From 24c34430ac1f2e81850fd2200df4352ba3ae4cc1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C4=93teris=20Caune?= <cuu508@gmail.com>
Date: Wed, 26 Aug 2020 14:12:52 +0300
Subject: [PATCH] Read-only users cannot resume checks.

---
 hc/front/tests/test_details.py       | 13 +++++++++++++
 hc/front/tests/test_resume.py        |  8 ++++++++
 hc/front/views.py                    |  2 +-
 templates/front/log_status_text.html |  2 ++
 4 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/hc/front/tests/test_details.py b/hc/front/tests/test_details.py
index 938f555a..7080c0b8 100644
--- a/hc/front/tests/test_details.py
+++ b/hc/front/tests/test_details.py
@@ -61,3 +61,16 @@ class DetailsTestCase(BaseTestCase):
         self.assertNotContains(r, "Create a Copy&hellip;")
         self.assertNotContains(r, "transfer-btn")
         self.assertNotContains(r, "details-remove-check")
+
+    def test_it_hides_resume_action_from_readonly_users(self):
+        self.bobs_membership.rw = False
+        self.bobs_membership.save()
+
+        self.check.status = "paused"
+        self.check.manual_resume = True
+        self.check.save()
+
+        self.client.login(username="bob@example.org", password="password")
+        r = self.client.get(self.url)
+
+        self.assertNotContains(r, "resume-btn", status_code=200)
diff --git a/hc/front/tests/test_resume.py b/hc/front/tests/test_resume.py
index ec2bc539..d58ae489 100644
--- a/hc/front/tests/test_resume.py
+++ b/hc/front/tests/test_resume.py
@@ -26,3 +26,11 @@ class ResumeTestCase(BaseTestCase):
         self.client.login(username="bob@example.org", password="password")
         r = self.client.post(self.url)
         self.assertRedirects(r, self.redirect_url)
+
+    def test_it_requires_rw_access(self):
+        self.bobs_membership.rw = False
+        self.bobs_membership.save()
+
+        self.client.login(username="bob@example.org", password="password")
+        r = self.client.post(self.url)
+        self.assertEqual(r.status_code, 403)
diff --git a/hc/front/views.py b/hc/front/views.py
index 51bd5fbe..f527358a 100644
--- a/hc/front/views.py
+++ b/hc/front/views.py
@@ -494,7 +494,7 @@ def pause(request, code):
 @require_POST
 @login_required
 def resume(request, code):
-    check, rw = _get_check_for_user(request, code)
+    check = _get_rw_check_for_user(request, code)
 
     check.status = "new"
     check.last_start = None
diff --git a/templates/front/log_status_text.html b/templates/front/log_status_text.html
index 27c612b4..03f1509e 100644
--- a/templates/front/log_status_text.html
+++ b/templates/front/log_status_text.html
@@ -8,7 +8,9 @@
         This check is late. Last ping was {{ check.last_ping|naturaltime }}.
     {% elif status == "paused" and check.manual_resume %}
         This check is paused, and will ignore pings until resumed.
+        {% if rw %}
         <a id="resume-btn" href="#">(Resume&nbsp;Now)</a>
+        {% endif %}
     {% elif status == "paused" %}
         This check is paused.
     {% elif status == "new" and check.n_pings %}