From 2eda342303b5b303df3c649f7e1c43ab246874ce Mon Sep 17 00:00:00 2001
From: JoeyStk <johannes.stock@yahoo.de>
Date: Tue, 18 Feb 2025 11:11:29 +0100
Subject: [PATCH] Finalize permissions

---
 integreat_cms/cms/constants/roles.py            |  6 ++++--
 .../release_notes/current/unreleased/2955.yml   |  2 ++
 .../cms/views/contacts/test_contact_actions.py  | 17 ++++++++++++-----
 tests/cms/views/contacts/test_contact_form.py   | 12 ++++++------
 tests/cms/views/poi/test_poi_form.py            |  7 +++++--
 5 files changed, 29 insertions(+), 15 deletions(-)
 create mode 100644 integreat_cms/release_notes/current/unreleased/2955.yml

diff --git a/integreat_cms/cms/constants/roles.py b/integreat_cms/cms/constants/roles.py
index b508ea260c..38d4023af9 100644
--- a/integreat_cms/cms/constants/roles.py
+++ b/integreat_cms/cms/constants/roles.py
@@ -88,6 +88,8 @@
     *EVENT_MANAGER_PERMISSIONS,
     "change_page",
     "view_page",
+    "view_contact",
+    "change_contact",
 ]
 
 
@@ -144,6 +146,7 @@
     "view_translation_report",
     "view_broken_links",
     "view_statistics",
+    "view_contact",
 ]
 
 #: The permissions of the app team
@@ -165,6 +168,7 @@
     "replace_mediafile",
     "send_push_notification",
     "upload_mediafile",
+    "change_contact",
 ]
 
 #: The permissions of the service team
@@ -194,9 +198,7 @@
     "delete_user",
     "grant_page_permissions",
     "manage_translations",
-    "change_contact",
     "delete_contact",
-    "view_contact",
     "view_externalcalendar",
 ]
 
diff --git a/integreat_cms/release_notes/current/unreleased/2955.yml b/integreat_cms/release_notes/current/unreleased/2955.yml
new file mode 100644
index 0000000000..9fa9435ac6
--- /dev/null
+++ b/integreat_cms/release_notes/current/unreleased/2955.yml
@@ -0,0 +1,2 @@
+en: Add contact management
+de: Füge Kontaktverwaltung hinzu
diff --git a/tests/cms/views/contacts/test_contact_actions.py b/tests/cms/views/contacts/test_contact_actions.py
index 9c0f392876..993d8f0430 100644
--- a/tests/cms/views/contacts/test_contact_actions.py
+++ b/tests/cms/views/contacts/test_contact_actions.py
@@ -11,7 +11,14 @@
 from django.urls import reverse
 
 from integreat_cms.cms.models import Contact
-from tests.conftest import ANONYMOUS, HIGH_PRIV_STAFF_ROLES
+from tests.conftest import (
+    ANONYMOUS,
+    AUTHOR,
+    EDITOR,
+    HIGH_PRIV_STAFF_ROLES,
+    MANAGEMENT,
+    PRIV_STAFF_ROLES,
+)
 from tests.utils import assert_message_in_log
 
 # Use the region Augsburg, as it has some contacts in the test data
@@ -55,7 +62,7 @@ def test_archive_contact(
     )
     response = client.post(archive_contact)
 
-    if role in HIGH_PRIV_STAFF_ROLES:
+    if role in (*PRIV_STAFF_ROLES, MANAGEMENT, EDITOR, AUTHOR):
         assert response.status_code == 302
         redirect_url = response.headers.get("location")
         if should_be_archived:
@@ -181,7 +188,7 @@ def test_restore_contact(
     )
     response = client.post(restore_contact)
 
-    if role in HIGH_PRIV_STAFF_ROLES:
+    if role in (*PRIV_STAFF_ROLES, MANAGEMENT, EDITOR, AUTHOR):
         assert response.status_code == 302
         redirect_url = response.headers.get("location")
         assert_message_in_log(
@@ -237,7 +244,7 @@ def test_bulk_archive_contacts(
         data={"selected_ids[]": BULK_ARCHIVE_SELECTED_IDS},
     )
 
-    if role in HIGH_PRIV_STAFF_ROLES:
+    if role in (*PRIV_STAFF_ROLES, MANAGEMENT, EDITOR, AUTHOR):
         assert response.status_code == 302
         redirect_url = response.headers.get("location")
         redirect_page = client.get(redirect_url).content.decode("utf-8")
@@ -366,7 +373,7 @@ def test_bulk_restore_contacts(
         data={"selected_ids[]": BULK_RESTORE_SELECTED_IDS},
     )
 
-    if role in HIGH_PRIV_STAFF_ROLES:
+    if role in (*PRIV_STAFF_ROLES, MANAGEMENT, EDITOR, AUTHOR):
         assert response.status_code == 302
         redirect_url = response.headers.get("location")
         redirect_page = client.get(redirect_url).content.decode("utf-8")
diff --git a/tests/cms/views/contacts/test_contact_form.py b/tests/cms/views/contacts/test_contact_form.py
index e71b3d6ae4..d394e25009 100644
--- a/tests/cms/views/contacts/test_contact_form.py
+++ b/tests/cms/views/contacts/test_contact_form.py
@@ -12,7 +12,7 @@
 
 from integreat_cms.cms.forms import ContactForm
 from integreat_cms.cms.models import Contact, Region
-from tests.conftest import ANONYMOUS, HIGH_PRIV_STAFF_ROLES
+from tests.conftest import ANONYMOUS, AUTHOR, EDITOR, MANAGEMENT, PRIV_STAFF_ROLES
 from tests.utils import assert_message_in_log
 
 # Use the region Augsburg, as it has some contacts in the test data
@@ -54,7 +54,7 @@ def test_create_a_new_contact(
         },
     )
 
-    if role in HIGH_PRIV_STAFF_ROLES:
+    if role in (*PRIV_STAFF_ROLES, MANAGEMENT, EDITOR, AUTHOR):
         assert_message_in_log(
             'SUCCESS  Contact for "Draft location with area of responsibility: Title" was successfully created',
             caplog,
@@ -113,7 +113,7 @@ def test_edit_a_contact(
         },
     )
 
-    if role in HIGH_PRIV_STAFF_ROLES:
+    if role in (*PRIV_STAFF_ROLES, MANAGEMENT, EDITOR, AUTHOR):
         assert_message_in_log(
             'SUCCESS  Contact for "Draft location with area of responsibility: Title Updated" was successfully saved',
             caplog,
@@ -167,7 +167,7 @@ def test_no_contact_without_poi(
         },
     )
 
-    if role in HIGH_PRIV_STAFF_ROLES:
+    if role in (*PRIV_STAFF_ROLES, MANAGEMENT, EDITOR, AUTHOR):
         assert_message_in_log(
             "ERROR    Location: This field is required.",
             caplog,
@@ -217,7 +217,7 @@ def test_at_least_one_field_filled(
         },
     )
 
-    if role in HIGH_PRIV_STAFF_ROLES:
+    if role in (*PRIV_STAFF_ROLES, MANAGEMENT, EDITOR, AUTHOR):
         assert_message_in_log(
             "ERROR    One of the following fields must be filled: area of responsibility, name, e-mail, phone number, website.",
             caplog,
@@ -270,7 +270,7 @@ def test_one_primary_contact_per_poi(
         },
     )
 
-    if role in HIGH_PRIV_STAFF_ROLES:
+    if role in (*PRIV_STAFF_ROLES, MANAGEMENT, EDITOR, AUTHOR):
         assert_message_in_log(
             "ERROR    Only one contact per location can have an empty area of responsibility.",
             caplog,
diff --git a/tests/cms/views/poi/test_poi_form.py b/tests/cms/views/poi/test_poi_form.py
index d0c010c499..ce96399133 100644
--- a/tests/cms/views/poi/test_poi_form.py
+++ b/tests/cms/views/poi/test_poi_form.py
@@ -23,8 +23,12 @@
 )
 from tests.conftest import (
     ANONYMOUS,
+    AUTHOR,
+    EDITOR,
     HIGH_PRIV_STAFF_ROLES,
+    MANAGEMENT,
     PRIV_STAFF_ROLES,
+    STAFF_ROLES,
     WRITE_ROLES,
 )
 from tests.utils import assert_message_in_log
@@ -311,8 +315,7 @@ def test_poi_form_shows_no_associated_contacts(
         assert (
             response.headers.get("location") == f"{settings.LOGIN_URL}?next={edit_poi}"
         )
-    # probably needs adjustment after #2958
-    elif role in HIGH_PRIV_STAFF_ROLES:
+    if role in (*STAFF_ROLES, MANAGEMENT, EDITOR, AUTHOR):
         assert (
             "This location is not currently referred to in any contact."
             in response.content.decode("utf-8")