Update to Django 2.1

.gitlab-ci.yml

@@ -42,19 +42,19 @@ codestyle:
     - cd website
     - coverage report
 
-python36-django20:
+python36-django21:
   <<: *djangotest
   image: $PY36_IMAGE
   variables:
     PYTHON_VERSION: py36
-    DJANGO_VERSION: django20
+    DJANGO_VERSION: django21
 
-python37-django20:
+python37-django21:
   <<: *djangotest
   image: $PY37_IMAGE
   variables:
     PYTHON_VERSION: py37
-    DJANGO_VERSION: django20
+    DJANGO_VERSION: django21
 
 docs:
   stage: test

Pipfile

@@ -19,7 +19,7 @@ pyfcm = "*"
 celery = "*"
 redis = "*"
 raven = "*"
-Django = ">=2.0,<2.1"
+Django = ">=2.1,<2.2"
 Pillow = "*"
 django_compressor = "*"
 django_celery_results = "*"

Pipfile.lock

 {
     "_meta": {
         "hash": {
-            "sha256": "c80e130e95a1fe6db47eed9c691f4dc14326b1e95747fc2b4edc07d11f731cb2"
+            "sha256": "351d600cf5450eb307c94e01e950568ba6b0283c36697cb59013d315868580b7"
         },
         "pipfile-spec": 6,
         "requires": {},
@@ -160,11 +160,11 @@
         },
         "django": {
             "hashes": [
-                "sha256:25df265e1fdb74f7e7305a1de620a84681bcc9c05e84a3ed97e4a1a63024f18d",
-                "sha256:d6d94554abc82ca37e447c3d28958f5ac39bd7d4adaa285543ae97fb1129fd69"
+                "sha256:1ffab268ada3d5684c05ba7ce776eaeedef360712358d6a6b340ae9f16486916",
+                "sha256:dd46d87af4c1bf54f4c926c3cfa41dc2b5c15782f15e4329752ce65f5dad1c37"
             ],
             "index": "pypi",
-            "version": "==2.0.9"
+            "version": "==2.1.3"
         },
         "django-appconf": {
             "hashes": [
@@ -541,11 +541,11 @@
         },
         "django": {
             "hashes": [
-                "sha256:25df265e1fdb74f7e7305a1de620a84681bcc9c05e84a3ed97e4a1a63024f18d",
-                "sha256:d6d94554abc82ca37e447c3d28958f5ac39bd7d4adaa285543ae97fb1129fd69"
+                "sha256:1ffab268ada3d5684c05ba7ce776eaeedef360712358d6a6b340ae9f16486916",
+                "sha256:dd46d87af4c1bf54f4c926c3cfa41dc2b5c15782f15e4329752ce65f5dad1c37"
             ],
             "index": "pypi",
-            "version": "==2.0.9"
+            "version": "==2.1.3"
         },
         "django-template-check": {
             "hashes": [

tox.ini

 [tox]
-envlist = flake8, {py36,py37}-django20, {py36,py37}-django21
+envlist = flake8, {py36,py37}-django21
 skipsdist = True
 skip_missing_interpreters = True
 
@@ -10,7 +10,6 @@ commands =
     ; specified below
     pipenv --bare install --dev --ignore-pipfile
     ; override using pip. Using pipenv would write to Pipfile!
-    django20: pip install 'django>=2.0rc1,<2.1'
     django21: pip install --pre 'django>=2.1rc1,<2.2'
     pipenv --bare run python manage.py check
     pipenv --bare run python manage.py templatecheck --project-only

website/events/admin.py

@@ -24,7 +24,8 @@ from . import forms, models
 def _do_next(request, response):
     """See DoNextModelAdmin"""
     if 'next' in request.GET:
-        if not is_safe_url(request.GET['next']):
+        if not is_safe_url(request.GET['next'],
+                           allowed_hosts={request.get_host()}):
             raise DisallowedRedirect
         elif '_save' in request.POST:
             return HttpResponseRedirect(request.GET['next'])
@@ -118,7 +119,6 @@ class EventAdmin(DoNextModelAdmin):
     actions = ('make_published', 'make_unpublished')
     date_hierarchy = 'start'
     search_fields = ('title', 'description')
-    prepopulated_fields = {'map_location': ('location',)}
 
     def overview_link(self, obj):
         return format_html('<a href="{link}">{title}</a>',
@@ -230,6 +230,19 @@ class EventAdmin(DoNextModelAdmin):
         del actions['delete_selected']
         return actions
 
+    def get_prepopulated_fields(self, request, obj):
+        # FIXME(Django bug) move this back to a normal ``prepopulated_fields``
+        # class field when bug https://code.djangoproject.com/ticket/29929 gets
+        # fixed
+        if self.has_change_permission(request, obj):
+            return {'map_location': (f'location_en',)}
+        return super().get_prepopulated_fields(request, obj)
+
+    def get_formsets_with_inlines(self, request, obj=None):
+        for inline in self.get_inline_instances(request, obj):
+            if self.has_change_permission(request, obj) or obj is None:
+                yield inline.get_formset(request, obj), inline
+
 
 @admin.register(models.Registration)
 class RegistrationAdmin(DoNextModelAdmin):

website/events/tests/test_models.py

@@ -308,23 +308,25 @@ class RegistrationTest(TestCase):
         self.r1.date_cancelled = timezone.now()
         self.assertFalse(self.r1.is_late_cancellation())
 
-        self.event.cancel_deadline = (timezone.now() +
-                                      datetime.timedelta(hours=1))
+        self.r1.event.cancel_deadline = (timezone.now() +
+                                         datetime.timedelta(hours=1))
         self.assertFalse(self.r1.is_late_cancellation())
 
-        self.event.cancel_deadline = (timezone.now() -
-                                      datetime.timedelta(hours=1))
+        self.r1.event.cancel_deadline = (timezone.now() -
+                                         datetime.timedelta(hours=1))
         self.assertTrue(self.r1.is_late_cancellation())
 
     def test_queue_position(self):
         self.assertEqual(self.r1.queue_position, 0)
         self.assertEqual(self.r2.queue_position, 0)
 
-        self.event.max_participants = 0
+        self.r1.event.max_participants = 0
+        self.r2.event = self.r1.event
         self.assertEqual(self.r1.queue_position, 1)
         self.assertEqual(self.r2.queue_position, 2)
 
-        self.event.max_participants = 1
+        self.r1.event.max_participants = 1
+        self.r2.event = self.r1.event
         self.assertEqual(self.r1.queue_position, 0)
         self.assertEqual(self.r2.queue_position, 1)
 
@@ -340,18 +342,20 @@ class RegistrationTest(TestCase):
             r3.clean()
 
     def test_would_cancel_after_deadline(self):
-        self.event.registration_start = (timezone.now() -
+        self.r1.event.registration_start = (timezone.now() -
+                                            datetime.timedelta(hours=1))
+        self.r1.event.registration_end = (timezone.now() -
+                                          datetime.timedelta(hours=1))
+        self.r1.event.cancel_deadline = (timezone.now() -
                                          datetime.timedelta(hours=1))
-        self.event.registration_end = (timezone.now() -
-                                       datetime.timedelta(hours=1))
-        self.event.cancel_deadline = (timezone.now() -
-                                      datetime.timedelta(hours=1))
 
         # Test situation where the event status is REGISTRATION_CLOSED
-        self.assertEqual(self.r1.would_cancel_after_deadline(), True)
+        self.assertFalse(self.r1.event.registration_allowed)
+        self.assertTrue(self.r1.would_cancel_after_deadline())
 
-        self.event.registration_end = (timezone.now() +
-                                       datetime.timedelta(hours=2))
+        self.r1.event.registration_end = (timezone.now() +
+                                          datetime.timedelta(hours=2))
 
         # Test situation where the event status is REGISTRATION_OPEN_NO_CANCEL
-        self.assertEqual(self.r1.would_cancel_after_deadline(), True)
+        self.assertTrue(self.r1.event.registration_allowed)
+        self.assertTrue(self.r1.would_cancel_after_deadline())

website/events/tests/test_views.py

@@ -120,11 +120,13 @@ class AdminTest(TestCase):
         self.member.save()
         response = self.client.get('/admin/events/event/1/change/')
         self.assertEqual(200, response.status_code)
+        self.assertIn('Change event', str(response.content))
 
     def test_modeladmin_change_organiser_denied(self):
         """If I'm not an organiser I should not be allowed access"""
         response = self.client.get('/admin/events/event/1/change/')
-        self.assertEqual(403, response.status_code)
+        self.assertEqual(200, response.status_code)
+        self.assertIn('View event', str(response.content))
 
 
 class RegistrationTest(TestCase):

website/photos/admin.py

@@ -27,7 +27,7 @@ class AlbumForm(forms.ModelForm):
     # https://stackoverflow.com/questions/4391776/django-admin-inline-forms-limit-foreign-key-queryset-to-a-set-of-values#4392047
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
-        if 'instance' in kwargs:
+        if 'instance' in kwargs and '_cover' in self.fields:
             self.fields['_cover'].queryset = Photo.objects.filter(
                 album=self.instance)
 

website/registrations/admin.py

@@ -102,17 +102,6 @@ class RegistrationAdmin(admin.ModelAdmin):
                 'can_revert': can_revert,
             })
 
-    def get_actions(self, request):
-        """
-        Get the actions for the entries
-        Hide the reviewing actions if the right permissions are missing
-        """
-        actions = super().get_actions(request)
-        if not request.user.has_perm('registrations.review_entries'):
-            del(actions['accept_selected'])
-            del(actions['reject_selected'])
-        return actions
-
     def get_readonly_fields(self, request, obj=None):
         if obj is None or not (obj.status == Entry.STATUS_REJECTED or
                                obj.status == Entry.STATUS_ACCEPTED or
@@ -147,6 +136,7 @@ class RegistrationAdmin(admin.ModelAdmin):
                 error=_('The selected registration(s) could not be rejected.')
             )
     reject_selected.short_description = _('Reject selected registrations')
+    reject_selected.allowed_permissions = ('review',)
 
     def accept_selected(self, request, queryset):
         """Accept the selected entries"""
@@ -158,6 +148,11 @@ class RegistrationAdmin(admin.ModelAdmin):
                 error=_('The selected registration(s) could not be accepted.')
             )
     accept_selected.short_description = _('Accept selected registrations')
+    accept_selected.allowed_permissions = ('review',)
+
+    def has_review_permission(self, request):
+        """Does the user have the review permission?"""
+        return request.user.has_perm('registrations.review_entries')
 
 
 @admin.register(Renewal)

website/registrations/tests/test_admin.py

@@ -258,11 +258,13 @@ class RegistrationAdminTest(TestCase):
                                        'optin_birthday'])
 
     def test_get_actions(self):
-        actions = self.admin.get_actions(_get_mock_request([]))
+        actions = self.admin.get_actions(_get_mock_request(
+            ['registrations.delete_registration']))
         self.assertCountEqual(actions, ['delete_selected'])
 
         actions = self.admin.get_actions(
-            _get_mock_request(['registrations.review_entries']))
+            _get_mock_request(['registrations.review_entries',
+                               'registrations.delete_registration']))
         self.assertCountEqual(actions, ['delete_selected', 'accept_selected',
                                         'reject_selected'])
 
@@ -383,11 +385,13 @@ class RenewalAdminTest(TestCase):
                                        'membership'])
 
     def test_get_actions(self):
-        actions = self.admin.get_actions(_get_mock_request([]))
+        actions = self.admin.get_actions(_get_mock_request(
+            ['registrations.delete_renewal']))
         self.assertCountEqual(actions, ['delete_selected'])
 
         actions = self.admin.get_actions(
-            _get_mock_request(['registrations.review_entries']))
+            _get_mock_request(['registrations.delete_renewal',
+                               'registrations.review_entries']))
         self.assertCountEqual(actions, ['delete_selected', 'accept_selected',
                                         'reject_selected'])