From 4735fc7e8d45abe0b580982fbc8fdec93d6e52dd Mon Sep 17 00:00:00 2001
From: Lucas McCullum <lumccul3@gmail.com>
Date: Mon, 8 Feb 2021 15:38:55 -0500
Subject: [PATCH 1/2] Adds previous credential applications to admin user
 profile

---
 .../templates/console/application_display_table.html      | 4 +++-
 physionet-django/console/views.py                         | 1 -
 physionet-django/user/urls.py                             | 2 ++
 physionet-django/user/views.py                            | 8 ++++++--
 4 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/physionet-django/console/templates/console/application_display_table.html b/physionet-django/console/templates/console/application_display_table.html
index 6a86f08822..68fa202f69 100644
--- a/physionet-django/console/templates/console/application_display_table.html
+++ b/physionet-django/console/templates/console/application_display_table.html
@@ -3,7 +3,9 @@
 {% load console_templatetags %}
 
 <p>Username: <a href="{% url 'user_management' application.user.username %}">{{ application.user.username }}</a></br>
-Applied: {{ application.application_datetime|date }}</p>
+  Applied: {{ application.application_datetime|date }}</br>
+[<a href="{% url 'user_credential_applications' application.user %}" target="_blank">View previous applications.</a>]</br>
+[<a href="https://www.google.com/search?q={{ application.first_names }} {{ application.last_name }} {{ application.organization_name }}" target="_blank">Search for name and affiliation.</a>]</p>
 
 {% if application.reference_contact_datetime %}
   Reference contact date: {{ application.reference_contact_datetime|date }}<br />
diff --git a/physionet-django/console/views.py b/physionet-django/console/views.py
index 1c9d4fccb5..982ef7d6e6 100644
--- a/physionet-django/console/views.py
+++ b/physionet-django/console/views.py
@@ -927,7 +927,6 @@ def user_management(request, username):
     projects['Archived'] = ArchivedProject.objects.filter(authors__user=user).order_by('-archive_datetime')
     projects['Published'] = PublishedProject.objects.filter(authors__user=user).order_by('-publish_datetime')
 
-
     return render(request, 'console/user_management.html', {'subject': user,
                                                             'profile': user.profile,
                                                             'emails': emails,
diff --git a/physionet-django/user/urls.py b/physionet-django/user/urls.py
index 4ed91fe989..bc9650f9f1 100644
--- a/physionet-django/user/urls.py
+++ b/physionet-django/user/urls.py
@@ -38,6 +38,8 @@
     path('settings/credentialing/', views.edit_credentialing, name='edit_credentialing'),
     path('settings/credentialing/applications/',
         views.user_credential_applications, name='user_credential_applications'),
+    path('settings/credentialing/applications/<user>/',
+        views.user_credential_applications, name='user_credential_applications'),
     path('settings/agreements/', views.view_agreements, name='edit_agreements'),
     path('settings/agreements/<id>/',
         views.view_signed_agreement, name='view_signed_agreement'),
diff --git a/physionet-django/user/views.py b/physionet-django/user/views.py
index 6e365c0ee6..271acb511b 100644
--- a/physionet-django/user/views.py
+++ b/physionet-django/user/views.py
@@ -576,12 +576,16 @@ def edit_credentialing(request):
 
 
 @login_required
-def user_credential_applications(request):
+def user_credential_applications(request, user=None):
     """
     All the credential applications made by a user
     """
+    if user:
+        request_user = User.objects.filter(username=user)[0]
+    else:
+        request_user = request.user
     applications = CredentialApplication.objects.filter(
-        user=request.user).order_by('-application_datetime')
+        user=request_user).order_by('-application_datetime')
 
     return render(request, 'user/user_credential_applications.html',
         {'applications':applications})

From 63fe1a70821c7a852160957320c6f1b5390c0fec Mon Sep 17 00:00:00 2001
From: Lucas McCullum <lumccul3@gmail.com>
Date: Fri, 19 Feb 2021 09:52:41 -0500
Subject: [PATCH 2/2] Changes user to username; restricts outside users

---
 physionet-django/user/urls.py  |  2 +-
 physionet-django/user/views.py | 11 +++++++----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/physionet-django/user/urls.py b/physionet-django/user/urls.py
index bc9650f9f1..83fa653bf1 100644
--- a/physionet-django/user/urls.py
+++ b/physionet-django/user/urls.py
@@ -38,7 +38,7 @@
     path('settings/credentialing/', views.edit_credentialing, name='edit_credentialing'),
     path('settings/credentialing/applications/',
         views.user_credential_applications, name='user_credential_applications'),
-    path('settings/credentialing/applications/<user>/',
+    path('settings/credentialing/applications/<username>/',
         views.user_credential_applications, name='user_credential_applications'),
     path('settings/agreements/', views.view_agreements, name='edit_agreements'),
     path('settings/agreements/<id>/',
diff --git a/physionet-django/user/views.py b/physionet-django/user/views.py
index 271acb511b..632a6021d5 100644
--- a/physionet-django/user/views.py
+++ b/physionet-django/user/views.py
@@ -16,7 +16,7 @@
 from django.db import IntegrityError
 from django.forms import inlineformset_factory, HiddenInput, CheckboxInput
 from django.http import HttpResponse, Http404, HttpResponseRedirect
-from django.shortcuts import redirect, render
+from django.shortcuts import redirect, render, get_object_or_404
 from django.template import loader
 from django.urls import reverse, reverse_lazy
 from django.utils import timezone
@@ -576,12 +576,15 @@ def edit_credentialing(request):
 
 
 @login_required
-def user_credential_applications(request, user=None):
+def user_credential_applications(request, username=None):
     """
     All the credential applications made by a user
     """
-    if user:
-        request_user = User.objects.filter(username=user)[0]
+    if username:
+        if request.user.is_admin or (request.user == username):
+            request_user = get_object_or_404(User, username__iexact=username)
+        else:
+            raise Http404()
     else:
         request_user = request.user
     applications = CredentialApplication.objects.filter(