Merge pull request #2392 from DemocracyClub/prevent-photo-upload-of-l…

…ocked-candidate Don't allow photo upload if edits are prevented
DemocracyClub · Jun 18, 2024 · 9f55544 · 9f55544
2 parents b57e2ec + 473e7df
commit 9f55544
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 11 deletions.
diff --git a/ynr/apps/elections/uk/templates/candidates/person-view.html b/ynr/apps/elections/uk/templates/candidates/person-view.html
@@ -50,10 +50,12 @@
   <div class="person__photo">
 
     <img class="person-avatar" src="{{ person.get_display_image_url }}"/>
-    {% if not person.person_image and user.is_authenticated %}
-      <a class="upload-photo" href="{% url 'photo-upload' person.id %}">
-        Upload photo
-      </a>
+    {% if not person.person_image %}
+      {% if user_can_edit and person_edits_allowed %}
+          <a class="upload-photo" href="{% url 'photo-upload' person.id %}">
+            Upload photo
+          </a>
+      {% endif %}
     {% endif %}
   </div>
   <h1>{{ person.name }}</h1>
@@ -124,7 +126,7 @@ <h2>Personal details:</h2>
       <dt>Party</dt>
       <dd>{{ last_candidacy.party.name }}</dd>
     {% endif %}
-    
+
     {% if person.biography %}
       <dt>Statement to voters</dt>
       <dd class="person_biography">{{ person.biography|markdown}}</dd>
@@ -144,7 +146,7 @@ <h2>Candidacies:</h2>
         {% else %}
            Contesting the {{ election_data.name }} ({{ election_data.election_date }})
         {% endif %}</dt>
-       
+
       <dd>{{ person|post_in_election:election_data }}</dd>
       {% for membership in person.memberships.all %}
       {% if membership.ballot.election == election_data %}
@@ -158,7 +160,7 @@ <h2>Candidacies:</h2>
       <p>No candidacies known at the moment.</p>
     {% endfor %}
   </dl>
- 
+
   <h2>Links and social media:</h2>
 
   <dl>
@@ -233,14 +235,14 @@ <h2>Improve this data!</h2>
       <p>Please add extra details about this candidate – it only takes a moment.</p>
       {% if user.is_authenticated %}
         <a href="{% url 'person-update' person_id=person.id %}" class="button">Edit candidate</a>
-        {% if person.queued_image %} 
+        {% if person.queued_image %}
           {% if user_can_review_photos %}
             <p>{{ person.name }} has a photo that needs to be reviewed</p>
             <a href="{{ person.get_absolute_queued_image_url}}" class="button">Review image</a>
-          {% endif %} 
+          {% endif %}
         {% else %}
           <a href="{% url 'photo-upload' person.id %}" class="button">Upload candidate photo</a>
-        {% endif %} 
+        {% endif %}
       {% else %}
         <a href="{% url 'wombles:login' %}?next={{ redirect_after_login }}" class="button">Log in to edit</a>
       {% endif %}

diff --git a/ynr/apps/moderation_queue/views.py b/ynr/apps/moderation_queue/views.py
@@ -15,6 +15,7 @@
 from django.db import models
 from django.db.models import Count, Q
 from django.http import (
+    Http404,
     HttpResponseBadRequest,
     HttpResponseRedirect,
     JsonResponse,
@@ -30,7 +31,7 @@
     image_form_valid_response,
     upload_photo_response,
 )
-from people.models import TRUSTED_TO_EDIT_NAME, Person
+from people.models import TRUSTED_TO_EDIT_NAME, EditLimitationStatuses, Person
 from popolo.models import Membership, OtherName
 
 from .forms import (
@@ -46,6 +47,8 @@
 @login_required
 def upload_photo(request, person_id):
     person = get_object_or_404(Person, id=person_id)
+    if person.edit_limitations == EditLimitationStatuses.EDITS_PREVENTED.name:
+        raise Http404()
     image_form = UploadPersonPhotoImageForm(initial={"person": person})
     url_form = UploadPersonPhotoURLForm(initial={"person": person})
     return upload_photo_response(request, person, image_form, url_form)