From d8107d449ddd601f38913478f571522cf5ec949d Mon Sep 17 00:00:00 2001
From: 0livd <0livd@users.noreply.github.com>
Date: Thu, 29 Jun 2017 17:55:12 +0200
Subject: [PATCH] Add delete and edit project actions in the dashboard

The dashboard is deactivated by default and
is only accessible by admins when activated
A new ACTIVATE_DASHBOARD setting is introduced
---
 CHANGELOG.rst                                 |   3 +++
 budget/default_settings.py                    |   2 ++
 budget/static/css/main.css                    |  23 ++++++++++++++++++
 budget/templates/dashboard.html               |  11 +++++++--
 budget/tests/tests.py                         |  12 +++++++--
 .../translations/fr/LC_MESSAGES/messages.mo   | Bin 8425 -> 8537 bytes
 .../translations/fr/LC_MESSAGES/messages.po   |   4 +++
 budget/web.py                                 |   7 ++++--
 docs/installation.rst                         |   5 +++-
 9 files changed, 60 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index e938db04..6ae16805 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -12,11 +12,14 @@ This document describes changes between each past release.
 - **BREAKING CHANGE** Turn the WSGI file into a python module, renamed from budget/ihatemoney.wsgi to budget/wsgi.py. Please update your Apache configuration!
 - Changed the recommended gunicorn configuration to use the wsgi module as an entrypoint
 - **BREAKING CHANGE** The default value of ``ADMIN_PASSWORD`` has changed. If you have a custom settings file which set ``ADMIN_PASSWORD`` to an empty string (""), the application will use the default admin password until you update your settings.
+- **BREAKING CHANGE** Admin privileges are required to access the dashboard
 
 ### Added
 
 - Add a new setting to allow public project creation (ALLOW_PUBLIC_PROJECT_CREATION)
 - With admin credentials, one can access every project
+- Add delete and edit project actions in the dashboard
+- Add a new setting to activate the dashboard (ACTIVATE_DASHBOARD)
 
 ### Removed
 
diff --git a/budget/default_settings.py b/budget/default_settings.py
index 69a3b4ae..f05c7798 100644
--- a/budget/default_settings.py
+++ b/budget/default_settings.py
@@ -14,3 +14,5 @@ ACTIVATE_DEMO_PROJECT = True
 ADMIN_PASSWORD = "pbkdf2:sha256:50000$jc3isZTD$b3be8d04ed5c2c1ac89d5eb777facc94adaee48d473c9620f1e0cb73f3dcfa11"
 
 ALLOW_PUBLIC_PROJECT_CREATION = True
+
+ACTIVATE_DASHBOARD = False
diff --git a/budget/static/css/main.css b/budget/static/css/main.css
index 54a00081..aedb2d15 100644
--- a/budget/static/css/main.css
+++ b/budget/static/css/main.css
@@ -169,6 +169,29 @@ footer{
     background: url('../images/edit.png') no-repeat right;
 }
 
+.project-actions {
+    padding-top: 10px;
+    text-align: center;
+}
+
+.project-actions > .delete, .project-actions > .edit {
+    font-size: 0px;
+    display: block;
+    width: 16px;
+    height: 16px;
+    margin: 2px;
+    margin-left: 5px;
+    float: left;
+}
+
+.project-actions > .delete{
+    background: url('../images/delete.png') no-repeat right;
+}
+
+.project-actions > .edit{
+    background: url('../images/edit.png') no-repeat right;
+}
+
 .balance .balance-value{
     text-align:right;
 }
diff --git a/budget/templates/dashboard.html b/budget/templates/dashboard.html
index 3f50915a..35a845b8 100644
--- a/budget/templates/dashboard.html
+++ b/budget/templates/dashboard.html
@@ -1,8 +1,8 @@
 {% extends "layout.html" %}
 {% block content %}
-
+{% if is_dashboard_activated %}
 <table id="bill_table" class="table table-striped">
-    <thead><tr><th>{{ _("Project") }}</th><th>{{ _("Number of members") }}</th><th>{{ _("Number of bills") }}</th><th>{{_("Newest bill")}}</th><th>{{_("Oldest bill")}}</th></tr></thead>
+    <thead><tr><th>{{ _("Project") }}</th><th>{{ _("Number of members") }}</th><th>{{ _("Number of bills") }}</th><th>{{_("Newest bill")}}</th><th>{{_("Oldest bill")}}</th><th>{{_("Actions")}}</th></tr></thead>
     <tbody>{% for project in projects|sort(attribute='name') %}
         <tr class="{{ loop.cycle("odd", "even") }}">
         <td>{{ project.name }}</td><td>{{ project.members | count }}</td><td>{{ project.get_bills().count() }}</td>
@@ -13,9 +13,16 @@
         <td></td>
         <td></td>
         {% endif %}
+        <td class="project-actions">
+            <a class="edit" href="{{ url_for(".edit_project", project_id=project.id) }}" title="{{ _("edit") }}">{{ _('edit') }}</a>
+            <a class="delete" href="{{ url_for(".delete_project", project_id=project.id) }}" title="{{ _("delete") }}">{{ _('delete') }}</a>
+        </td>
         </tr>
     {% endfor %}
     </tbody>
 </table>
+{% else %}
+<div class="alert alert-danger">{{ _("The Dashboard is currently deactivated.") }}</div>
+{% endif %}
 {% endblock %}
 
diff --git a/budget/tests/tests.py b/budget/tests/tests.py
index d49f3b5c..11b3a0b7 100644
--- a/budget/tests/tests.py
+++ b/budget/tests/tests.py
@@ -607,8 +607,16 @@ class BudgetTestCase(TestCase):
         self.assertIn("Invalid email address", resp.data.decode('utf-8'))
 
     def test_dashboard(self):
-        response = self.app.get("/dashboard")
-        self.assertEqual(response.status_code, 200)
+        # test that the dashboard is deactivated by default
+        resp = self.app.post("/admin?goto=%2Fdashboard", data={'admin_password': 'adminpass'},
+                             follow_redirects=True)
+        self.assertIn('<div class="alert alert-danger">', resp.data.decode('utf-8'))
+
+        # test access to the dashboard when it is activated
+        run.app.config['ACTIVATE_DASHBOARD'] = True
+        resp = self.app.post("/admin?goto=%2Fdashboard", data={'admin_password': 'adminpass'},
+                             follow_redirects=True)
+        self.assertIn('<thead><tr><th>Project</th><th>Number of members', resp.data.decode('utf-8'))
 
     def test_settle_page(self):
         self.post_project("raclette")
diff --git a/budget/translations/fr/LC_MESSAGES/messages.mo b/budget/translations/fr/LC_MESSAGES/messages.mo
index 210852b0cf2b263ee5f84967ecea82579ef5145b..9797791b9e9f1c94edaf925590955854024f7c0f 100644
GIT binary patch
delta 2102
zcmYM!e@N7K9LMpu`J-K4S!TayeNCsWEo)i|;YM9qtfD9ek$+TY_azVfQQjF^*|E_a
zY-}*r1)E4+L0Yj2q^PK9#B51F2}~J9tX2jVMT>}t^?c<QI=*+0&*$^~d_O<lpZE73
z&F>4u?qsIKjn7uTAMzbYR_*=g%uurlRL^1&-oktw_JLUveuf!XjNGyXs3Df(FkFEn
zu);Hp>C_u>q*=^%Qb?sCj-#;^wUDEjhL<r5Z(=6)V+y`TE;HX?e;+cS<)bDn_3Ddo
z6!q1pdBUjY>M)b}t&swk{ool#O}q!E-~q3_3&&Ewj>GXGPQ@2E5y!J#Jy(ncI2X0h
zO4N=wB9}$@`51R#2J>471+DNTs$;iT??J7&AGNb5=*Rz2q4v{R5y?We7ohshMn$k3
z>1vh8Wi|Y$UlZy`TQH{3?xmoWAIBU#gZuFg>PWufDGjt6)h~hLu>-Z!KX4pALJgcm
zcodOI=wJz|eKq#uW(;7(2;$#Bp^XEZhNH<O4OE8t_!WMH+fX}7pw8|bYNr=b3+zQj
zWB~K<Kdi<HbkhA6WNr2vY6I;!8IO!4{tEFG8stsnIIYj~9+pvmjB{~1=cEO?sN85q
zHe+o#0}rDj)rX4Eebl&bFdLIOFO8pr>i0>Ef>u<5N|w((1IRPB*t@?5wZrwO9aW(Q
z*pAxScc`r2g_>Z$*Zw;yNl$z2xAAA*+lQzP#F|KePbvJ03UL<>!Fxy_dw`nwm1okJ
z!3Fq`pjb9e!a`KPCCFu~_|Z{S;Y{3&ickX8?-~-JnBAhFfu5owki<Ktkfvb)W}zZc
zhIFyz$Ymj~eH$voKO*^Rzo3$Dk5@m9ic}XW(l<~M=|!L3|JM|h45=Kf7LtdG$Q)G1
zN+h4`ThvbCsDHRWQD=M!74m<u7za?1bGWI67o+->^TRD$i(1GQ9LxOHOhG%|g$m6+
z)J_k1?dMSgT}3VME^4RGP-p%IHL#y|Oi7l9ss~W_E3g#9_%$ZH_FTdg)6R-0XyO3s
z^;v>?pbi~uM-BWJDn}lmB9_d-%c<Cn^Kl{i>C}uXu^g`<kJuOnDa2WrkL$9DKhd`q
z8gxc&s2z5oviuY(GFMRl4}arUOkq|fT@1-fYenV2F;rHcK!vymwXxf%asEY({~QCD
zGKKhmL18gZX@xDQi4v#~cViLupcdqF2LH*jQQ2LJGjJX%2WnBzHG1`(sD=E5T1XtV
zkT%q7d-zKVx^WV9X6I1@^rDjJK5F8Zs0q_^2G2ALr%}&E4YVw$^U%=r)ZB%^NL6KB
zus-C3BhH3~`g*rETHWM?+~9_2cuO$qh6+26`M)1NdsA?u>x2q|p_*`QI1;T7M#FWr
hjvI+O^lWgetKAwNbwU>oM&3Po;h<aCSu(LR?JZ-K+vNZN

delta 1997
zcmYM!d5D)q7zgmF)}z&RZL_t^W4%^0w>&5_!}98a4umL6kqXVt4lore;zx!SM4F_g
z7^svW9!af5iGLVkVv!^S8i^n!C>lmVkk!)Xi!Zdi`+jETop<J$XXgF=IQ8t5+R3K6
zwZ-4d{`>p?<%-n)|J&KEl<QP?aU2h^l^1y#2X`-}kwdAejAw?J#CqPzUcA3@7JH~K
zVDD0DWwAmR4a<2o-(~{Y#ID@OK0LrC9%miT(N%tPOaH%Uz|wr>r3ptc^;>xr?_uVd
z#k@C{P3A8P6kO%i%H_<&t2l`3s`k&>tiGQOJjNkB&3^1|xp{9WM{pDq=uBqCkJ441
zcDsQuu+jWwy+R_~#&q0U)xTyUKF+M<Bzy7#lj?t%jMRB4?R}Yk!<dZRLS4#Cy2>24
z^lN9fbSY~|?Yjzzd@BcYCqLv7W=j@%D+8@y`mN@*T+hDzgc<NKlZl_%!p^FFkaV3<
zpU9~k;y^6nyk7D@QsE~J8K}-lYGr>8=QL&|?aZF7U{<(_32ZZyi9H;~eSD6ms^<^t
zEQazF6Znf9$fZnX*Y=kG6gFzGjb%&a4&I^u8E@zBOn`0nDQ98^a|Y(IjW017+QMXJ
zCo}Fr4&b-U_-C1Ze=q@c))aC`y4c8APfewf=`fgC;Yeo1W0(P^Gb?+D`MhQ`6D+LS
zmoSHOS=GLkt9`G#nFUO-@1t3JQXwf`$;-Ke`jn5EiNC5m%mi?hl2K0cdj45GZ@Q)w
zSLx@Lts29dIg!awJ2T$<OolemIJNSHLRNm5N$C-e;0Y!Zb-p>p(#(8*qutUzjY;t%
zbWY0?%;9^csxM<QwUWu?1|}n$nM@tvz<mGTDP%?GnUws?bR1>Foul#qvywT?FWWoJ
z3RW`%ZRdFIVKR4y3Gi>GUxS-sX=MVLOjDE@Y%qVBt&r3_%dB)!9`G$@pmj`u+nAMp
z$?W+-X5b%~Lw3HZ*ZUUpd<Z9SEMI4P)qajy*hSVdalO3d^J!uWCols(#+;3%%xCjn
z<){2c{V1pN0|((Xp5hG7^^!+rD{ta{w(<hA@@9i)YuX0Le^z#zh8(W@n3d0Aeis(<
z6|P|pTcaqPw{j!1_jfU;`EDk)^O*%b&y2H#8UGDV<r+@rF($y~LGqu8#u_E5eVpSs
zp9yFKWvT39PW2(S@q1?PJDK;ow_K|CVFDS*1Tvfnq>cGpCo%2!GF$iXM1>5nfH^#i
mnTg+ICfvyE<ws1Q9n3%{S~~W2>(Qm-*PhE8I=1)Q-Ss~+S+mgq

diff --git a/budget/translations/fr/LC_MESSAGES/messages.po b/budget/translations/fr/LC_MESSAGES/messages.po
index 0f3339ef..eec04676 100644
--- a/budget/translations/fr/LC_MESSAGES/messages.po
+++ b/budget/translations/fr/LC_MESSAGES/messages.po
@@ -271,6 +271,10 @@ msgstr "Facture la plus récente"
 msgid "Oldest bill"
 msgstr "Facture la plus ancienne"
 
+#: templates/dashboard.html:25
+msgid "The Dashboard is currently deactivated."
+msgstr "La page d'administration est actuellement désactivée."
+
 #: templates/edit_project.html:6 templates/list_bills.html:24
 msgid "you sure?"
 msgstr "c'est sûr ?"
diff --git a/budget/web.py b/budget/web.py
index ecb6f7e8..0d00cd11 100644
--- a/budget/web.py
+++ b/budget/web.py
@@ -294,7 +294,7 @@ def delete_project():
     g.project.remove_project()
     flash(_('Project successfully deleted'))
 
-    return redirect(url_for(".home"))
+    return redirect(request.headers.get('Referer') or url_for('.home'))
 
 
 @main.route("/exit")
@@ -507,5 +507,8 @@ def settle_bill():
 
 
 @main.route("/dashboard")
+@requires_admin()
 def dashboard():
-    return render_template("dashboard.html", projects=Project.query.all())
+    is_dashboard_activated = current_app.config['ACTIVATE_DASHBOARD']
+    return render_template("dashboard.html", projects=Project.query.all(),
+                           is_dashboard_activated=is_dashboard_activated)
diff --git a/docs/installation.rst b/docs/installation.rst
index c0900129..7c881cf0 100644
--- a/docs/installation.rst
+++ b/docs/installation.rst
@@ -86,12 +86,15 @@ properly.
 | ACTIVATE_DEMO_PROJECT        |  ``True``                 | If set to `True`, a demo project will be available on the frontpage.                   |
 +------------------------------+---------------------------+----------------------------------------------------------------------------------------+
 |                              |                           | Hashed password to access protected endpoints. The default password is ``adminpass``.  |
-| ADMIN_PASSWORD               |  ``"pbkdf2:sha256:50.."`` | **This needs to be changed**.                                                          |
+|                              |                           | **This needs to be changed** when you disable public project creation or activate the  |
+| ADMIN_PASSWORD               |  ``"pbkdf2:sha256:50.."`` | dashboard.                                                                             |
 |                              |                           | To generate the proper password HASH, use ``./budget/manage.py generate_password_hash``|
 |                              |                           | and copy its output into the value of *ADMIN_PASSWORD*.                                |
 +------------------------------+---------------------------+----------------------------------------------------------------------------------------+
 | ALLOW_PUBLIC_PROJECT_CREATION|  ``True``                 | If set to `True`, everyone can create a project without entering the admin password    |
 +------------------------------+---------------------------+----------------------------------------------------------------------------------------+
+| ACTIVATE_DASHBOARD           |  ``False``                | If set to `True`, the dashboard will become accessible entering the admin password     |
++------------------------------+---------------------------+----------------------------------------------------------------------------------------+
 
 .. _`the SQLAlechemy documentation`: http://docs.sqlalchemy.org/en/latest/core/engines.html#database-urls