Display question details to specific groups

kitsune/questions/jinja2/questions/question_details.html

@@ -421,6 +421,7 @@
           {% endif %}
         </div>
       </li>
+      {% if is_trusted_user(request.user) %}
         <li class="mzp-c-details">
           <h3 class="sidebar-subheading sidebar-nav--heading-item is-accordion-heading">{{ _('Question Details') }}</h3>
           <div id="question-details" class="question-details">
@@ -531,6 +532,7 @@
             </form>
             </div>
           </li>
+        {% endif %}
 
         {% if related_documents or related_questions %}
         <li class="sidebar-subheading sidebar-nav--heading-item">{{ _('See also') }}</li>

kitsune/settings.py

@@ -1214,3 +1214,14 @@ CSP_CONNECT_SRC = (
     "https://*.google-analytics.com",
     "https://location.services.mozilla.com",
 )
+
+# Trusted Contributor Groups
+TRUSTED_GROUPS = [
+    "Forum Moderators",
+    "Administrators",
+    "SUMO Locale Leaders",
+    "Knowledge Base Reviewers",
+    "Reviewers",
+    # Temporary workaround to exempt individual users if needed
+    "Escape Spam Filtering",
+]

kitsune/sumo/forms.py

@@ -1,16 +1,6 @@
 from django import forms
 
-from kitsune.sumo.utils import check_for_spam_content
-
-TRUSTED_GROUPS = [
-    "Forum Moderators",
-    "Administrators",
-    "SUMO Locale Leaders",
-    "Knowledge Base Reviewers",
-    "Reviewers",
-    # Temporary workaround to exempt individual users if needed
-    "Escape Spam Filtering",
-]
+from kitsune.sumo.utils import check_for_spam_content, is_trusted_user
 
 
 class KitsuneBaseForumForm(forms.Form):
@@ -43,7 +33,7 @@ class KitsuneBaseForumForm(forms.Form):
 
         # Exclude moderators and trusted contributors
         if not (
-            self.user.groups.filter(name__in=TRUSTED_GROUPS).exists()
+            is_trusted_user(self.user)
             or self.user.has_perm("flagit.can_moderate")
             or self.user.has_perm("sumo.bypass_ratelimit")
         ) and check_for_spam_content(cdata):

kitsune/sumo/templatetags/jinja_helpers.py

@@ -17,7 +17,7 @@ from django.utils.encoding import smart_bytes, smart_text
 from django.utils.http import urlencode
 from django.utils.timezone import get_default_timezone
 from django.utils.translation import ugettext as _
-from django.utils.translation import gettext_lazy as _lazy
+from django.utils.translation import ugettext_lazy as _lazy
 from django.utils.translation import ungettext
 from django_jinja import library
 from jinja2.utils import Markup
@@ -26,6 +26,7 @@ from pytz import timezone
 from kitsune.products.models import Product
 from kitsune.sumo import parser
 from kitsune.sumo.urlresolvers import reverse
+from kitsune.sumo.utils import is_trusted_user as is_trusted_user_func
 from kitsune.sumo.utils import webpack_static as webpack_static_func
 from kitsune.users.models import Profile
 from kitsune.wiki.showfor import showfor_data as _showfor_data
@@ -549,3 +550,8 @@ def show_header_fx_download(context):
         return product.slug != "firefox"
     else:
         return True
+
+
+@library.global_function
+def is_trusted_user(user):
+    return is_trusted_user_func(user)

kitsune/sumo/utils.py

@@ -13,7 +13,6 @@ from django.db.models.signals import pre_delete
 from django.templatetags.static import static
 from django.utils import translation
 from django.utils.encoding import iri_to_uri
-
 from django.utils.http import url_has_allowed_host_and_scheme, urlencode
 from ratelimit.core import is_ratelimited as is_ratelimited_core
 from timeout_decorator import timeout
@@ -387,3 +386,20 @@ def webpack_static(source_path):
             return ""
         url = static(asset)
         return url
+
+
+def is_trusted_user(user: object) -> bool:
+    """Given a user ID, checks for group membership.
+
+    If a user belongs to one of the trusted groups as defined in the project
+    settings, then is considered a trusted user.
+    """
+    if not user or not user.is_authenticated:
+        return False
+    return any(
+        [
+            user.groups.filter(name__in=settings.TRUSTED_GROUPS).exists(),
+            user.is_superuser,
+            user.is_staff,
+        ]
+    )