% block content %}
+<p>This list shows your current open recommendations that are yet to be submitted, as 
+soon as the recommended user submits their application your recommendation will be removed from this list.</p>
+{% if recs %}
+<table>
+<thead>
+<tr><th>Recommender</th><th>Recommended Application</th><th>Application Status</th></tr>
+</thead>
+<tbody>
+{% for rec in recs %}
+<tr><td>{{ rec.user_character }}</td>
+    <td>{{ rec.application }}</td>
+    <td>{{ rec.application.get_status_display }}</td>
+</tr>
+</tbody>
+{% endfor %}
+</table>
+{% else %}
+<p>You have no current recommendations</p>
+{% endif %}
+
+{% endblock %}

hr/views.py

@@ -37,23 +37,22 @@ def send_message(application, message_type, note=None):
 def check_permissions(user, application=None):
     """ Check if the user has permissions to view or admin the application """
 
-    hrgroup, created = Group.objects.get_or_create(name=settings.HR_STAFF_GROUP)
     corplist = EVEPlayerCharacter.objects.filter(eveaccount__user=user,corporation__applications=True)
     if not application:
-        if hrgroup in user.groups.all() or user.is_superuser or corplist.filter(director=True).count():
+        if user.has_perm('hr.can_view_all') or user.has_perm('hr.can_view_corp') or corplist.filter(director=True).count():
             return HR_ADMIN
     else:
-        if user.is_superuser:
-            return HR_ADMIN
-        elif application.user == user:
+        if application.user == user:
             return HR_VIEWONLY
+        if user.has_perm('hr.can_view_all'):
+            return HR_ADMIN
         else:
             # Give admin access to directors of the corp
             if application.corporation.id in corplist.filter(director=True).values_list('corporation__id', flat=True):
                 return HR_ADMIN
 
             # Give access to none director HR people access
-            if application.corporation.id in corplist.values_list('corporation__id', flat=True) and hrgroup in user.groups.all():
+            if application.corporation.id in corplist.values_list('corporation__id', flat=True) and user.has_perm('hr.can_view_corp'):
                 return HR_ADMIN
 
     return HR_NONE
@@ -80,15 +79,17 @@ def view_application(request, applicationid):
 
     app = get_object_or_404(Application, id=applicationid)
 
-    hrlvl = check_permissions(request.user, app)
-    if hrlvl == 1:
+    perm = check_permissions(request.user, app)
+    if perm == HR_VIEWONLY:
         audit = app.audit_set.filter(event__in=[AUDIT_EVENT_STATUSCHANGE, AUDIT_EVENT_REJECTION, AUDIT_EVENT_ACCEPTED, AUDIT_EVENT_MESSAGE])
-    elif hrlvl == 2:
+    elif perm == HR_ADMIN:
         hrstaff = True
         audit = app.audit_set.all()
     else:
         return HttpResponseRedirect(reverse('hr.views.index'))
 
+    # Respond to Reddit Comment Load
+    # TODO: Move to reddit app?
     if installed('reddit') and request.GET.has_key('redditxhr') and request.is_ajax():
         posts = []
         for acc in app.user.redditaccount_set.all():
@@ -159,14 +160,16 @@ def add_recommendation(request):
 
 @login_required
 def admin_applications(request):
-    if check_permissions(request.user) < HR_ADMIN:
-        return HttpResponseRedirect(reverse('hr.views.index'))
-
     # Get the list of viewable applications by the admin
     corplist = EVEPlayerCharacter.objects.filter(eveaccount__user=request.user).values_list('corporation', flat=True)
     view_status = [APPLICATION_STATUS_AWAITINGREVIEW, APPLICATION_STATUS_ACCEPTED, APPLICATION_STATUS_QUERY]
 
-    apps = Application.objects.filter(corporation__id__in=list(corplist))
+    if request.user.has_perm('hr.can_view_all'):
+        apps = Application.objects.all()
+    elif request.user.has_perm('hr.can_view_corp'):
+        apps = Application.objects.filter(corporation__id__in=list(corplist))
+    else:
+        return HttpResponseRedirect(reverse('hr.views.index'))
 
     if 'q' in request.GET:
         query = request.GET['q']
@@ -219,8 +222,8 @@ def add_note(request, applicationid):
 @login_required
 def add_message(request, applicationid):
     """ Send a message to the end user and note it on the application """
-    app = get_object_or_404(Application, id=applicationid)
 
+    app = get_object_or_404(Application, id=applicationid)
     if check_permissions(request.user, app):
         if request.method == 'POST':
             obj = Audit(application=app, user=request.user, event=AUDIT_EVENT_MESSAGE)
@@ -240,7 +243,7 @@ def add_message(request, applicationid):
 def reject_application(request, applicationid):
     """ Reject the application and notify the user """
 
-    if check_permissions(request.user) == HR_ADMIN:
+    if check_permissions(request.user) == HR_ADMIN and request.user.has_perm('hr.can_accept'):
         if request.method == 'POST':
             app = Application.objects.get(id=applicationid)
             if check_permissions(request.user, app) == HR_ADMIN:
@@ -262,7 +265,7 @@ def reject_application(request, applicationid):
 def accept_application(request, applicationid):
     """ Accept the application and notify the user """
 
-    if check_permissions(request.user) == HR_ADMIN:
+    if check_permissions(request.user) == HR_ADMIN and request.user.has_perm('hr.can_accept'):
         if request.method == 'POST':
             app = Application.objects.get(id=applicationid)
             if check_permissions(request.user, app) == HR_ADMIN: