[WIP] Add online RIGS authorisation #283
Conversation
Add EventAuthorisation model + migrations Add authorised property to Event. Add appropriate tests
Add forms, views, templates and URLs. Remove created at in favour of the built in versioning as that's much more accurate. Switch to a OneToOneField with EventAuthorisation -> event as a result of this. Move validation from models to forms where it probably belongs. Provide more descriptive errors. Add success page for authorisation.
Enable RevisionMixin for EventAuthorisation. Add signal receivers for RIGS. Expand RIGS into an explicitly defined app to support signals.
Add backup email if there isn't an MIC
Add email sending methods. Add TEC side sending of emails.
PDFs now state QUOTE, INVOICE or RECEIPT. Single copy and all but INVOICE includes terms of hire.
I used python 3 syntax, we aren't yet using python 3...
There was a problem hiding this comment.
On the whole I think this looks good. Needs more testing by teccies once treasury approves it though.
Some bugs I noticed:
-
Confirmation email does not at '£' before cost, and does not add decimal places. e.g. £1140.00 shows as just 1140
-
Click "Authorisation Request", type an invalid email and submit, it's then impossible to submit again
RIGS/forms.py
Outdated
|
|
||
|
|
||
| class BaseClientEventAuthorisationForm(forms.ModelForm): | ||
| tos = forms.BooleanField(required=True, label="Terms of hire") |
There was a problem hiding this comment.
Setting required=true is not enough validation for this field. I can just edit the HTML form to make the checkbox into a text field, and then I don't even have to put any text in the box for it to be accepted. Should be as simple as just adding an if(tos==true) statement to the clean function.
There was a problem hiding this comment.
Incorrect, both in testing and according to the docs, required=True on a BooleanField validation ensures that the value=True as well.
There was a problem hiding this comment.
True, I suspect the reason this happens is
test = 'no I don't accept'
if test:
print("They accepted")
But I think it's reasonable to assume clients won't mess with the HTML form, so this is a non-issue
RIGS/forms.py
Outdated
|
|
||
| def clean(self): | ||
| if self.cleaned_data.get('amount') != self.instance.event.total: | ||
| self.add_error('amount', 'The amount authorised must equal the total for the event.') |
There was a problem hiding this comment.
I suggest "The amount authorised must equal the total for the event (inc VAT)" for absolute clarity
| event = models.OneToOneField('Event', related_name='authorisation') | ||
| email = models.EmailField() | ||
| name = models.CharField(max_length=255) | ||
| uni_id = models.CharField(max_length=10, blank=True, null=True, verbose_name="University ID") |
There was a problem hiding this comment.
Do SU staff have Uni ID numbers?
There was a problem hiding this comment.
Despite even Ollie saying they did, having just asked Niki, they don't. This could be an issue.
| @@ -1,16 +1,18 @@ | |||
| import os | |||
There was a problem hiding this comment.
Ewww, why was this here!
RIGS/rigboard.py
Outdated
| buffer = StringIO.StringIO() | ||
|
|
||
| buffer = rml2pdf.parseString(rml) | ||
| context = RequestContext(request, { # this should be outside the loop, but bug in 1.8.2 prevents this |
There was a problem hiding this comment.
Remove the now un-necessary comment
| {% endif %} | ||
| {% endif %} | ||
| </div> | ||
| {% include 'RIGS/event_detail_buttons.html' %} |
There was a problem hiding this comment.
I'm glad this has finally been done!
| <a class="btn btn-default item-add modal-href event-authorise-request" | ||
| href="{% url 'event_authorise_request' object.pk %}"> | ||
| <span class="glyphicon glyphicon-send"></span> | ||
| Authorisation Request |
There was a problem hiding this comment.
Think we need more context on this button than just colours - otherwise teccies may send many duplicate emails.
There was a problem hiding this comment.
This was a tricky one, because by design you can send many emails, this was just to provide feedback that the email had been sent successfully when submitting an address. As it stands RIGS doesn't track when an email has been sent to reduce DB storage.
There was a problem hiding this comment.
I think we should track this, waaay too much potential for teccie fail otherwise. It's not like we're short of database shortage.
There was a problem hiding this comment.
I'm not against tracking ti for DB storage, wrong phrasing, more complexity of models, which would rapidly grow to have many to many relationships. As I said, current system is stateless, using HMAC. I don't think it would be an issue, but if it is then we can look into it again.
There was a problem hiding this comment.
Fair enough. How about sending an email to the teccy when the client gets sent one (obvs without the secret URL)
There was a problem hiding this comment.
That would work, but in your scenario the teccie is confused that the email has not been sent, so will just send it again, probably without checking their own email first.
There was a problem hiding this comment.
Actually, thinking about this further I did consider not autoclosing the modal and instead displaying a success alert informing the user to do this manually. That would be much more verbose, but also more annoying
There was a problem hiding this comment.
An idea I just had: how about just adding "Last sent to", "Last sent at" and "last_sent_by" fields to the EventAuthorisation model. Update those whenever a teccie presses "send", and the history will be kept by reversion
|
|
||
| {{request.scheme}}://{{request.get_host}}{% url 'event_authorise' object.pk hmac %} | ||
|
|
||
| The TEC Rig Information Gathering System |
There was a problem hiding this comment.
Think this needs a "PLEASE DO NOT RESPOND TO THIS ADDRESS"
There was a problem hiding this comment.
I always think that looks god awful, so I've set the reply-to address to something sensible now so theoretically we should never have a problem.
I would also suggest setting rigs@nottinghamtec.co.uk to forward somewhere sensible (productions or it, one or the other)
There was a problem hiding this comment.
I'm ok with just setting the reply-to, but just remember if they do reply to the email and it goes to the teccie, the teccie then has the super secret URL
There was a problem hiding this comment.
Yep, well aware of that, but at that point, thats their problem for disclosing the secret URL, we have taken reasonable measures already.
| Your event is now fully booked and our finance department will be contact to arrange payment. | ||
| {% endif %} | ||
|
|
||
| The TEC Rig Information Gathering System |
There was a problem hiding this comment.
Think this needs a "PLEASE DO NOT RESPOND TO THIS ADDRESS"
|
|
||
| <div class="form-group"> | ||
| <label class="col-sm-2 control-label" | ||
| for="{{ form.email.id_for_label }}">{{ form.email.label }}</label> |
There was a problem hiding this comment.
This popup needs more warnings.
YOU ARE ABOUT TO SEND THIS TO A CLIENT, QUADRUPLE CHECK ALL THE THINGS, DON'T BE A MORON
The client will be able to see all contact info, event items, the event title, the event description (not notes), and the MIC name.
There was a problem hiding this comment.
Do we need to bring out the 'delete invoice' UI for sending emails now?
Noticed in testing, that could have gone badly.
davidtaylorhq
force-pushed
the
feature/online-auth
branch
from
88cdbb4
to
843fa7c
Compare
davidtaylorhq
force-pushed
the
feature/online-auth
branch
from
843fa7c
to
99e7878
Compare
davidtaylorhq
force-pushed
the
feature/online-auth
branch
from
99e7878
to
b4ab293
Compare
|
If it's been sent to the client: If it's been approved by the client: |
# Conflicts: # RIGS/test_functional.py
|
Note to self: (cos I don't have time right now) There's a missing space at the bottom of the paperwork
|
This effectively reverts 067e03b.
Actually finish fixing PDF footer formatting.
Changes from using signed paperwork to an online interface for clients to authorise the rig via a secure HMAC link.
Process is as follows:
This directly closes #228, and indirectly closes #282 and #195.
Merge notes: