Skip to content
This repository has been archived by the owner on Feb 8, 2018. It is now read-only.

Commit

Permalink
Wire up "Apply" button ... pretty important! :-)
Browse files Browse the repository at this point in the history
  • Loading branch information
chadwhitacre committed Sep 7, 2015
1 parent c58baf5 commit e209728
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 7 deletions.
10 changes: 8 additions & 2 deletions tests/py/test_payout_status.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,16 @@ def test_admin_can_change_status(self):
assert response.code == 200
assert Participant.from_username('alice').status_of_1_0_payout == status

def test_user_cant_change_status(self):
def test_user_cant_change_status_except_for_applying(self):
self.db.run("UPDATE participants SET status_of_1_0_payout='pending-application' "
"WHERE username='alice'")

response = self.hit('pending-payout', auth_as='alice')
assert response.code == 403
assert Participant.from_username('alice').status_of_1_0_payout == 'completed'
assert Participant.from_username('alice').status_of_1_0_payout == 'pending-application'

response = self.hit('pending-review', auth_as='alice', expecting_error=False)
assert Participant.from_username('alice').status_of_1_0_payout == 'pending-review'

def test_invalid_is_400(self):
response = self.hit('invalid_status')
Expand Down
21 changes: 19 additions & 2 deletions www/1.0-payout.spt
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ applications_open = delta > 0
<p>{{ _("You should be all set! But ... can you help us spread the word and tell your friends to check here, too? Thanks! :)") }}</p>

{% elif status == 'pending-review' %}
<p>{{ _( "You have applied for a payout. We are reviewing your account and will contact you at {b}{email}{_b} within the next week."
<p>{{ _( "You have applied for a payout. We will review your account and contact you at {b}{email}{_b} within the next week."
, email=user.participant.email_address
, b='<b>'|safe
, _b='</b>'|safe
Expand All @@ -67,7 +67,7 @@ applications_open = delta > 0
<p>{{ _("Your balance will be refunded to the original donors on October 8.") }}</p>

{% elif applications_open %}
<p><button>{{ _("Apply for a payout") }}</button></p>
<p><button class="apply-for-payout">{{ _("Apply for a payout") }}</button></p>

<p>{{ _( "You have until {b}October 1 at 11:59 PM UTC{_b} to apply for a payout."
, balance=format_currency(balance, 'USD')
Expand All @@ -92,3 +92,20 @@ applications_open = delta > 0
{% endif %}
{% endif %}
{% endblock %}

{% block scripts %}
<script>
$(document).ready(function() {
$('.apply-for-payout').click(function(e) {
jQuery.ajax({
url: '/~{{ user.participant.username }}/payout-status.json',
type: 'POST',
data: {to: 'pending-review'},
dataType: 'json',
success: function (data) { window.location.reload(); },
error: Gratipay.error
});
});
});
</script>
{% endblock %}
8 changes: 5 additions & 3 deletions www/~/%username/payout-status.spt
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,13 @@ workflow = ['too-little', 'pending-application', 'pending-review', 'rejected', '

request.allow('POST')
participant = get_participant(state, restrict=True)
new_status = request.body['to']

if not user.ADMIN:
raise Response(403)
from_to = (participant.status_of_1_0_payout, new_status)
allowed = ('pending-application', 'pending-review')

new_status = request.body['to']
if not (user.ADMIN or (user.participant == participant and from_to == allowed)):
raise Response(403)

if new_status not in workflow:
raise Response(400, "invalid value for 'to' parameter")
Expand Down

0 comments on commit e209728

Please sign in to comment.