Added read_only role

api/app/events/api.py

@@ -246,7 +246,7 @@ def post(self):
 
         user_id = g.current_user["id"]
         current_user = user_repository.get_by_id(user_id)
-        if not current_user.is_admin:
+        if not (current_user.is_admin or current_user.is_read_only):
             return FORBIDDEN
 
         if event_repository.exists_by_key(args['key']):

api/app/users/api.py

@@ -61,6 +61,7 @@ def user_info(user, roles):
         'email': user.email,
         'title': user.user_title,
         'is_admin': user.is_admin,
+        'is_read_only': user.is_read_only,
         'primary_language': user.user_primaryLanguage,
         'roles': [{'event_id': event_role.event_id, 'role': event_role.role} for event_role in roles]
     }
@@ -291,7 +292,7 @@ def get(self):
 
         current_user = user_repository.get_by_id(current_user_id)
 
-        if current_user.is_admin:
+        if current_user.is_admin or current_user.is_read_only:
             user = user_repository.get_by_id_with_response(user_id)
             if user is None:
                 return USER_NOT_FOUND

api/app/users/models.py

@@ -28,6 +28,7 @@ class AppUser(db.Model, UserMixin):
     password = db.Column(db.String(255), nullable=False)
     active = db.Column(db.Boolean(), nullable=False)
     is_admin = db.Column(db.Boolean(), nullable=False)
+    is_read_only = db.Column(db.Boolean(), nullable=False) # READ ONLY ACCESS
     is_deleted = db.Column(db.Boolean(), nullable=False)
     deleted_datetime_utc = db.Column(db.DateTime(), nullable=True)
     verified_email = db.Column(db.Boolean(), nullable=True)
@@ -49,7 +50,8 @@ def __init__(self,
                  user_title,
                  password,
                  organisation_id,
-                 is_admin=False):
+                 is_admin=False,
+                 is_read_only=False):
         self.email = email
         self.firstname = firstname
         self.lastname = lastname
@@ -58,14 +60,21 @@ def __init__(self,
         self.organisation_id = organisation_id
         self.active = True
         self.is_admin = is_admin
+        self.is_read_only = is_read_only
+        self.set_read_only()
         self.is_deleted = False
         self.deleted_datetime_utc = None
         self.verified_email = False
         self.agree_to_policy()
+
 
     @property
     def full_name(self):
         return f"{self.firstname} {self.lastname}"
+
+    def set_read_only(self):
+        if self.is_read_only:
+            self.is_admin = True
 
     def set_password(self, password):
         self.password = bcrypt.generate_password_hash(password).decode('utf-8')
@@ -103,6 +112,19 @@ def _has_admin_role(self, event_id, admin_role_name):
                 return True
 
         return False
+
+    def _has_read_only_role(self, event_id):
+        if self.is_read_only:
+            return True
+
+        if self.event_roles is None:
+            return False
+
+        for event_role in self.event_roles:
+            if event_role.event_id == event_id and event_role.role == "read_only":
+                return True
+
+        return False
 
     def is_event_admin(self, event_id):
         return self._has_admin_role(event_id, 'admin')

webapp/src/App.js

@@ -22,7 +22,7 @@ import ReactGA from "react-ga";
 import "./App.css";
 import history from "./History";
 
-import { isEventAdmin, isRegistrationAdmin, isRegistrationVolunteer, isEventReviewer } from "./utils/user";
+import { isEventAdmin, isEventReadOnly, isRegistrationAdmin, isRegistrationVolunteer, isEventReviewer } from "./utils/user";
 import { withTranslation } from 'react-i18next';
 import { userService } from "./services/user";
 
@@ -60,7 +60,8 @@ class EventNav extends Component {
         } id="eventNavbar">
 
           <ul className="navbar-nav">
-            {this.props.user &&
+            {!isEventReadOnly(this.props.user, this.props.event) &&
+              this.props.user &&
               this.props.event &&
               this.props.event.is_application_open && (
                 <li className="nav-item">
@@ -74,7 +75,8 @@ class EventNav extends Component {
                   </NavLink>
                 </li>
               )}
-            {this.props.user && this.props.event && this.props.event.is_offer_open && (
+            {!isEventReadOnly(this.props.user, this.props.event) &&
+              this.props.user && this.props.event && this.props.event.is_offer_open && (
               <li className="nav-item">
                 <NavLink
                   to={`/${this.props.eventKey}/offer`}
@@ -86,7 +88,8 @@ class EventNav extends Component {
                 </NavLink>
               </li>
             )}
-            {this.props.user &&
+            {!isEventReadOnly(this.props.user, this.props.event) &&
+              this.props.user &&
                (
                 <li className="nav-item dropdown ">
                   <div
@@ -132,7 +135,7 @@ class EventNav extends Component {
                   </div>
                 </li>
               )}
-            {isEventAdmin(this.props.user, this.props.event) && (
+            {isEventAdmin(this.props.user, this.props.event) && !isEventReadOnly(this.props.user, this.props.event) && (
               <AdminMenu t={t} label="Event Admin">
                 <NavLink
                     to={`/${this.props.eventKey}/eventConfig`}
@@ -199,7 +202,7 @@ class EventNav extends Component {
                     {t('Review Form')}
                   </NavLink>
                 </AdminMenu>
-            )}
+            )}         
             {isEventReviewer(this.props.user, this.props.event) &&
               this.props.event &&
               this.props.event.is_review_open && (
@@ -232,7 +235,7 @@ class EventNav extends Component {
                   </div>
                 </li>
               )}
-            {(isRegistrationAdmin(this.props.user, this.props.event) || isRegistrationVolunteer(this.props.user, this.props.event)) &&
+            {(isRegistrationAdmin(this.props.user, this.props.event) || isRegistrationVolunteer(this.props.user, this.props.event)) && !isEventReadOnly(this.props.user, this.props.event) &&
               this.props.event &&
               this.props.event.is_registration_open && (
                 <li className="nav-item dropdown">