From e637d3b6576ff4d93544b10005cc10a5891ada91 Mon Sep 17 00:00:00 2001 From: Paul Craig Date: Fri, 13 Sep 2024 13:27:43 -0400 Subject: [PATCH] Archived NOFOs can only be seen by Bloom users Non-bloom users can't see their archived NOFOs ever again. --- CHANGELOG.md | 1 + bloom_nofos/nofos/mixins.py | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 223a2855..da6be5b8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ The format is based on Keep a Changelog, and this project adheres to Semantic Ve - Don't show archived NOFOs on NOFO list page - Add warning banner for archived NOFOs to "view" and "edit" pages - Deleting NOFOs now just archives them + - Archived NOFOs can only be seen by Bloom users ### Changed diff --git a/bloom_nofos/nofos/mixins.py b/bloom_nofos/nofos/mixins.py index c7e96298..e15cfb6f 100644 --- a/bloom_nofos/nofos/mixins.py +++ b/bloom_nofos/nofos/mixins.py @@ -5,6 +5,11 @@ def has_nofo_group_permission_func(user, nofo): + # Check if the NOFO is archived + if nofo.archived is not None: + # If archived, only 'bloom' users can access + return user.group == "bloom" + # If not a 'bloom' user and the group doesn't match, fail if user.group != "bloom" and user.group != nofo.group: return False