From 1c0d78f2eec787a5c70fa14f21644c31fb932fb3 Mon Sep 17 00:00:00 2001
From: Charlotte Van Petegem <charlotte.vanpetegem@ugent.be>
Date: Fri, 20 May 2022 22:46:56 +0200
Subject: [PATCH] Make sure only users with at least one association can create
 an order

---
 app/forms.py                                                 | 2 ++
 .../versions/5c8378aa4dff_add_user_associations.py           | 4 ++--
 app/models/anonymous_user.py                                 | 4 ++++
 app/models/order.py                                          | 2 +-
 app/models/user.py                                           | 2 +-
 app/templates/orders.html                                    | 5 +++++
 app/views/order.py                                           | 5 ++++-
 7 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/app/forms.py b/app/forms.py
index e259563..f847e96 100644
--- a/app/forms.py
+++ b/app/forms.py
@@ -24,6 +24,7 @@ class OrderForm(Form):
         "Starttime", default=datetime.now, format="%d-%m-%Y %H:%M"
     )
     stoptime = DateTimeField("Stoptime", format="%d-%m-%Y %H:%M")
+    association = SelectField("Association", coerce=str, validators=[validators.required()])
     submit_button = SubmitField("Submit")
 
     def populate(self) -> None:
@@ -38,6 +39,7 @@ class OrderForm(Form):
                 (current_user.id, current_user.username),
             ]
         self.location_id.choices = [(l.id, l.name) for l in location_definitions]
+        self.association.choices = current_user.association_list()
         if self.stoptime.data is None:
             self.stoptime.data = datetime.now() + timedelta(hours=1)
 
diff --git a/app/migrations/versions/5c8378aa4dff_add_user_associations.py b/app/migrations/versions/5c8378aa4dff_add_user_associations.py
index 4cc135d..24f52c7 100644
--- a/app/migrations/versions/5c8378aa4dff_add_user_associations.py
+++ b/app/migrations/versions/5c8378aa4dff_add_user_associations.py
@@ -16,8 +16,8 @@ import sqlalchemy as sa
 
 def upgrade():
     # ### commands auto generated by Alembic - please adjust! ###
-    op.add_column('order', sa.Column('association', sa.String(length=120), nullable=True))
-    op.add_column('user', sa.Column('associations', sa.String(length=120), nullable=True))
+    op.add_column('order', sa.Column('association', sa.String(length=120), nullable=False, default=""))
+    op.add_column('user', sa.Column('associations', sa.String(length=120), nullable=False, default=""))
     # ### end Alembic commands ###
 
 
diff --git a/app/models/anonymous_user.py b/app/models/anonymous_user.py
index 2ae10f2..8e2532a 100644
--- a/app/models/anonymous_user.py
+++ b/app/models/anonymous_user.py
@@ -1,10 +1,14 @@
 "AnonymouseUser for people who are not logged in the normal way"
+from typing import List
 # pylint: disable=R0201,C0111
 
 
 class AnonymouseUser:
     id = None
 
+    def association_list(self) -> List[str]:
+        return []
+
     def is_active(self) -> bool:
         return False
 
diff --git a/app/models/order.py b/app/models/order.py
index 7729d42..37407dd 100644
--- a/app/models/order.py
+++ b/app/models/order.py
@@ -27,7 +27,7 @@ class Order(db.Model):
     stoptime = db.Column(db.DateTime)
     public = db.Column(db.Boolean, default=True)
     slug = db.Column(db.String(7), default=generate_slug, unique=True)
-    association = db.Column(db.String(120))
+    association = db.Column(db.String(120), nullable=False)
 
     items = db.relationship("OrderItem", backref="order", lazy="dynamic")
 
diff --git a/app/models/user.py b/app/models/user.py
index 13634bb..964ba42 100644
--- a/app/models/user.py
+++ b/app/models/user.py
@@ -11,7 +11,7 @@ class User(db.Model):
     admin = db.Column(db.Boolean)
     bias = db.Column(db.Integer)
     # Assocation logic
-    associations = db.Column(db.String(120))
+    associations = db.Column(db.String(120), nullable=False)
 
     # Relations
     runs = db.relation(
diff --git a/app/templates/orders.html b/app/templates/orders.html
index e472461..35fa189 100644
--- a/app/templates/orders.html
+++ b/app/templates/orders.html
@@ -38,6 +38,11 @@
 								{{ form.location_id(class='form-control select') }}
 								{{ util.render_form_field_errors(form.location_id) }}
 							</div>
+							<div class="form-group select2 {{ 'has-errors' if form.association.errors else ''}}{{ ' required' if form.association.flags.required }}">
+								{{ form.association.label(class='control-label') }}
+								{{ form.association(class='form-control select') }}
+								{{ util.render_form_field_errors(form.association) }}
+							</div>
 							{% if current_user.is_admin() %}
 								<div class="form-group{{ ' has-error' if form.starttime.errors }}{{ ' required' if form.starttime.flags.required }}{{ ' hidden' if not current_user.is_admin() }}">
 									{{ form.starttime.label(class='control-label') }}
diff --git a/app/views/order.py b/app/views/order.py
index 8023ecf..e779c5a 100644
--- a/app/views/order.py
+++ b/app/views/order.py
@@ -21,7 +21,7 @@ order_bp = Blueprint("order_bp", "order")
 @order_bp.route("/")
 def orders(form: OrderForm = None) -> str:
     """Generate general order view"""
-    if form is None and not current_user.is_anonymous():
+    if form is None and current_user.association_list():
         form = OrderForm()
         location_id = request.args.get("location_id")
         form.location_id.default = location_id
@@ -34,6 +34,9 @@ def orders(form: OrderForm = None) -> str:
 @login_required
 def order_create() -> typing.Union[str, Response]:
     """Generate order create view"""
+    if not current_user.association_list():
+        flash("Not allowed to create an order.", "info")
+        abort(401)
     orderForm = OrderForm()
     orderForm.populate()
     if orderForm.validate_on_submit():