Allow organizers to lock/unlock a session in Open Event Frontend

Allow organizers to lock/unlock a session in Open Event Frontend

This blog post will showcase an option which can be used by organizers to lock/unlock a session in Open Event Frontend. Let’s start by understanding what this feature means and why is it important for organizers. If a session is locked by an organizer, it cannot be edited by the session creator. 

Suppose an event organizer wants final session submission by a particular date so that he/she can shortlist the sessions based on final submission, but the user goes on editing the session event after final date of submission. This is a situation where this feature will help the organizer to prohibit the user from further modification of session.

If a session is unlocked, then unlock icon is shown:

Unlocked Session

However, if a session is locked, lock icon is shown:

Locked Session

Snippet to toggle locked/unlocked icon:

{{#if record.isLocked}}
  {{#ui-popup content=(t 'Unlock Session') class='ui basic Button' click=(action unlockSession record) position='left center'}}
    <i class="lock icon"></i>   
  {{/ui-popup}}
{{else}}
  {{#ui-popup content=(t 'Lock Session') class='ui basic Button' click=(action lockSession record) position='left center'}}
    <i class="unlock icon"></i>   
  {{/ui-popup}}
{{/if}}

On clicking these icon buttons, corresponding action is triggered which updates the status of is-locked attribute of the session. When an organizer clicks on lock icon button, unlockSession action is triggered which sets is-locked property of session to false. However if unlock icon button is clicked, lockSession action is triggered which sets the is-locked property of session to true.

Snippet to lock a session:

lockSession(session) {
     session.set('isLocked', true);
     this.set('isLoading', true);
     session.save()
       .then(() => {
         this.notify.success(this.l10n.t('Session has been locked successfully.'));
         this.send('refreshRoute');
       })
       .catch(() => {
         this.notify.error(this.l10n.t('An unexpected error has occurred.'));
       })
       .finally(() => {
         this.set('isLoading', false);
       });
   }

Snippet to unlock a session:

unlockSession(session) {
     session.set('isLocked', false);
     this.set('isLoading', true);
     session.save()
       .then(() => {
         this.notify.success(this.l10n.t('Session has been unlocked successfully.'));
         this.send('refreshRoute');
       })
       .catch(() => {
         this.notify.error(this.l10n.t('An unexpected error has occurred.'));
       })
       .finally(() => {
         this.set('isLoading', false);
       });
   }

These changes required few server checks so that only a person with admin or organizer access can update the value of is-locked attribute of session. Also, any try to edit a locked session via API call must be rejected.

Server checks related to locking/unlocking a session:

def before_update_object(self, session, data, view_kwargs):
       """
       before update method to verify if session is locked before updating
       session object
       :param event:
       :param data:
       :param view_kwargs:
       :return:
       """
       if data.get('is_locked') != session.is_locked:
           if not (has_access('is_admin') or has_access('is_organizer')):
               raise ForbiddenException({'source': '/data/attributes/is-locked'}, "You don't have enough permissions to change this property")

       if session.is_locked and data.get('is_locked') == session.is_locked:
           raise ForbiddenException({'source': '/data/attributes/is-locked'}, "Locked sessions cannot be edited")

Resources:

Related work and code repo:

Close Menu