Feat/ownership requests

backend/clubs/admin.py

@@ -38,6 +38,7 @@
     MembershipRequest,
     Note,
     NoteTag,
+    OwnershipRequest,
     Profile,
     QuestionAnswer,
     RecurringEvent,
@@ -282,6 +283,26 @@
     is_member.boolean = True
 
 
+class OwnershipRequestAdmin(admin.ModelAdmin):
+    search_fields = (
+        "person__username",
+        "person__email",
+        "club__name",
+        "created_at",
+    )
+    list_display = ("requester", "club", "email", "withdrawn", "created_at")
+    list_filter = ("withdrawn",)
+
+    def person(self, obj):
+        return obj.requester.username
+
+    def club(self, obj):
+        return obj.club.name
+
+    def email(self, obj):
+        return obj.requester.email
+
+
 class MembershipAdmin(admin.ModelAdmin):
     search_fields = (
         "person__username",
@@ -443,6 +464,7 @@
 admin.site.register(Major, MajorAdmin)
 admin.site.register(Membership, MembershipAdmin)
 admin.site.register(MembershipInvite, MembershipInviteAdmin)
+admin.site.register(OwnershipRequest, OwnershipRequestAdmin)
 admin.site.register(Profile, ProfileAdmin)
 admin.site.register(QuestionAnswer, QuestionAnswerAdmin)
 admin.site.register(RecurringEvent)

backend/clubs/migrations/0118_ownershiprequest.py

@@ -0,0 +1,38 @@
+# Generated by Django 5.0.4 on 2024-10-18 05:04
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("clubs", "0117_clubapprovalresponsetemplate"),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="OwnershipRequest",
+            fields=[
+                ("id", models.AutoField(
+                    auto_created=True,
+                    primary_key=True,
+                    serialize=False,
+                    verbose_name="ID")),
+                ("withdrew", models.BooleanField(default=False)),
+                ("created_at", models.DateTimeField(auto_now_add=True)),
+                ("updated_at", models.DateTimeField(auto_now=True)),
+                ("club", models.ForeignKey(
+                    on_delete=django.db.models.deletion.CASCADE,
+                    to="clubs.club")),
+                ("person", models.ForeignKey(
+                    on_delete=django.db.models.deletion.CASCADE,
+                    to=settings.AUTH_USER_MODEL)),
+            ],
+            options={
+                "unique_together": {("person", "club")},
+            },
+        ),
+    ]

backend/clubs/migrations/0119_rename_withdrew_ownershiprequest_withdrawn_and_more.py

@@ -0,0 +1,44 @@
+# Generated by Django 5.0.4 on 2024-10-18 11:42
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("clubs", "0118_ownershiprequest"),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.RenameField(
+            model_name="ownershiprequest",
+            old_name="withdrew",
+            new_name="withdrawn",
+        ),
+        migrations.RenameField(
+            model_name="ownershiprequest",
+            old_name="person",
+            new_name="requester",
+        ),
+        migrations.AlterField(
+            model_name="ownershiprequest",
+            name="club",
+            field=models.ForeignKey(
+                on_delete=django.db.models.deletion.CASCADE,
+                related_name="ownership_requests",
+                to="clubs.club"
+            ),
+        ),
+        migrations.AlterField(
+            model_name="ownershiprequest",
+            name="requester",
+            field=models.ForeignKey(
+                on_delete=django.db.models.deletion.CASCADE,
+                related_name="ownership_requests",
+                to=settings.AUTH_USER_MODEL
+            ),
+        ),
+    ]

backend/clubs/models.py

@@ -1122,6 +1122,58 @@
         unique_together = (("person", "club"),)
 
 
+class OwnershipRequest(models.Model):
+    """
+    Represents a user's request to take ownership of a club
+    """
+
+    requester = models.ForeignKey(
+        get_user_model(), on_delete=models.CASCADE, related_name="ownership_requests"
+    )
+    club = models.ForeignKey(
+        Club, on_delete=models.CASCADE, related_name="ownership_requests"
+    )
+
+    withdrawn = models.BooleanField(default=False)
+
+    created_at = models.DateTimeField(auto_now_add=True)
+    updated_at = models.DateTimeField(auto_now=True)
+
+    def __str__(self):
+        return f"<OwnershipRequest: {self.requester.username} for {self.club.code}>"
+
+    def send_request(self, request=None):
+        domain = get_domain(request)
+
+        edit_url = settings.EDIT_URL.format(domain=domain, club=self.club.code)
+
+        club_name = self.club.name
+
+        full_name = self.requester.get_full_name()
+
+        context = {
+            "club_name": club_name,
+            "edit_url": f"{edit_url}/member",
+            "full_name": full_name,
+        }
+
+        owner_emails = list(
+            self.club.membership_set.filter(
+                role=Membership.ROLE_OWNER, active=True
+            ).values_list("person__email", flat=True)
+        )
+
+        send_mail_helper(
+            name="ownership_request",
+            subject=f"Ownership Request from {full_name} for {club_name}",
+            emails=owner_emails,
+            context=context,
+        )
+
+    class Meta:
+        unique_together = (("requester", "club"),)
+
+
 class Advisor(models.Model):
     """
     Represents one faculty advisor or point of contact for a club.

backend/clubs/permissions.py

@@ -437,6 +437,26 @@
         return membership is not None and membership.role <= Membership.ROLE_OFFICER
 
 
+class OwnershipRequestPermission(permissions.BasePermission):
+    """
+    Only owners can view and modify ownership requests.
+    """
+
+    def has_permission(self, request, view):
+        if not request.user.is_authenticated:
+            return False
+
+        if "club_code" not in view.kwargs:
+            return False
+
+        if request.user.has_perm("clubs.manage_club"):
+            return True
+
+        obj = Club.objects.get(code=view.kwargs["club_code"])
+        membership = find_membership_helper(request.user, obj)
+        return membership is not None and membership.role == Membership.ROLE_OWNER
+
+
 class InvitePermission(permissions.BasePermission):
     """
     Officers and higher can list/delete invitations.

backend/clubs/serializers.py

@@ -43,6 +43,7 @@
     MembershipRequest,
     Note,
     NoteTag,
+    OwnershipRequest,
     Profile,
     QuestionAnswer,
     Report,
@@ -1999,6 +2000,72 @@
         fields = ("club", "club_name", "person")
 
 
+class OwnershipRequestSerializer(serializers.ModelSerializer):
+    """
+    Used by club owners to see who has requested to be owner of the club.
+    """
+
+    requester = serializers.HiddenField(default=serializers.CurrentUserDefault())
+    club = serializers.SlugRelatedField(queryset=Club.objects.all(), slug_field="code")
+    name = serializers.SerializerMethodField("get_full_name")
+    username = serializers.CharField(source="requester.username", read_only=True)
+    email = serializers.EmailField(source="requester.email", read_only=True)
+
+    school = SchoolSerializer(
+        many=True, source="requester.profile.school", read_only=True
+    )
+    major = MajorSerializer(many=True, source="requester.profile.major", read_only=True)
+    graduation_year = serializers.IntegerField(
+        source="requester.profile.graduation_year", read_only=True
+    )
+
+    def get_full_name(self, obj):
+        return obj.requester.get_full_name()
+
+    class Meta:
+        model = OwnershipRequest
+        fields = (
+            "club",
+            "created_at",
+            "email",
+            "graduation_year",
+            "major",
+            "name",
+            "requester",
+            "school",
+            "username",
+        )
+        validators = [
+            validators.UniqueTogetherValidator(
+                queryset=OwnershipRequest.objects.all(), fields=["club", "requester"]
+            )
+        ]
+
+
+class UserOwnershipRequestSerializer(serializers.ModelSerializer):
+    """
+    Used by the users to return the clubs that the user has sent OwnershipRequest to.
+    """
+
+    requester = serializers.HiddenField(default=serializers.CurrentUserDefault())
+    club = serializers.SlugRelatedField(queryset=Club.objects.all(), slug_field="code")
+    club_name = serializers.CharField(source="club.name", read_only=True)
+
+    def create(self, validated_data):
+        """
+        Send an email when a ownership request is created.
+        """
+        obj = super().create(validated_data)
+
+        obj.send_request(self.context["request"])
+
+        return obj
+
+    class Meta:
+        model = OwnershipRequest
+        fields = ("club", "club_name", "requester")
+
+
 class MinimalUserProfileSerializer(serializers.ModelSerializer):
     """
     A profile serializer used for the list view of all users.

backend/clubs/urls.py

@@ -35,6 +35,8 @@
     MemberViewSet,
     NoteViewSet,
     OptionListView,
+    OwnershipRequestManagementViewSet,
+    OwnershipRequestViewSet,
     QuestionAnswerViewSet,
     ReportViewSet,
     SchoolViewSet,
@@ -70,7 +72,10 @@
 router.register(r"clubvisits", ClubVisitViewSet, basename="clubvisits")
 router.register(r"searches", SearchQueryViewSet, basename="searches")
 router.register(r"memberships", MembershipViewSet, basename="members")
-router.register(r"requests", MembershipRequestViewSet, basename="requests")
+router.register(r"requests/membership", MembershipRequestViewSet, basename="requests")
+router.register(
+    r"requests/ownership", OwnershipRequestViewSet, basename="ownershiprequests"
+)
 router.register(r"tickets", TicketViewSet, basename="tickets")
 
 router.register(r"schools", SchoolViewSet, basename="schools")
@@ -108,6 +113,11 @@
     MembershipRequestOwnerViewSet,
     basename="club-membership-requests",
 )
+clubs_router.register(
+    r"ownershiprequests",
+    OwnershipRequestManagementViewSet,
+    basename="club-ownership-requests",
+)
 clubs_router.register(r"advisors", AdvisorViewSet, basename="club-advisors")
 clubs_router.register(
     r"applications", ClubApplicationViewSet, basename="club-applications"