moved can_feature_election feature to site admins only

__init__.py

@@ -5,7 +5,6 @@
 
 # a setting to ensure that only admins can create an election
 ADMIN_ONLY = settings.HELIOS_ADMIN_ONLY
-ADMIN = settings.HELIOS_ADMIN or None
 
 # allow upload of voters via CSV?
 VOTERS_UPLOAD = settings.HELIOS_VOTERS_UPLOAD

security.py

@@ -83,7 +83,11 @@ def election_view_wrapper(request, election_uuid=None, *args, **kw):
   return election_view_decorator
 
 def user_can_admin_election(user, election):
-  return election.admin == user
+  if not user:
+    return False
+
+  # election or site administrator
+  return election.admin == user or user.admin_p
 
 def api_client_can_admin_election(api_client, election):
   return election.api_client == api_client and api_client != None
@@ -98,7 +102,7 @@ def election_admin_wrapper(request, election_uuid=None, *args, **kw):
       election = get_election_by_uuid(election_uuid)
 
       user = get_user(request)
-      if not user or not (user == election.admin):
+      if not user_can_admin_election(user, election):
         raise PermissionDenied()
 
       # do checks
@@ -132,4 +136,10 @@ def can_create_election(request):
     return user.admin_p
   else:
     return user != None
-
+
+def user_can_feature_election(user, election):
+  if not user:
+    return False
+
+  return user.admin_p
+

templates/election_view.html

@@ -27,12 +27,16 @@ <h2 class="title">{{ election.name }}
 {% if admin_p %}
 {% if election.featured_p %}
 this election is featured on the front page.
+{% if can_feature_p %}
 [<a href="{% url helios.views.one_election_set_featured election.uuid %}?featured_p=0">unfeature it</a>]
+{% endif %}
 {% else %}
 this election is <u>not</u> featured on the front page.
+{% if can_feature_p %}
 [<a href="{% url helios.views.one_election_set_featured election.uuid %}?featured_p=1">feature it</a>]
 {% endif %}
 {% endif %}
+{% endif %}
 </p>
 
 <div style="margin-bottom: 25px;margin-left: 15px; border-left: 1px solid #aaa; padding-left: 5px; font-size:1.3em; ">

views.py

@@ -18,6 +18,7 @@
 from helios import utils as helios_utils
 from view_utils import *
 from auth.security import *
+from helios import security
 from auth import views as auth_views
 
 import tasks
@@ -186,7 +187,8 @@ def one_election(request, election):
 @election_view()
 def one_election_view(request, election):
   user = get_user(request)
-  admin_p = user and (user == election.admin)
+  admin_p = security.user_can_admin_election(user, election)
+  can_feature_p = security.user_can_feature_election(user, election)
 
   notregistered = False
 
@@ -208,7 +210,7 @@ def one_election_view(request, election):
 
   trustees = Trustee.get_by_election(election)
 
-  return render_template(request, 'election_view', {'election' : election, 'trustees': trustees, 'admin_p': admin_p, 'user': user, 'voter': voter, 'votes': votes, 'notregistered': notregistered, 'eligible_p': eligible_p})
+  return render_template(request, 'election_view', {'election' : election, 'trustees': trustees, 'admin_p': admin_p, 'user': user, 'voter': voter, 'votes': votes, 'notregistered': notregistered, 'eligible_p': eligible_p, 'can_feature_p': can_feature_p})
 
 ##
 ## Trustees and Public Key
@@ -554,6 +556,11 @@ def one_election_set_featured(request, election):
   """
   Set whether this is a featured election or not
   """
+
+  user = get_user(request)
+  if not security.user_can_feature_election(user, election):
+    raise PermissionDenied()
+
   featured_p = bool(int(request.GET['featured_p']))
   election.featured_p = featured_p
   election.save()