Enhancements to Tournament Creation and Editing for Non-Staff Users #265
Conversation
| return reverse("tournament-detail", kwargs={"pk": self.object.pk}) | ||
|
|
||
|
|
||
| def distribute_tokens(): |
There was a problem hiding this comment.
you might want to check this link for an alternative way for implementing distribute token:
https://chat.openai.com/share/e3e3871f-4acd-4959-94a3-d260c84f8ede
No matter which way you choose, please make sure to well-document your approach to the issue this PR is related to.
|
|
||
| def distribute_tokens(): | ||
| # Placeholder for future date check | ||
| # thirty_days_ago = datetime.now() - timedelta(days=30) |
There was a problem hiding this comment.
Hmm we don't have to have a placeholder for future date check. We can just manually distribute tokens on a certain date every month to all users. Please see above link for a reference. Once this is addressed, we are good to go
|
Thanks for the commentary @MuyanXie. The |
|
That makes sense. I'll go ahead and approve this PR |
There was a problem hiding this comment.
This is a big PR, and clearly a lot of thought has been put in for all the functionalities. A few of the defined changes aren't properly working (see comments), but really great work with this one so far! Also, make sure you update with dev because I think you might get some migration conflicts.
src/chigame/games/views.py
Outdated
|
|
||
| def form_valid(self, form): | ||
| user = self.request.user | ||
| if user.tokens < 1: |
There was a problem hiding this comment.
It seems like you are removing tokens for staff as well which makes it so staff can only create one tournament. I'm getting the same error regardless of whether I am creating a tournament from a staff account or not. Also, I'd prefer if you had the redirection before the user tries to fill our the form. Maybe you could do if user.tokens and user.is_staff and return redirect immediately.
| @@ -175,17 +190,34 @@ class TournamentUpdateView(UpdateView): | |||
| "rules", | |||
| "draw_rules", | |||
| "num_winner", | |||
| "matches", | |||
There was a problem hiding this comment.
Your PR description says staff members should be able to add/remove players, but you removed players and matches, so it doesn't allow for this functionality.
src/chigame/games/views.py
Outdated
| tournament.save() | ||
|
|
||
| # Add the creator to the players list | ||
| tournament.players.add(user) |
There was a problem hiding this comment.
This line seems to be making it so that only the creator is added to the players list.
players = form.cleaned_data['players'] tournament.players.add(*players)
will fix this.
|
Thanks @elizabethli31. I've implemented each of your recommended changes for token subtraction, admin players, and users. I've also committed some changes related to merging with the Please take a look. |
There was a problem hiding this comment.
Token usage for creation, access control, and tournament deletion all work well! I would prefer if you could just remove the delete button for non-staff users instead of leading to a forbidden page (or at least it should be redirecting the user back to the tournament detail page with an error message).
A couple of things I'd like to see in the next commit:
- Partial edit control needs to be fixed (removing or adding players). See my comment for more details
- Instead of taking users to a forbidden page (after trying to create without enough tokens, updating, deleting, etc.), I'd like for it to redirect back to the tournaments page instead. Reference some previous PRs from your team for code that includes
messages.errorandreturn(redirect)
| raise PermissionDenied("You do not have permission to edit this tournament.") | ||
|
|
||
| # Continue with the normal flow | ||
| return super().dispatch(request, *args, **kwargs) | ||
|
|
||
| def form_valid(self, form): |
There was a problem hiding this comment.
I am getting an error when I try to remove players and save the updated tournament (both as a non-staff and staff).
It's coming from line 357 (related_match = current_tournament.matches.get). This is happening because when I create a tournament, the matches aren't being created for some reason (it could be that your PR isn't up to date because previously this worked fine).
There was a problem hiding this comment.
Also, when I try to add players, I am getting "You cannot add new players to the tournament after it has started." even if my tournament has not started yet.
|
Also please rebase first because Mike and Sam added a pretty significant change with registration periods! |
|
Hi @elizabethli31 I've implemented the following changes:
|
There was a problem hiding this comment.
Token usage works and errors are handled well! I'm still able to add players even if I'm not a staff. Also, please add a check somewhere in the detail view that doesn't allow players to access tournaments they are not in. Even though the tournaments are hidden from the list view, players can still access the detail view of them just by going to the specific url. Unless the functionality you want is for players to be able to find them somehow but not view them as a list. Additionally, on some pages, I'm seeing two update buttons which I think is the result of a merge with dev. Could you fix that too?
|
|
||
| # Check if the current user is the creator of the tournament | ||
| if tournament.created_by != request.user and not request.user.is_staff: | ||
| messages.error(self.request, "You do not have permission to edit this tournament.") |
There was a problem hiding this comment.
You need to check somewhere here that I am staff to edit the players too. Currently, I'm able to update the players even if I'm not staff
|
Hello @elizabethli31 please see the changes to my migrations and |
|
Closing Statement: @jb-01 contributed to the code for the models and CRUD pages to directly support non-staff functionality. @MuyanXie reviewed our code and provided feedback related to properly distributing tokens. |
|
Issue Score: Satisfactory Comments: |
Description:
This PR relates to issue #172 and introduces several key updates to the tournament management system, focusing on the capabilities of non-staff users. The changes are aimed at providing non-staff users with greater autonomy in creating and managing tournaments while maintaining necessary oversight and control mechanisms. The updates include modifications to both the front-end (CRUD pages) and the back-end (Tournament model and related views).
Key Changes:
Tournament Creation with Token Usage: Non-staff users can now create tournaments, deducting one token from their account per tournament created. This enforces a token-based permission system, integrating with the User team's token management functionality.
Partial Edit Control for Tournament Creators: Creators of a tournament (non-staff users who created a tournament) have been granted partial editing control over their tournaments. This includes updating certain attributes of the tournament. However, they cannot add or remove matches or players – actions which require staff intervention.
Access Control on Tournaments: Non-staff users can only access tournaments they are part of. The
TournamentListViewhas been modified to filter out tournaments that the user is not participating in, enhancing privacy and focus.Restriction on Tournament Deletion: Non-staff users are not permitted to delete or disable tournaments they created. Such actions must be routed through staff users due to the complex backend events triggered by a tournament's deletion.
Model Enhancements: The
Tournamentmodel has been updated to include acreated_byfield, ensuring clarity on ownership. This field is critical for implementing the above functionalities, particularly around editing permissions and access control.Technical Details:
TournamentCreateViewandTournamentUpdateViewhave been modified to check the user's token balance and ownership, respectively.TournamentCreateViewdeducts one token for each tournament created.Tournamentmodel'screated_byfield links to theUsermodel, establishing tournament ownership.get_querysetmethod inTournamentListViewfilters tournaments based on user participation and staff status.distribute_tokens()is a future-proof function for automatically reloading each user’s token balance after 30 days. It has been commented out so that the Users group can make necessary modifications to theirUsermodel beforehand.