From d4fd3fb262d60c1787ef84246345cb6ed91ad0c4 Mon Sep 17 00:00:00 2001
From: Montana <montana-ctr@friends.dds.mil>
Date: Thu, 24 Jan 2019 16:37:46 -0500
Subject: [PATCH] Fix merge conflicts

---
 atst/domain/authz.py                         |  9 ++++
 atst/routes/task_orders/new.py               |  2 +
 templates/components/datepicker.html         | 50 ++++++++++++++++++++
 templates/portfolios/task_orders/review.html |  7 ++-
 templates/task_orders/new/app_info.html      | 12 +++++
 5 files changed, 78 insertions(+), 2 deletions(-)
 create mode 100644 templates/components/datepicker.html

diff --git a/atst/domain/authz.py b/atst/domain/authz.py
index de3c2156..f0c44afe 100644
--- a/atst/domain/authz.py
+++ b/atst/domain/authz.py
@@ -36,6 +36,15 @@ class Authorization(object):
     def is_ccpo(cls, user):
         return user.atat_role.name == "ccpo"
 
+    @classmethod
+    def check_is_mo_or_cor(cls, user, task_order):
+        if (
+            task_order.contracting_officer_representative != user
+            and task_order.creator != user
+        ):
+            message = "build Task Order {}".format(task_order.id)
+            raise UnauthorizedError(user, message)
+
     @classmethod
     def check_is_ko(cls, user, task_order):
         if task_order.contracting_officer != user:
diff --git a/atst/routes/task_orders/new.py b/atst/routes/task_orders/new.py
index 8892ba05..62647ce0 100644
--- a/atst/routes/task_orders/new.py
+++ b/atst/routes/task_orders/new.py
@@ -261,6 +261,7 @@ def get_started():
 @task_orders_bp.route("/portfolios/<portfolio_id>/task_orders/new/<int:screen>")
 def new(screen, task_order_id=None, portfolio_id=None):
     workflow = ShowTaskOrderWorkflow(g.current_user, screen, task_order_id)
+    Authorization.check_is_mo_or_cor(g.current_user, task_order)
     return render_template(
         workflow.template,
         current=screen,
@@ -283,6 +284,7 @@ def update(screen, task_order_id=None, portfolio_id=None):
     workflow = UpdateTaskOrderWorkflow(
         g.current_user, form_data, screen, task_order_id, portfolio_id
     )
+    Authorization.check_is_mo_or_cor(g.current_user, task_order)
     if workflow.validate():
         workflow.update()
         return redirect(
diff --git a/templates/components/datepicker.html b/templates/components/datepicker.html
new file mode 100644
index 00000000..c597aeb5
--- /dev/null
+++ b/templates/components/datepicker.html
@@ -0,0 +1,50 @@
+{% from "components/icon.html" import Icon %}
+
+{% macro DatePicker(field) -%}
+
+  <date-selector inline-template>
+    <div class="usa-input date-picker" v-bind:class="{ 'usa-input--success': isDateValid }">
+      <input v-bind:value="formattedDate" type="hidden" />
+
+
+      <div class="usa-form-group usa-form-group-month">
+        <label>Month</label>
+        <input
+          max="12"
+          maxlength="2"
+          min="1"
+          type="number"
+          v-bind:class="{ 'usa-input-error': !isMonthValid }"
+          v-model="month"
+        />
+      </div>
+
+      <div class="usa-form-group usa-form-group-day">
+        <label>Day</label>
+        <input
+          maxlength="2"
+          min="1"
+          type="number"
+          v-bind:class="{ 'usa-input-error': !isDayValid }"
+          v-bind:max="daysMaxCalculation"
+          v-model="day"
+        />
+      </div>
+
+      <div class="usa-form-group usa-form-group-year">
+        <label>Year</label>
+        <input
+          maxlength="2"
+          type="number"
+          v-model="year"
+        />
+      </div>
+
+      <div class="usa-form-group-date-ok" v-if="isDateValid">
+        {{ Icon("ok", classes="icon--green") }}
+      </div>
+
+    </div>
+  </date-selector>
+
+{%- endmacro %}
diff --git a/templates/portfolios/task_orders/review.html b/templates/portfolios/task_orders/review.html
index 61b50e8c..73e43186 100644
--- a/templates/portfolios/task_orders/review.html
+++ b/templates/portfolios/task_orders/review.html
@@ -16,8 +16,11 @@
 
   {% include "fragments/flash.html" %}
 
-  <form method='POST' action="{{ url_for('portfolios.submit_ko_review', portfolio_id=portfolio.id, task_order_id=task_order.id, form=form) }}" autocomplete="off" enctype="multipart/form-data">
-  {{ form.csrf_token }}
+  {% block form_action %}
+    {% if task_order_id %}
+      <form method='POST' action="{{ url_for('portfolios.submit_ko_review', portfolio_id=portfolio_id, task_order_id=task_order_id, form=form) }}" autocomplete="off" enctype="multipart/form-data">
+    {% endif %}
+  {% endblock %}
 
   {% block form %}
 
diff --git a/templates/task_orders/new/app_info.html b/templates/task_orders/new/app_info.html
index a5cd23d7..fc819d93 100644
--- a/templates/task_orders/new/app_info.html
+++ b/templates/task_orders/new/app_info.html
@@ -4,6 +4,7 @@
 {% from "components/options_input.html" import OptionsInput %}
 {% from "components/date_input.html" import DateInput %}
 {% from "components/multi_checkbox_input.html" import MultiCheckboxInput %}
+{% from "components/datepicker.html" import DatePicker %}
 
 {% block heading %}
   {{ "task_orders.new.app_info.section_title"| translate }}
@@ -11,6 +12,17 @@
 
 {% block form %}
 
+<div class="usa-input">
+  <label>
+    <div class="usa-input__title">Date picker</div>
+  </label>
+
+  <span class="usa-form-hint">For example: 04 28 1986</span>
+
+  {{ DatePicker() }}
+</div>
+
+
 <!-- App Info Section -->
 <h3 class="task-order-form__heading subheading">{{ "task_orders.new.app_info.basic_info_title"| translate }}</h3>
 {{ TextInput(form.portfolio_name, placeholder="The name of your office or organization", validation="portfolioName") }}