From f94d14ae8ea3ed59b30c7feb5ffca60351ab59cb Mon Sep 17 00:00:00 2001
From: SanttuA <santtualatalo@gmail.com>
Date: Thu, 31 Aug 2023 14:24:15 +0300
Subject: [PATCH 1/2] Fixed RA user can approve reservation issues

Changes:
- it is no longer assumed user has `can_approve_reservation` permission when they have unit manager permissions
- when all unit's permissions get deleted, `can_approve_reservation` is also removed from user if the user had it
- when clicking to toggle `can_approve_reservation`, all checkboxes belonging to the same unit, will change to the same value
---
 respa_admin/forms.py                     |  5 ++++-
 respa_admin/static_src/js/userForm.js    | 18 +++++++++++++++++-
 respa_admin/templatetags/templatetags.py |  4 ++--
 3 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/respa_admin/forms.py b/respa_admin/forms.py
index 32edd63dd..b19afdf6d 100644
--- a/respa_admin/forms.py
+++ b/respa_admin/forms.py
@@ -733,12 +733,13 @@ def __init__(self, *args, **kwargs):
             user_has_unit_group_auth = self.request.user.unit_group_authorizations.to_unit(unit).admin_level().exists()
             can_approve_initial_value = permission_checker.has_perm(
                 "unit:can_approve_reservation", self.instance.subject
-            ) or self.instance.subject.is_manager(self.instance.authorized)
+            )
             if not user_has_unit_auth and not user_has_unit_group_auth:
                 self.fields['subject'].disabled = True
                 self.fields['level'].disabled = True
                 self.fields['can_approve_reservation'].disabled = True
                 self.is_disabled = True
+            self.fields['can_approve_reservation'].widget.attrs['data-unit-id'] = f'{unit.id}'
         self.fields['can_approve_reservation'].initial = can_approve_initial_value
 
     def clean(self):
@@ -750,6 +751,8 @@ def clean(self):
             if not user_has_unit_auth and not user_has_unit_group_auth:
                 self.add_error('subject', _('You can\'t add, change or delete permissions to unit you are not admin of'))
                 self.cleaned_data[DELETION_FIELD_NAME] = False
+            if self.cleaned_data[DELETION_FIELD_NAME]:
+                self.cleaned_data['can_approve_reservation'] = False
         return cleaned_data
 
     class Meta:
diff --git a/respa_admin/static_src/js/userForm.js b/respa_admin/static_src/js/userForm.js
index 17bab15b2..94585f9e5 100644
--- a/respa_admin/static_src/js/userForm.js
+++ b/respa_admin/static_src/js/userForm.js
@@ -103,9 +103,25 @@ function updateAllPermissionMgmtFormIndices() {
   }
 }
 
+function canApproveReservationsListener() {
+  $('[id*="-can_approve_reservation"]').on('click', handleCanApproveReservationsChange);
+}
+
+function handleCanApproveReservationsChange(event) {
+  const unitId = $(this).closest('.custom-checkbox').attr('data-unit-id')
+  const value = event.currentTarget.checked
+  if (unitId) {
+    const $inputs = $('[data-unit-id="' + unitId + '"]');
+    $inputs.prop('checked', value)
+  }
+
+  initializeUserForm();
+}
+
 export function initializeUserFormEventHandlers() {
   enableRemovePermission();
   enableAddNewPermission();
   setEmptyPermissionItem();
   isStaffCheckboxListener();
-}
\ No newline at end of file
+  canApproveReservationsListener();
+}
diff --git a/respa_admin/templatetags/templatetags.py b/respa_admin/templatetags/templatetags.py
index 745c87df1..8d420afe2 100644
--- a/respa_admin/templatetags/templatetags.py
+++ b/respa_admin/templatetags/templatetags.py
@@ -41,7 +41,7 @@ def get_value_from_dict(dict_data, key):
 
 @register.simple_tag
 def user_has_permission(user, permission, obj):
-    return user.has_perm(permission, obj) or obj.is_manager(user)
+    return user.has_perm(permission, obj)
 
 
 @register.filter
@@ -51,4 +51,4 @@ def is_truthy(collection):
 
 @register.filter
 def remove_empty(collection):
-    return [value for value in collection if bool(value)]
\ No newline at end of file
+    return [value for value in collection if bool(value)]

From 10d35f7d09f0d044276f24fecf913abf4ad6c515 Mon Sep 17 00:00:00 2001
From: SanttuA <santtualatalo@gmail.com>
Date: Tue, 5 Sep 2023 12:44:57 +0300
Subject: [PATCH 2/2] Fixed wrong unit permission lookup

---
 .../templates/respa_admin/resources/_unit_user_list.html        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/respa_admin/templates/respa_admin/resources/_unit_user_list.html b/respa_admin/templates/respa_admin/resources/_unit_user_list.html
index f02f59021..e29973ec7 100644
--- a/respa_admin/templates/respa_admin/resources/_unit_user_list.html
+++ b/respa_admin/templates/respa_admin/resources/_unit_user_list.html
@@ -40,7 +40,7 @@ <h2 class="pull-left">{% trans 'Unit management' %}</h2>
                     {% if unit_auths|length > 6 %}style="min-height: 690px;"{% endif %}>
                 {% for authorization in unit_auths %}
                 {% with authorization.authorized as unit_user %}
-                {% user_has_permission unit_user 'can_approve_reservation' unit as user_can_approve %}
+                {% user_has_permission unit_user 'unit:can_approve_reservation' unit as user_can_approve %}
                 <div class="row panel management-list list-item" data-paginator-item="true">
                     <div class="col-md-2">
                         <span>{{ unit_user.first_name }} {{ unit_user.last_name }}</span>