Only the KO can view

atst/forms/data.py

@@ -196,10 +196,7 @@ APPLICATION_COMPLEXITY = [
 ]
 
 DEV_TEAM = [
-    (
+    ("civilians", translate("forms.task_order.dev_team.civilians")),
-        "civilians",
-        translate("forms.task_order.dev_team.civilians"),
-    ),
     ("military", translate("forms.task_order.dev_team.military")),
     ("contractor", translate("forms.task_order.dev_team.contractor")),
     ("other", translate("forms.task_order.dev_team.other")),

atst/forms/ko_review.py

@@ -3,7 +3,7 @@ from flask_wtf.file import FileAllowed
 
 from wtforms.fields.html5 import DateField
 from wtforms.fields import StringField, TextAreaField, FileField
-from wtforms.validators import Optional, Length, InputRequired
+from wtforms.validators import Optional, Length
 
 from .forms import CacheableForm
 from .validators import IsNumber, DateRange

atst/routes/portfolios/task_orders.py

@@ -73,14 +73,20 @@ def view_task_order(portfolio_id, task_order_id):
 @portfolios_bp.route("/portfolios/<portfolio_id>/task_order/<task_order_id>/review")
 def ko_review(portfolio_id, task_order_id):
     task_order = TaskOrders.get(g.current_user, task_order_id)
-    # get permission: make sure g.current_user is task_order.contracting_officer
     portfolio = Portfolios.get(g.current_user, portfolio_id)
-    return render_template(
+    if task_order.contracting_officer == g.current_user:
-        "/portfolios/task_orders/review.html",
+        return render_template(
-        portfolio=portfolio,
+            "/portfolios/task_orders/review.html",
-        task_order=task_order,
+            portfolio=portfolio,
-        form=KOReviewForm(obj=task_order),
+            task_order=task_order,
-    )
+            form=KOReviewForm(obj=task_order),
+        )
+    else:
+        return render_template(
+            "portfolios/task_orders/show.html",
+            portfolio=portfolio,
+            task_order=task_order,
+        )
 
 
 @portfolios_bp.route(