From ff84547e2afcaadf23547ab7dabe98cc4be72106 Mon Sep 17 00:00:00 2001
From: Tim Garrels <tim.garrels@mdc-berlin.de>
Date: Thu, 26 Sep 2019 16:27:57 +0200
Subject: [PATCH 01/20] Resolve "Allow using existing db user in
 setup_database.sh"

---
 utility/setup_database.sh | 82 +++++++++++++++++++++++++++++++++------
 1 file changed, 70 insertions(+), 12 deletions(-)

diff --git a/utility/setup_database.sh b/utility/setup_database.sh
index 6aad9ce1..fd1ccf25 100755
--- a/utility/setup_database.sh
+++ b/utility/setup_database.sh
@@ -6,25 +6,83 @@ echo "***********************************************"
 
 # while loops to ensure input not empty
 
+# -------------
+# Database Name
+# -------------
 while [[ -z "$db_name" ]]
 do
     echo -n "Database Name: "
     read db_name
 done
 
-while [[ -z "$username" ]]
-do
-    echo -n "Username: "
-    read username
-done
+# ----------------
+# User Name Choice
+# ----------------
 
-while [[ -z "$password" ]]
+# Choice to create a new user or use and existing one
+while [ "$use_existing_user" != "y" ] && [ "$use_existing_user" != "n" ]
 do
-    echo -n "Password: "
-    read -s password
+    echo -n "Do you want to use an existing db-user? [y|n] "
+    read use_existing_user
 done
 
-sudo su -c "psql -c \"CREATE DATABASE $db_name;\"" postgres
-sudo su -c "psql -c \"CREATE USER $username WITH PASSWORD '$password';\"" postgres
-sudo su -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE $db_name to $username;\"" postgres
-sudo su -c "psql -c \"ALTER USER $username CREATEDB;\"" postgres
+# Existing user
+if [ "$use_existing_user" == "y" ]
+then
+    # Get and parse existing users
+
+    # All users in the psql database
+    users="$( sudo su - postgres -c "psql -c \"SELECT u.usename FROM pg_catalog.pg_user u;\"")"
+    # Regex to remove table header and row count
+    regex="usename\ -+ \K(.*)(?=\ \(\d*\ rows?\))"
+    # Use grep to execute regex
+    users=$(echo $users | grep -Po "$regex")
+    # Create user array by
+    # Splitting users string at spaces
+    IFS=' '
+    read -ra user_array <<< "$users"
+
+    # Choose existing user
+    echo ""
+    choice=-1
+    # Choice has to be in range and an integer
+    while (( $choice < 0 )) || (( $choice > ${#user_array[@] - 1} )) || ! [ "$choice" -eq "$choice" ]
+    do
+        echo "Choose an existing user"
+        idx=0
+        for user in "${user_array[@]}"; do # access each element of array
+            echo "[$idx] $user"
+            idx=$(( idx + 1 ))
+        done
+        echo -n "> "
+        read choice
+    done
+    username=${user_array[$choice]}
+
+# New user
+else
+    while [[ -z "$username" ]]
+    do
+        echo -n "New username: "
+        read username
+    done
+
+    # ----------------
+    # Password Choice
+    # ----------------
+    while [[ -z "$password" ]]
+    do
+        echo -n "Password: "
+        read -s password
+    done
+    echo ""
+fi
+
+
+sudo su - postgres -c "psql -c \"CREATE DATABASE $db_name;\""
+if [ "$use_existing_user" == "n" ]
+then
+    sudo su - postgres -c "psql -c \"CREATE USER $username WITH PASSWORD '$password';\""
+fi
+sudo su - postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE $db_name to $username;\""
+sudo su - postgres -c "psql -c \"ALTER USER $username CREATEDB;\""

From 0fe6a12e4ecdc3a31f6e26aa23f5318b57cdf674 Mon Sep 17 00:00:00 2001
From: Tim Garrels <tim.garrels@mdc-berlin.de>
Date: Fri, 27 Sep 2019 14:26:49 +0200
Subject: [PATCH 02/20] add management command for adding remote sites (#314)

---
 CHANGELOG.rst                                 |   1 +
 docs/source/app_projectroles_usage.rst        |   7 +
 .../management/commands/addremotesite.py      | 150 ++++++++++++++++++
 3 files changed, 158 insertions(+)
 create mode 100644 projectroles/management/commands/addremotesite.py

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 6fe2946f..836b34ce 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -35,6 +35,7 @@ Added
     - Link for copying remote site secret token in remote site list (#332)
     - Project ownership transfer from member list (#287)
     - UI notification for disabled member management on target sites (#301)
+    - Management command ``addremotesite`` for adding remote sites (#314)
 - **Timeline**
     - Display event extra data as JSON (#6)
 - **Userprofile**
diff --git a/docs/source/app_projectroles_usage.rst b/docs/source/app_projectroles_usage.rst
index 0c1c1dc0..63ef4797 100644
--- a/docs/source/app_projectroles_usage.rst
+++ b/docs/source/app_projectroles_usage.rst
@@ -296,6 +296,13 @@ As Target Site
 The source site should be set up as above using the *Set Source Site* link,
 using the provided secret string as the access token.
 
+Alternatively to creating the site in the UI, the following management command can be used
+with additional arguments to create a remote site:
+
+.. code-block:: console
+
+    $ ./manage.py addremotesite
+
 After creating the source site, remote project metadata and member roles (for
 which access has been granted) can be accessed using the *Synchronize* link.
 Additionaly if the remote Source site is synchronized with multiple Target Sites,
diff --git a/projectroles/management/commands/addremotesite.py b/projectroles/management/commands/addremotesite.py
new file mode 100644
index 00000000..039f0b87
--- /dev/null
+++ b/projectroles/management/commands/addremotesite.py
@@ -0,0 +1,150 @@
+import logging
+import re
+
+from django.contrib import auth
+from django.core.management.base import BaseCommand
+from django.db import transaction
+
+from projectroles.models import RemoteSite, SODAR_CONSTANTS
+
+
+User = auth.get_user_model()
+logger = logging.getLogger(__name__)
+
+
+# SODAR constants
+SITE_MODE_TARGET = SODAR_CONSTANTS['SITE_MODE_TARGET']
+SITE_MODE_SOURCE = SODAR_CONSTANTS['SITE_MODE_SOURCE']
+SITE_MODE_PEER = SODAR_CONSTANTS['SITE_MODE_PEER']
+
+
+class Command(BaseCommand):
+    help = 'Creates a remote site from given arguments'
+
+    def add_arguments(self, parser):
+        # ---------------------------
+        # RemoteSite Model Argumments
+        # ---------------------------
+        parser.add_argument(
+            '-n',
+            '--name',
+            dest='name',
+            type=str,
+            required=True,
+            help='Name of the remote site',
+        )
+        parser.add_argument(
+            '-u',
+            '--url',
+            dest='url',
+            type=str,
+            required=True,
+            help='Url of the remote site. Can be provided without protocol '
+            'prefix, defaults to http in that case',
+        )
+        parser.add_argument(
+            '-m',
+            '--mode',
+            dest='mode',
+            type=str,
+            required=True,
+            help='Mode of the remote site',
+        )
+        parser.add_argument(
+            '-d',
+            '--description',
+            dest='description',
+            type=str,
+            required=False,
+            default='',
+            help='Description of the remote site',
+        )
+        parser.add_argument(
+            '-t',
+            '--token',
+            dest='secret',
+            type=str,
+            required=True,
+            help='Secret token of the remote site',
+        )
+        parser.add_argument(
+            '-ud',
+            '--user-display',
+            dest='user_display',
+            default=True,
+            required=False,
+            type=bool,
+            help='User display of the remote site',
+        )
+        # --------------------
+        # Additional Arguments
+        # --------------------
+        parser.add_argument(
+            '-s',
+            '--suppress-error',
+            dest='suppress_error',
+            required=False,
+            default=False,
+            action='store_true',
+            help='Suppresses error if site already exists',
+        )
+
+    def handle(self, *args, **options):
+        logger.info('Creating new Remote Site..')
+
+        name = options['name']
+        url = options['url']
+        # Validate url
+        if not url.startswith("http://") and not url.startswith("https://"):
+            url = "".join(["http://", url])
+        pattern = re.compile(r"(http|https)\:\/\/.*\..*")
+        if not pattern.match(url):
+            logger.error("Provided url '{}' seems not be a url".format(url))
+            return
+
+        mode = options['mode'].upper()
+        # Validate mode
+        if mode not in [SITE_MODE_SOURCE, SITE_MODE_TARGET]:
+            if mode in [SITE_MODE_PEER]:
+                logger.error("You cant create peer mode sites!")
+            else:
+                logger.error("Unkown mode '{}'".format(mode))
+            return
+
+        description = options['description']
+        secret = options['secret']
+        user_diplsay = options['user_display']
+        suppress_error = options['suppress_error']
+
+        # Validate whether site exists
+        name_exists = bool(len(RemoteSite.objects.filter(name=name)))
+        url_exists = bool(len(RemoteSite.objects.filter(url=url)))
+        if name_exists or url_exists:
+            log_string = (
+                "A site named '{}' already exists!".format(name)
+                if name_exists
+                else "A site with url '{}' already exists!".format(url)
+            )
+
+            if not suppress_error:
+                logger.error(log_string)
+            else:
+                logger.info(log_string)
+            return
+
+        with transaction.atomic():
+            create_values = {
+                'name': name,
+                'url': url,
+                'mode': mode,
+                'description': description,
+                'secret': secret,
+                'user_display': user_diplsay,
+            }
+            site = RemoteSite.objects.create(**create_values)
+
+        logger.info(
+            'Created a {name} remote site in {mode} mode'.format(
+                name=site.name, mode=site.mode
+            )
+        )

From 1e5c0b64b952e3e00db9a1c9e42fb74797b8b70e Mon Sep 17 00:00:00 2001
From: Hendrik Bomhardt <hendrik.bomhardt@mdc-berlin.de>
Date: Fri, 27 Sep 2019 15:41:37 +0200
Subject: [PATCH 03/20] add JSON support in app settings (#268)

---
 CHANGELOG.rst                                 |   1 +
 example_project_app/plugins.py                |  25 ++
 projectroles/app_settings.py                  |  73 ++++--
 projectroles/forms.py                         |  89 ++++++--
 projectroles/models.py                        |   7 +-
 .../static/projectroles/css/projectroles.css  |   6 +-
 projectroles/tests/test_app_settings_api.py   | 213 +++++++++++-------
 projectroles/tests/test_models.py             |  65 +++++-
 projectroles/tests/test_views.py              | 120 ++++++++++
 userprofile/forms.py                          |  24 +-
 userprofile/tests/test_views.py               |  29 +++
 11 files changed, 512 insertions(+), 140 deletions(-)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 836b34ce..112b76d8 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -36,6 +36,7 @@ Added
     - Project ownership transfer from member list (#287)
     - UI notification for disabled member management on target sites (#301)
     - Management command ``addremotesite`` for adding remote sites (#314)
+    - JSON support for app settings (#268)
 - **Timeline**
     - Display event extra data as JSON (#6)
 - **Userprofile**
diff --git a/example_project_app/plugins.py b/example_project_app/plugins.py
index 159c997b..de056f92 100644
--- a/example_project_app/plugins.py
+++ b/example_project_app/plugins.py
@@ -32,6 +32,18 @@ class ProjectAppPlugin(ProjectAppPluginPoint):
             'description': 'Example project setting',
             'user_modifiable': True,
         },
+        'project_json_setting': {
+            'scope': SODAR_CONSTANTS['APP_SETTING_SCOPE_PROJECT'],
+            'type': 'JSON',
+            'default': {
+                'Example': 'Value',
+                'list': [1, 2, 3, 4, 5],
+                'level_6': False,
+            },
+            'description': 'Example project setting for JSON. Will accept '
+            'anything that json.dumps() can.',
+            'user_modifiable': True,
+        },
         'project_hidden_setting': {
             'scope': SODAR_CONSTANTS['APP_SETTING_SCOPE_PROJECT'],
             'type': 'STRING',
@@ -40,6 +52,19 @@ class ProjectAppPlugin(ProjectAppPluginPoint):
             'description': 'Should not be displayed in forms',
             'user_modifiable': False,
         },
+        'user_json_setting': {
+            'scope': SODAR_CONSTANTS['APP_SETTING_SCOPE_USER'],
+            'type': 'JSON',
+            'label': 'Json example',
+            'default': {
+                'Example': 'Value',
+                'list': [1, 2, 3, 4, 5],
+                'level_6': False,
+            },
+            'description': 'Example project setting for JSON. Will accept '
+            'anything that json.dumps() can.',
+            'user_modifiable': True,
+        },
         'user_str_setting': {
             'scope': SODAR_CONSTANTS['APP_SETTING_SCOPE_USER'],
             'type': 'STRING',
diff --git a/projectroles/app_settings.py b/projectroles/app_settings.py
index 05bc5197..108edf43 100644
--- a/projectroles/app_settings.py
+++ b/projectroles/app_settings.py
@@ -1,4 +1,5 @@
 """Project and user settings API"""
+import json
 
 from projectroles.models import AppSetting, APP_SETTING_TYPES, SODAR_CONSTANTS
 from projectroles.plugins import get_app_plugin, get_active_plugins
@@ -173,13 +174,16 @@ def set_app_setting(
                 user=user,
             )
 
-            if setting.value == value:
+            if setting.value == value or setting.value_json == value:
                 return False
 
             if validate:
                 cls.validate_setting(setting.type, value)
 
-            setting.value = value
+            if setting.type == 'JSON':
+                setting.value_json = value
+            else:
+                setting.value = value
             setting.save()
             return True
 
@@ -204,15 +208,26 @@ def set_app_setting(
             if validate:
                 cls.validate_setting(s_type, value)
 
-            setting = AppSetting(
-                app_plugin=app_plugin.get_model(),
-                project=project,
-                user=user,
-                name=setting_name,
-                type=s_type,
-                value=value,
-                user_modifiable=s_mod,
-            )
+            if type == 'JSON':
+                setting = AppSetting(
+                    app_plugin=app_plugin.get_model(),
+                    project=project,
+                    user=user,
+                    name=setting_name,
+                    type=s_type,
+                    value_json=value,
+                    user_modifiable=s_mod,
+                )
+            else:
+                setting = AppSetting(
+                    app_plugin=app_plugin.get_model(),
+                    project=project,
+                    user=user,
+                    name=setting_name,
+                    type=s_type,
+                    value=value,
+                    user_modifiable=s_mod,
+                )
             setting.save()
             return True
 
@@ -228,19 +243,31 @@ def validate_setting(cls, setting_type, setting_value):
         if setting_type not in APP_SETTING_TYPES:
             raise ValueError('Invalid setting type "{}"'.format(setting_type))
 
-        if setting_type == 'BOOLEAN' and not isinstance(setting_value, bool):
-            raise ValueError(
-                'Please enter a valid boolean value ({})'.format(setting_value)
-            )
-
-        if setting_type == 'INTEGER' and (
-            not isinstance(setting_value, int)
-            and not str(setting_value).isdigit()
-        ):
-            raise ValueError(
-                'Please enter a valid integer value ({})'.format(setting_value)
-            )
+        elif setting_type == 'BOOLEAN':
+            if not isinstance(setting_value, bool):
+                raise ValueError(
+                    'Please enter a valid boolean value ({})'.format(
+                        setting_value
+                    )
+                )
 
+        elif setting_type == 'INTEGER':
+            if (
+                not isinstance(setting_value, int)
+                and not str(setting_value).isdigit()
+            ):
+                raise ValueError(
+                    'Please enter a valid integer value ({})'.format(
+                        setting_value
+                    )
+                )
+        elif setting_type == 'JSON':
+            try:
+                json.dumps(setting_value)
+            except TypeError:
+                raise ValueError(
+                    'Please enter valid json ({})'.format(setting_value)
+                )
         return True
 
     @classmethod
diff --git a/projectroles/forms.py b/projectroles/forms.py
index 82a8ef50..8542fb58 100644
--- a/projectroles/forms.py
+++ b/projectroles/forms.py
@@ -1,3 +1,5 @@
+import json
+
 from django import forms
 from django.conf import settings
 from django.contrib import auth
@@ -126,31 +128,61 @@ def __init__(self, project=None, current_user=None, *args, **kwargs):
                     'help_text': s_val['description'],
                 }
 
-                if s_val['type'] == 'STRING':
+                if s_val['type'] == 'JSON':
                     self.fields[s_field] = forms.CharField(
-                        max_length=APP_SETTING_VAL_MAXLENGTH, **setting_kwargs
-                    )
-
-                elif s_val['type'] == 'INTEGER':
-                    self.fields[s_field] = forms.IntegerField(**setting_kwargs)
-
-                elif s_val['type'] == 'BOOLEAN':
-                    self.fields[s_field] = forms.BooleanField(**setting_kwargs)
-
-                # Set initial value
-                if self.instance.pk:
-                    self.initial[s_field] = self.app_settings.get_app_setting(
-                        app_name=plugin.name,
-                        setting_name=s_key,
-                        project=self.instance,
+                        widget=forms.Textarea(
+                            attrs={'class': 'sodar-json-input'}
+                        ),
+                        **setting_kwargs
                     )
-
+                    if self.instance.pk:
+                        self.initial[s_field] = json.dumps(
+                            self.app_settings.get_app_setting(
+                                app_name=plugin.name,
+                                setting_name=s_key,
+                                project=self.instance,
+                            )
+                        )
+
+                    else:
+                        self.initial[s_field] = json.dumps(
+                            self.app_settings.get_default_setting(
+                                app_name=plugin.name, setting_name=s_key
+                            )
+                        )
                 else:
-                    self.initial[
-                        s_field
-                    ] = self.app_settings.get_default_setting(
-                        app_name=plugin.name, setting_name=s_key
-                    )
+                    if s_val['type'] == 'STRING':
+                        self.fields[s_field] = forms.CharField(
+                            max_length=APP_SETTING_VAL_MAXLENGTH,
+                            **setting_kwargs
+                        )
+
+                    elif s_val['type'] == 'INTEGER':
+                        self.fields[s_field] = forms.IntegerField(
+                            **setting_kwargs
+                        )
+
+                    elif s_val['type'] == 'BOOLEAN':
+                        self.fields[s_field] = forms.BooleanField(
+                            **setting_kwargs
+                        )
+
+                        # Set initial value
+                    if self.instance.pk:
+                        self.initial[
+                            s_field
+                        ] = self.app_settings.get_app_setting(
+                            app_name=plugin.name,
+                            setting_name=s_key,
+                            project=self.instance,
+                        )
+
+                    else:
+                        self.initial[
+                            s_field
+                        ] = self.app_settings.get_default_setting(
+                            app_name=plugin.name, setting_name=s_key
+                        )
 
         # Access parent project if present
         parent_project = None
@@ -289,6 +321,19 @@ def clean(self):
                 s = p_settings[s_key]
                 s_field = 'settings.{}.{}'.format(plugin.name, s_key)
 
+                if s['type'] == 'JSON':
+                    # for some reason, there is a distinct possiblity, that the initial value has been discarded and we get '' as value. Seems to only happen in automated tests. Will catch that here.
+                    if self.cleaned_data[s_field] == '':
+                        self.cleaned_data[s_field] = '{}'
+                    try:
+                        self.cleaned_data[s_field] = json.loads(
+                            self.cleaned_data[s_field]
+                        )
+                    except json.JSONDecodeError as err:
+                        raise forms.ValidationError(
+                            'Couldn\'t encode json.\n' + str(err)
+                        )
+
                 if not self.app_settings.validate_setting(
                     setting_type=s['type'],
                     setting_value=self.cleaned_data.get(s_field),
diff --git a/projectroles/models.py b/projectroles/models.py
index 392503a9..8dbf21da 100644
--- a/projectroles/models.py
+++ b/projectroles/models.py
@@ -26,11 +26,12 @@
 
 # Local constants
 PROJECT_TYPE_CHOICES = [('CATEGORY', 'Category'), ('PROJECT', 'Project')]
-APP_SETTING_TYPES = ['BOOLEAN', 'INTEGER', 'STRING']
+APP_SETTING_TYPES = ['BOOLEAN', 'INTEGER', 'STRING', 'JSON']
 APP_SETTING_TYPE_CHOICES = [
     ('BOOLEAN', 'Boolean'),
     ('INTEGER', 'Integer'),
     ('STRING', 'String'),
+    ('JSON', 'Json'),
 ]
 APP_SETTING_VAL_MAXLENGTH = 255
 PROJECT_SEARCH_TYPES = ['project']
@@ -552,7 +553,6 @@ class AppSetting(models.Model):
         help_text='Value of the setting',
     )
 
-    # TODO: Implement the use of this in release v0.7 (see #268)
     #: Optional JSON value for the setting
     value_json = JSONField(
         default=dict, help_text='Optional JSON value for the setting'
@@ -611,6 +611,9 @@ def get_value(self):
         elif self.type == 'BOOLEAN':
             return bool(int(self.value))
 
+        elif self.type == 'JSON':
+            return self.value_json
+
         return self.value
 
 
diff --git a/projectroles/static/projectroles/css/projectroles.css b/projectroles/static/projectroles/css/projectroles.css
index 3e7a170c..5d2066a9 100644
--- a/projectroles/static/projectroles/css/projectroles.css
+++ b/projectroles/static/projectroles/css/projectroles.css
@@ -550,8 +550,10 @@ a.sodar-nav-link-last {
   border-bottom-left-radius: 0;
 }
 
-/* Pagedown textarea height modification ("rows" attribute does not work) */
-textarea.wmd-input {
+/* Pagedown and JSON setting textarea height modification */
+/* ("rows" attribute does not work) */
+textarea.wmd-input,
+textarea.sodar-json-input {
   height: 175px;
   min-height: 175px;
   resize: vertical;
diff --git a/projectroles/tests/test_app_settings_api.py b/projectroles/tests/test_app_settings_api.py
index c6ec34e9..bc1b30dd 100644
--- a/projectroles/tests/test_app_settings_api.py
+++ b/projectroles/tests/test_app_settings_api.py
@@ -7,7 +7,6 @@
 from ..app_settings import AppSettingAPI
 from .test_models import ProjectMixin, RoleAssignmentMixin, AppSettingMixin
 
-
 # SODAR constants
 PROJECT_ROLE_OWNER = SODAR_CONSTANTS['PROJECT_ROLE_OWNER']
 PROJECT_ROLE_DELEGATE = SODAR_CONSTANTS['PROJECT_ROLE_DELEGATE']
@@ -25,7 +24,6 @@
 EXISTING_SETTING = 'project_bool_setting'
 EXAMPLE_APP_NAME = 'example_project_app'
 
-
 # App settings API
 app_settings = AppSettingAPI()
 
@@ -53,40 +51,67 @@ def setUp(self):
         )
 
         # Init test setting
-        self.setting_str = self._make_setting(
-            app_name=EXAMPLE_APP_NAME,
-            project=self.project,
-            name='str_setting',
-            setting_type='STRING',
-            value='test',
-        )
-
-        # Init integer setting
-        self.setting_int = self._make_setting(
-            app_name=EXAMPLE_APP_NAME,
-            project=self.project,
-            name='int_setting',
-            setting_type='INTEGER',
-            value=170,
-        )
-
-        # Init boolean setting
-        self.setting_bool = self._make_setting(
-            app_name=EXAMPLE_APP_NAME,
-            project=self.project,
-            name='bool_setting',
-            setting_type='BOOLEAN',
-            value=True,
-        )
+        setting_str_kwarg = {
+            'app_name': EXAMPLE_APP_NAME,
+            'project': self.project,
+            'name': 'str_setting',
+            'setting_type': 'STRING',
+            'value': 'test',
+            'update_value': 'better test',
+            'non_valid_value': False,
+        }
+        setting_int_kwarg = {
+            'app_name': EXAMPLE_APP_NAME,
+            'project': self.project,
+            'name': 'int_setting',
+            'setting_type': 'INTEGER',
+            'value': 210,
+            'update_value': 420,
+            'non_valid_value': 'Nan',
+        }
+        setting_bool_kwarg = {
+            'app_name': EXAMPLE_APP_NAME,
+            'project': self.project,
+            'name': 'bool_setting',
+            'setting_type': 'BOOLEAN',
+            'value': True,
+            'update_value': False,
+            'non_valid_value': 69,
+        }
+        setting_json_kwarg = {
+            'app_name': EXAMPLE_APP_NAME,
+            'project': self.project,
+            'name': 'json_setting',
+            'setting_type': 'JSON',
+            'value': {'Test': 'often'},
+            'update_value': {'Test_more': 'often_always'},
+            'non_valid_value': self.project,
+        }
+        self.settings = [
+            setting_int_kwarg,
+            setting_json_kwarg,
+            setting_str_kwarg,
+            setting_bool_kwarg,
+        ]
+        for s in self.settings:
+            self._make_setting(
+                app_name=s['app_name'],
+                name=s['name'],
+                setting_type=s['setting_type'],
+                value=s['value'],
+                value_json=s['value'],
+                project=s['project'],
+            )
 
     def test_get_project_setting(self):
         """Test get_app_setting()"""
-        val = app_settings.get_app_setting(
-            app_name=EXAMPLE_APP_NAME,
-            setting_name='str_setting',
-            project=self.project,
-        )
-        self.assertEqual(self.setting_str.value, val)
+        for setting in self.settings:
+            val = app_settings.get_app_setting(
+                app_name=setting['app_name'],
+                setting_name=setting['name'],
+                project=setting['project'],
+            )
+            self.assertEqual(setting['value'], val)
 
     def test_get_project_setting_default(self):
         """Test get_app_setting() with default value for existing setting"""
@@ -113,58 +138,40 @@ def test_get_project_setting_nonexisting(self):
     def test_set_project_setting(self):
         """Test set_app_setting()"""
 
-        # Assert postcondition
-        val = app_settings.get_app_setting(
-            app_name=EXAMPLE_APP_NAME,
-            setting_name='str_setting',
-            project=self.project,
-        )
-        self.assertEqual('test', val)
-
-        ret = app_settings.set_app_setting(
-            app_name=EXAMPLE_APP_NAME,
-            setting_name='str_setting',
-            value='updated',
-            project=self.project,
-        )
-
-        self.assertEqual(ret, True)
+        for setting in self.settings:
+            ret = app_settings.set_app_setting(
+                app_name=setting['app_name'],
+                setting_name=setting['name'],
+                project=setting['project'],
+                value=setting['update_value'],
+            )
+            self.assertEqual(ret, True)
 
-        # Assert postcondition
-        val = app_settings.get_app_setting(
-            app_name=EXAMPLE_APP_NAME,
-            setting_name='str_setting',
-            project=self.project,
-        )
-        self.assertEqual('updated', val)
+            val = app_settings.get_app_setting(
+                app_name=setting['app_name'],
+                setting_name=setting['name'],
+                project=setting['project'],
+            )
+            self.assertEqual(val, setting['update_value'])
 
     def test_set_project_setting_unchanged(self):
         """Test set_app_setting() with an unchnaged value"""
 
-        # Assert postcondition
-        val = app_settings.get_app_setting(
-            app_name=EXAMPLE_APP_NAME,
-            setting_name='str_setting',
-            project=self.project,
-        )
-        self.assertEqual('test', val)
-
-        ret = app_settings.set_app_setting(
-            app_name=EXAMPLE_APP_NAME,
-            setting_name='str_setting',
-            value='test',
-            project=self.project,
-        )
-
-        self.assertEqual(ret, False)
+        for setting in self.settings:
+            ret = app_settings.set_app_setting(
+                app_name=setting['app_name'],
+                setting_name=setting['name'],
+                project=setting['project'],
+                value=setting['value'],
+            )
+            self.assertEqual(ret, False)
 
-        # Assert postcondition
-        val = app_settings.get_app_setting(
-            app_name=EXAMPLE_APP_NAME,
-            setting_name='str_setting',
-            project=self.project,
-        )
-        self.assertEqual('test', val)
+            val = app_settings.get_app_setting(
+                app_name=setting['app_name'],
+                setting_name=setting['name'],
+                project=setting['project'],
+            )
+            self.assertEqual(val, setting['value'])
 
     def test_set_project_setting_new(self):
         """Test set_app_setting() with a new but defined setting"""
@@ -210,12 +217,21 @@ def test_set_project_setting_undefined(self):
                 project=self.project,
             )
 
-    def test_validate_project_setting_bool(self):
+    def test_validator(self):
         """Test validate_setting() with type BOOLEAN"""
-        self.assertEqual(app_settings.validate_setting('BOOLEAN', True), True)
-
-        with self.assertRaises(ValueError):
-            app_settings.validate_setting('BOOLEAN', 'not a boolean')
+        for setting in self.settings:
+            self.assertEqual(
+                app_settings.validate_setting(
+                    setting['setting_type'], setting['value']
+                ),
+                True,
+            )
+            if setting['setting_type'] == 'STRING':
+                continue
+            with self.assertRaises(ValueError):
+                app_settings.validate_setting(
+                    setting['setting_type'], setting['non_valid_value']
+                )
 
     def test_validate_project_setting_int(self):
         """Test validate_setting() with type INTEGER"""
@@ -242,6 +258,18 @@ def test_get_setting_defs_project(self):
                 'description': 'Example project setting',
                 'user_modifiable': True,
             },
+            'project_json_setting': {
+                'scope': APP_SETTING_SCOPE_PROJECT,
+                'type': 'JSON',
+                'default': {
+                    'Example': 'Value',
+                    'list': [1, 2, 3, 4, 5],
+                    'level_6': False,
+                },
+                'description': 'Example project setting for JSON. Will accept '
+                'anything that json.dumps() can.',
+                'user_modifiable': True,
+            },
             'project_hidden_setting': {
                 'scope': APP_SETTING_SCOPE_PROJECT,
                 'type': 'STRING',
@@ -282,6 +310,19 @@ def test_get_setting_defs_user(self):
                 'default': False,
                 'user_modifiable': True,
             },
+            'user_json_setting': {
+                'scope': APP_SETTING_SCOPE_USER,
+                'type': 'JSON',
+                'label': 'Json example',
+                'default': {
+                    'Example': 'Value',
+                    'list': [1, 2, 3, 4, 5],
+                    'level_6': False,
+                },
+                'description': 'Example project setting for JSON. Will accept '
+                'anything that json.dumps() can.',
+                'user_modifiable': True,
+            },
             'user_hidden_setting': {
                 'scope': APP_SETTING_SCOPE_USER,
                 'type': 'STRING',
@@ -300,11 +341,11 @@ def test_get_setting_defs_modifiable(self):
         defs = app_settings.get_setting_defs(
             app_plugin, APP_SETTING_SCOPE_PROJECT
         )
-        self.assertEqual(len(defs), 2)
+        self.assertEqual(len(defs), 3)
         defs = app_settings.get_setting_defs(
             app_plugin, APP_SETTING_SCOPE_PROJECT, user_modifiable=True
         )
-        self.assertEqual(len(defs), 1)
+        self.assertEqual(len(defs), 2)
 
     def test_get_setting_defs_invalid(self):
         """Test get_setting_defs() with an invalid scope"""
diff --git a/projectroles/tests/test_models.py b/projectroles/tests/test_models.py
index d3293260..a5fe1d6e 100644
--- a/projectroles/tests/test_models.py
+++ b/projectroles/tests/test_models.py
@@ -120,6 +120,7 @@ def _make_setting(
         name,
         setting_type,
         value,
+        value_json={},
         user_modifiable=True,
         project=None,
         user=None,
@@ -131,7 +132,7 @@ def _make_setting(
             'name': name,
             'type': setting_type,
             'value': value,
-            'value_json': {},  # TODO: Implement usage in v0.7
+            'value_json': value_json,
             'user_modifiable': user_modifiable,
             'user': user,
         }
@@ -817,6 +818,16 @@ def setUp(self):
             project=self.project,
         )
 
+        # Init json setting
+        self.setting_json = self._make_setting(
+            app_name=EXAMPLE_APP_NAME,
+            name='json_setting',
+            setting_type='JSON',
+            value=None,
+            value_json={'Testing': 'good'},
+            project=self.project,
+        )
+
     def test_initialization(self):
         """Test AppSetting initialization"""
         expected = {
@@ -849,6 +860,22 @@ def test_initialization_integer(self):
         }
         self.assertEqual(model_to_dict(self.setting_int), expected)
 
+    def test_initialization_json(self):
+        """Test initialization with integer value"""
+        expected = {
+            'id': self.setting_json.pk,
+            'app_plugin': get_app_plugin(EXAMPLE_APP_NAME).get_model().pk,
+            'project': self.project.pk,
+            'name': 'json_setting',
+            'type': 'JSON',
+            'user': None,
+            'value': None,
+            'value_json': {'Testing': 'good'},
+            'user_modifiable': True,
+            'sodar_uuid': self.setting_json.sodar_uuid,
+        }
+        self.assertEqual(model_to_dict(self.setting_json), expected)
+
     def test__str__(self):
         """Test AppSetting __str__()"""
         expected = 'TestProject: {} / str_setting'.format(EXAMPLE_APP_NAME)
@@ -879,6 +906,11 @@ def test_get_value_bool(self):
         self.assertIsInstance(val, bool)
         self.assertEqual(val, True)
 
+    def test_get_value_json(self):
+        """Test get_value() with type BOOLEAN"""
+        val = self.setting_json.get_value()
+        self.assertEqual(val, {'Testing': 'good'})
+
 
 class TestUserSetting(
     ProjectMixin, RoleAssignmentMixin, AppSettingMixin, TestCase
@@ -917,6 +949,16 @@ def setUp(self):
             user=self.user,
         )
 
+        # Init json setting
+        self.setting_json = self._make_setting(
+            app_name=EXAMPLE_APP_NAME,
+            name='json_setting',
+            setting_type='JSON',
+            value=None,
+            value_json={'Testing': 'good'},
+            user=self.user,
+        )
+
     def test_initialization(self):
         """Test AppSetting initialization"""
         expected = {
@@ -949,6 +991,22 @@ def test_initialization_integer(self):
         }
         self.assertEqual(model_to_dict(self.setting_int), expected)
 
+    def test_initialization_json(self):
+        """Test initialization with integer value"""
+        expected = {
+            'id': self.setting_json.pk,
+            'app_plugin': get_app_plugin(EXAMPLE_APP_NAME).get_model().pk,
+            'project': None,
+            'name': 'json_setting',
+            'type': 'JSON',
+            'user': self.user.pk,
+            'value': None,
+            'value_json': {'Testing': 'good'},
+            'user_modifiable': True,
+            'sodar_uuid': self.setting_json.sodar_uuid,
+        }
+        self.assertEqual(model_to_dict(self.setting_json), expected)
+
     def test__str__(self):
         """Test AppSetting __str__()"""
         expected = 'owner: {} / str_setting'.format(EXAMPLE_APP_NAME)
@@ -979,6 +1037,11 @@ def test_get_value_bool(self):
         self.assertIsInstance(val, bool)
         self.assertEqual(val, True)
 
+    def test_get_value_json(self):
+        """Test get_value() with type BOOLEAN"""
+        val = self.setting_json.get_value()
+        self.assertEqual(val, {'Testing': 'good'})
+
 
 # TODO: Test manager
 
diff --git a/projectroles/tests/test_views.py b/projectroles/tests/test_views.py
index 5c85ac35..94e5332b 100644
--- a/projectroles/tests/test_views.py
+++ b/projectroles/tests/test_views.py
@@ -14,6 +14,7 @@
 
 from test_plus.test import TestCase
 
+from projectroles.app_settings import AppSettingAPI
 from .. import views
 from ..models import (
     Project,
@@ -41,6 +42,7 @@
     ProjectUserTagMixin,
     RemoteSiteMixin,
     RemoteProjectMixin,
+    AppSettingMixin,
 )
 from projectroles.utils import get_user_display_name
 
@@ -78,6 +80,11 @@
 SODAR_API_VERSION = '0.1'
 SODAR_API_VERSION_INVALID = '9.9'
 
+EXAMPLE_APP_NAME = 'example_project_app'
+
+# App settings API
+app_settings = AppSettingAPI()
+
 
 # TODO: Refactor or remove this (API should be enough?)
 class ProjectSettingMixin:
@@ -693,6 +700,119 @@ def test_update_project_owner(self):
         self.assertEqual(new_owner_ra.role, self.role_owner)
 
 
+class TestProjectSettingsForm(
+    AppSettingMixin, TestViewsBase, ProjectMixin, RoleAssignmentMixin
+):
+    """Tests for the project settings form."""
+
+    # NOTE: This assumes an example app is available
+    def setUp(self):
+        super().setUp()
+        # Init user & role
+        self.project = self._make_project(
+            'TestProject', PROJECT_TYPE_PROJECT, None
+        )
+        self.owner_as = self._make_assignment(
+            self.project, self.user, self.role_owner
+        )
+
+        # Init boolean setting
+        self.setting_bool = self._make_setting(
+            app_name=EXAMPLE_APP_NAME,
+            name='project_bool_setting',
+            setting_type='BOOLEAN',
+            value=True,
+            project=self.project,
+        )
+
+        # Init json setting
+        self.setting_json = self._make_setting(
+            app_name=EXAMPLE_APP_NAME,
+            name='project_json_setting',
+            setting_type='JSON',
+            value=None,
+            value_json={'Test': 'More'},
+            project=self.project,
+        )
+
+    def testGet(self):
+        with self.login(self.user):
+            response = self.client.get(
+                reverse(
+                    'projectroles:update',
+                    kwargs={'project': self.project.sodar_uuid},
+                )
+            )
+        self.assertEqual(response.status_code, 200)
+        self.assertIsNotNone(response.context['form'])
+        self.assertIsNotNone(
+            response.context['form'].fields.get(
+                'settings.%s.project_bool_setting' % EXAMPLE_APP_NAME
+            )
+        )
+        self.assertIsNotNone(
+            response.context['form'].fields.get(
+                'settings.%s.project_json_setting' % EXAMPLE_APP_NAME
+            )
+        )
+
+    def testPost(self):
+        self.assertEqual(
+            app_settings.get_app_setting(
+                EXAMPLE_APP_NAME, 'project_bool_setting', project=self.project
+            ),
+            True,
+        )
+        self.assertEqual(
+            app_settings.get_app_setting(
+                EXAMPLE_APP_NAME, 'project_json_setting', project=self.project
+            ),
+            {'Test': 'More'},
+        )
+
+        values = {
+            'settings.%s.project_bool_setting' % EXAMPLE_APP_NAME: False,
+            'settings.%s.project_json_setting'
+            % EXAMPLE_APP_NAME: '{"Test": "Less"}',
+            'owner': self.user.sodar_uuid,
+            'title': 'TestProject',
+            'type': PROJECT_TYPE_PROJECT,
+        }
+
+        with self.login(self.user):
+            response = self.client.post(
+                reverse(
+                    'projectroles:update',
+                    kwargs={'project': self.project.sodar_uuid},
+                ),
+                values,
+            )
+
+        # Assert redirect
+        with self.login(self.user):
+            self.assertRedirects(
+                response,
+                reverse(
+                    'projectroles:detail',
+                    kwargs={'project': self.project.sodar_uuid},
+                ),
+            )
+
+        # Assert settings state after update
+        self.assertEqual(
+            app_settings.get_app_setting(
+                EXAMPLE_APP_NAME, 'project_bool_setting', project=self.project
+            ),
+            False,
+        )
+        self.assertEqual(
+            app_settings.get_app_setting(
+                EXAMPLE_APP_NAME, 'project_json_setting', project=self.project
+            ),
+            {'Test': 'Less'},
+        )
+
+
 class TestProjectRoleView(ProjectMixin, RoleAssignmentMixin, TestViewsBase):
     """Tests for project roles view"""
 
diff --git a/userprofile/forms.py b/userprofile/forms.py
index d29c618c..3942dcd5 100644
--- a/userprofile/forms.py
+++ b/userprofile/forms.py
@@ -1,3 +1,5 @@
+import json
+
 from django import forms
 
 from projectroles.app_settings import AppSettingAPI
@@ -61,6 +63,12 @@ def __init__(self, *args, **kwargs):
                 elif s_val['type'] == 'BOOLEAN':
                     self.fields[s_field] = forms.BooleanField(**field_kwarg)
 
+                elif s_val['type'] == 'JSON':
+                    widget_attrs.update({'class': 'sodar-json-input'})
+                    self.fields[s_field] = forms.CharField(
+                        widget=forms.Textarea(attrs=widget_attrs), **field_kwarg
+                    )
+
                 # Set initial value
                 self.initial[s_field] = app_settings.get_app_setting(
                     app_name=plugin.name, setting_name=s_key, user=self.user
@@ -76,11 +84,19 @@ def clean(self):
 
             for s_key, s_val in p_settings.items():
                 s_field = 'settings.{}.{}'.format(plugin.name, s_key)
-
-                if not app_settings.validate_setting(
+                if s_val['type'] == 'JSON':
+                    try:
+                        self.cleaned_data[s_field] = json.loads(
+                            self.cleaned_data[s_field]
+                        )
+                    except json.JSONDecodeError as err:
+                        raise forms.ValidationError(
+                            'Couldn\'t encode json.\n' + str(err)
+                        )
+
+                app_settings.validate_setting(
                     setting_type=s_val['type'],
                     setting_value=self.cleaned_data.get(s_field),
-                ):
-                    self.add_error(s_field, 'Invalid value')
+                )
 
         return self.cleaned_data
diff --git a/userprofile/tests/test_views.py b/userprofile/tests/test_views.py
index dec2ea6a..7d5f3c58 100644
--- a/userprofile/tests/test_views.py
+++ b/userprofile/tests/test_views.py
@@ -76,6 +76,16 @@ def setUp(self):
             user=self.user,
         )
 
+        # Init json setting
+        self.setting_json = self._make_setting(
+            app_name=EXAMPLE_APP_NAME,
+            name='user_json_setting',
+            setting_type='JSON',
+            value=None,
+            value_json={'Test': 'More'},
+            user=self.user,
+        )
+
     def testGet(self):
         with self.login(self.user):
             response = self.client.get(reverse('userprofile:settings_update'))
@@ -96,6 +106,11 @@ def testGet(self):
                 'settings.%s.user_bool_setting' % EXAMPLE_APP_NAME
             )
         )
+        self.assertIsNotNone(
+            response.context['form'].fields.get(
+                'settings.%s.user_json_setting' % EXAMPLE_APP_NAME
+            )
+        )
 
     def testPost(self):
         self.assertEqual(
@@ -116,11 +131,19 @@ def testPost(self):
             ),
             True,
         )
+        self.assertEqual(
+            app_settings.get_app_setting(
+                EXAMPLE_APP_NAME, 'user_json_setting', user=self.user
+            ),
+            {'Test': 'More'},
+        )
 
         values = {
             'settings.%s.user_str_setting' % EXAMPLE_APP_NAME: 'another-text',
             'settings.%s.user_int_setting' % EXAMPLE_APP_NAME: '123',
             'settings.%s.user_bool_setting' % EXAMPLE_APP_NAME: False,
+            'settings.%s.user_json_setting'
+            % EXAMPLE_APP_NAME: '{"Test": "Less"}',
         }
 
         with self.login(self.user):
@@ -151,3 +174,9 @@ def testPost(self):
             ),
             False,
         )
+        self.assertEqual(
+            app_settings.get_app_setting(
+                EXAMPLE_APP_NAME, 'user_json_setting', user=self.user
+            ),
+            {'Test': 'Less'},
+        )

From 9f6e9e6954225a5097a5a8ced41bef64b9c49f1a Mon Sep 17 00:00:00 2001
From: "mikko.nieminen" <mikko.nieminen@bihealth.de>
Date: Fri, 27 Sep 2019 16:42:44 +0200
Subject: [PATCH 04/20] fix missing owner value in project update form (#355)

---
 projectroles/forms.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/projectroles/forms.py b/projectroles/forms.py
index 8542fb58..eac3d142 100644
--- a/projectroles/forms.py
+++ b/projectroles/forms.py
@@ -234,6 +234,7 @@ def __init__(self, project=None, current_user=None, *args, **kwargs):
             # Set hidden project field for autocomplete
             self.initial['project'] = self.instance
 
+            self.initial['owner'] = self.instance.get_owner().user.sodar_uuid
             self.fields['owner'].widget = forms.HiddenInput()
 
             # Set initial value for parent

From da3e64be34e8b697f4ba0e0238cddf4134d90286 Mon Sep 17 00:00:00 2001
From: "mikko.nieminen" <mikko.nieminen@bihealth.de>
Date: Mon, 30 Sep 2019 18:07:03 +0200
Subject: [PATCH 05/20] refactor AppSettingAPI, fix JSON app setting saving
 (#354), fix app settings tests, remove ProjectSettingMixin (#357), add
 run_taskflow.sh

---
 CHANGELOG.rst                               |   2 +
 docs/source/breaking_changes.rst            |   7 +
 example_project_app/plugins.py              |  64 +++++----
 projectroles/app_settings.py                |  96 ++++++++++---
 projectroles/forms.py                       |  25 ++--
 projectroles/tests/test_app_settings_api.py | 132 +++++++++++------
 projectroles/tests/test_models.py           |   6 +-
 projectroles/tests/test_views.py            | 151 +++++++++++++-------
 projectroles/tests/test_views_taskflow.py   |  12 +-
 projectroles/views.py                       |  24 +++-
 run.sh                                      |   3 -
 run_taskflow.sh                             |   5 +
 userprofile/forms.py                        |  26 +++-
 13 files changed, 387 insertions(+), 166 deletions(-)
 create mode 100755 run_taskflow.sh

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 112b76d8..5193305a 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -56,6 +56,7 @@ Changed
     - Make sidebar hiding dynamic by content height (#316)
     - Replace ``login_and_redirect()`` in UI tests with a faster cookie based function (#323)
     - Refactor remote project display on details page (#196)
+    - Refactor AppSettingAPI (#268)
 - **Timeline**
     - Use common pagination template (#336)
 
@@ -79,6 +80,7 @@ Removed
     - Duplicate database indexes from ``RoleAssignment`` (#285)
     - Deprecated ``get_setting()`` tag from ``projectroles_common_tags`` (#283)
     - Project owner change from project updating form (#287)
+    - ``ProjectSettingMixin`` from ``projectoles.tests.test_views`` (#357)
 
 
 v0.6.2 (2019-06-21)
diff --git a/docs/source/breaking_changes.rst b/docs/source/breaking_changes.rst
index 7b48c0a4..bda38d2f 100644
--- a/docs/source/breaking_changes.rst
+++ b/docs/source/breaking_changes.rst
@@ -34,6 +34,13 @@ The deprecated ``get_setting()`` template tag has been removed from
 ``projectroles_common_tags``. Please use ``get_django_setting()`` in your
 templates instead.
 
+ProjectSettingMixin Removed
+---------------------------
+
+In ``projectroles.tests.test_views``, the deprecated ``ProjectSettingMixin``
+was removed. If you need to populate app settings in your tests, use the
+``AppSettingAPI`` instead.
+
 
 v0.6.2 (2019-06-21)
 ===================
diff --git a/example_project_app/plugins.py b/example_project_app/plugins.py
index de056f92..b0dec428 100644
--- a/example_project_app/plugins.py
+++ b/example_project_app/plugins.py
@@ -25,74 +25,90 @@ class ProjectAppPlugin(ProjectAppPluginPoint):
 
     #: Project and user settings
     app_settings = {
+        'project_string_setting': {
+            'scope': SODAR_CONSTANTS['APP_SETTING_SCOPE_PROJECT'],
+            'type': 'STRING',
+            'label': 'String Setting',
+            'default': '',
+            'description': 'Example string project setting',
+            'user_modifiable': True,
+        },
+        'project_int_setting': {
+            'scope': SODAR_CONSTANTS['APP_SETTING_SCOPE_PROJECT'],
+            'type': 'INTEGER',
+            'label': 'Integer Setting',
+            'default': 0,
+            'description': 'Example integer project setting',
+            'user_modifiable': True,
+        },
         'project_bool_setting': {
             'scope': SODAR_CONSTANTS['APP_SETTING_SCOPE_PROJECT'],
             'type': 'BOOLEAN',
+            'label': 'Boolean Setting',
             'default': False,
-            'description': 'Example project setting',
+            'description': 'Example boolean project setting',
             'user_modifiable': True,
         },
         'project_json_setting': {
             'scope': SODAR_CONSTANTS['APP_SETTING_SCOPE_PROJECT'],
             'type': 'JSON',
+            'label': 'JSON Setting',
             'default': {
                 'Example': 'Value',
                 'list': [1, 2, 3, 4, 5],
                 'level_6': False,
             },
-            'description': 'Example project setting for JSON. Will accept '
-            'anything that json.dumps() can.',
+            'description': 'Example JSON project setting',
             'user_modifiable': True,
         },
         'project_hidden_setting': {
             'scope': SODAR_CONSTANTS['APP_SETTING_SCOPE_PROJECT'],
             'type': 'STRING',
-            'label': 'Hidden project setting',
             'default': '',
-            'description': 'Should not be displayed in forms',
+            'description': 'Example hidden project setting',
             'user_modifiable': False,
         },
-        'user_json_setting': {
-            'scope': SODAR_CONSTANTS['APP_SETTING_SCOPE_USER'],
-            'type': 'JSON',
-            'label': 'Json example',
-            'default': {
-                'Example': 'Value',
-                'list': [1, 2, 3, 4, 5],
-                'level_6': False,
-            },
-            'description': 'Example project setting for JSON. Will accept '
-            'anything that json.dumps() can.',
-            'user_modifiable': True,
-        },
         'user_str_setting': {
             'scope': SODAR_CONSTANTS['APP_SETTING_SCOPE_USER'],
             'type': 'STRING',
-            'label': 'String example',
+            'label': 'String Setting',
             'default': '',
-            'description': 'Example user setting',
+            'description': 'Example string user setting',
             'user_modifiable': True,
         },
         'user_int_setting': {
             'scope': SODAR_CONSTANTS['APP_SETTING_SCOPE_USER'],
             'type': 'INTEGER',
-            'label': 'Int example',
+            'label': 'Integer Setting',
             'default': 0,
+            'description': 'Example integer user setting',
             'user_modifiable': True,
         },
         'user_bool_setting': {
             'scope': SODAR_CONSTANTS['APP_SETTING_SCOPE_USER'],
             'type': 'BOOLEAN',
-            'label': 'Bool Example',
+            'label': 'Boolean Setting',
             'default': False,
+            'description': 'Example boolean user setting',
+            'user_modifiable': True,
+        },
+        'user_json_setting': {
+            'scope': SODAR_CONSTANTS['APP_SETTING_SCOPE_USER'],
+            'type': 'JSON',
+            'label': 'JSON Setting',
+            'default': {
+                'Example': 'Value',
+                'list': [1, 2, 3, 4, 5],
+                'level_6': False,
+            },
+            'description': 'Example JSON project setting',
             'user_modifiable': True,
         },
         'user_hidden_setting': {
             'scope': SODAR_CONSTANTS['APP_SETTING_SCOPE_USER'],
             'type': 'STRING',
-            'label': 'Hidden user setting',
             'default': '',
-            'description': 'Should not be displayed in forms',
+            'description': 'Example hidden user setting',
             'user_modifiable': False,
         },
     }
diff --git a/projectroles/app_settings.py b/projectroles/app_settings.py
index 108edf43..6534119a 100644
--- a/projectroles/app_settings.py
+++ b/projectroles/app_settings.py
@@ -43,19 +43,69 @@ def _check_scope(cls, scope):
             raise ValueError('Invalid scope "{}"'.format(scope))
 
     @classmethod
-    def get_default_setting(cls, app_name, setting_name):
+    def _get_json_value(cls, value):
+        """
+        Return JSON value as dict regardless of input type
+
+        :param value: Original value (string or dict)
+        :raise: json.decoder.JSONDecodeError if string value is not valid JSON
+        :raise: ValueError if value type is not recognized
+        :return: dict
+        """
+        if not value:
+            return {}
+
+        elif isinstance(value, str):
+            return json.loads(value)
+
+        elif isinstance(value, dict):
+            return value
+
+        raise ValueError(
+            'Invalid type for value: "{}" ({})'.format(value, type(value))
+        )
+
+    @classmethod
+    def _compare_value(cls, setting_obj, input_value):
+        """
+        Compare input value to value in an AppSetting object
+
+        :param setting_obj: AppSetting object
+        :param input_value: Input value (string, int, bool or dict)
+        :return: Bool
+        """
+        if setting_obj.type == 'JSON':
+            return setting_obj.value_json == cls._get_json_value(input_value)
+
+        elif setting_obj.type == 'BOOLEAN':
+            # TODO: Also do conversion on input value here if necessary
+            return bool(int(setting_obj.value)) == input_value
+
+        return setting_obj.value == str(input_value)
+
+    @classmethod
+    def get_default_setting(cls, app_name, setting_name, post_safe=False):
         """
         Get default setting value from an app plugin.
 
         :param app_name: App name (string, must correspond to "name" in app
                          plugin)
         :param setting_name: Setting name (string)
+        :param post_safe: Whether a POST safe value should be returned (bool)
         :return: Setting value (string, integer or boolean)
         :raise: KeyError if nothing is found with setting_name
         """
         app_plugin = get_app_plugin(app_name)
 
         if setting_name in app_plugin.app_settings:
+            if (
+                post_safe
+                and app_plugin.app_settings[setting_name]['type'] == 'JSON'
+            ):
+                return json.dumps(
+                    app_plugin.app_settings[setting_name]['default']
+                )
+
             return app_plugin.app_settings[setting_name]['default']
 
         raise KeyError(
@@ -65,7 +115,9 @@ def get_default_setting(cls, app_name, setting_name):
         )
 
     @classmethod
-    def get_app_setting(cls, app_name, setting_name, project=None, user=None):
+    def get_app_setting(
+        cls, app_name, setting_name, project=None, user=None, post_safe=False
+    ):
         """
         Return app setting value for a project or an user. If not set, return
         default.
@@ -75,27 +127,33 @@ def get_app_setting(cls, app_name, setting_name, project=None, user=None):
         :param setting_name: Setting name (string)
         :param project: Project object (can be None)
         :param user: User object (can be None)
+        :param post_safe: Whether a POST safe value should be returned (bool)
         :return: String or None
         :raise: KeyError if nothing is found with setting_name
         """
         try:
-            return AppSetting.objects.get_setting_value(
+            val = AppSetting.objects.get_setting_value(
                 app_name, setting_name, project=project, user=user
             )
 
         except AppSetting.DoesNotExist:
-            pass
+            val = cls.get_default_setting(app_name, setting_name, post_safe)
+
+        # Handle post_safe for dict values (JSON)
+        if post_safe and isinstance(val, dict):
+            return json.dumps(val)
 
-        return cls.get_default_setting(app_name, setting_name)
+        return val
 
     @classmethod
-    def get_all_settings(cls, project=None, user=None):
+    def get_all_settings(cls, project=None, user=None, post_safe=False):
         """
         Return all setting values. If the value is not found, return
         the default.
 
         :param project: Project object (can be None)
         :param user: User object (can be None)
+        :param post_safe: Whether POST safe values should be returned (bool)
         :return: Dict
         :raise: ValueError if neither project nor user are set
         """
@@ -110,17 +168,20 @@ def get_all_settings(cls, project=None, user=None):
             for s_key in p_settings:
                 ret[
                     'settings.{}.{}'.format(plugin.name, s_key)
-                ] = cls.get_app_setting(plugin.name, s_key, project, user)
+                ] = cls.get_app_setting(
+                    plugin.name, s_key, project, user, post_safe
+                )
 
         return ret
 
     @classmethod
-    def get_all_defaults(cls, scope):
+    def get_all_defaults(cls, scope, post_safe=False):
         """
         Get all default settings for a scope.
 
-        :param scope:
-        :return:
+        :param scope: Setting scope (PROJECT or USER)
+        :param post_safe: Whether POST safe values should be returned (bool)
+        :return: Dict
         """
         cls._check_scope(scope)
 
@@ -133,7 +194,7 @@ def get_all_defaults(cls, scope):
             for s_key in p_settings:
                 ret[
                     'settings.{}.{}'.format(plugin.name, s_key)
-                ] = cls.get_default_setting(plugin.name, s_key)
+                ] = cls.get_default_setting(plugin.name, s_key, post_safe)
 
         return ret
 
@@ -174,16 +235,18 @@ def set_app_setting(
                 user=user,
             )
 
-            if setting.value == value or setting.value_json == value:
+            if cls._compare_value(setting, value):
                 return False
 
             if validate:
                 cls.validate_setting(setting.type, value)
 
             if setting.type == 'JSON':
-                setting.value_json = value
+                setting.value_json = cls._get_json_value(value)
+
             else:
                 setting.value = value
+
             setting.save()
             return True
 
@@ -208,14 +271,15 @@ def set_app_setting(
             if validate:
                 cls.validate_setting(s_type, value)
 
-            if type == 'JSON':
+            # TODO: Simplfy by creating with **values instead
+            if s_type == 'JSON':
                 setting = AppSetting(
                     app_plugin=app_plugin.get_model(),
                     project=project,
                     user=user,
                     name=setting_name,
                     type=s_type,
-                    value_json=value,
+                    value_json=cls._get_json_value(value),
                     user_modifiable=s_mod,
                 )
             else:
@@ -266,7 +330,7 @@ def validate_setting(cls, setting_type, setting_value):
                 json.dumps(setting_value)
             except TypeError:
                 raise ValueError(
-                    'Please enter valid json ({})'.format(setting_value)
+                    'Please enter valid JSON ({})'.format(setting_value)
                 )
         return True
 
diff --git a/projectroles/forms.py b/projectroles/forms.py
index eac3d142..e91e7a4b 100644
--- a/projectroles/forms.py
+++ b/projectroles/forms.py
@@ -167,7 +167,7 @@ def __init__(self, project=None, current_user=None, *args, **kwargs):
                             **setting_kwargs
                         )
 
-                        # Set initial value
+                    # Set initial value
                     if self.instance.pk:
                         self.initial[
                             s_field
@@ -234,6 +234,7 @@ def __init__(self, project=None, current_user=None, *args, **kwargs):
             # Set hidden project field for autocomplete
             self.initial['project'] = self.instance
 
+            # Set owner value but hide the field (updating via member form)
             self.initial['owner'] = self.instance.get_owner().user.sodar_uuid
             self.fields['owner'].widget = forms.HiddenInput()
 
@@ -318,25 +319,31 @@ def clean(self):
                 plugin, APP_SETTING_SCOPE_PROJECT, user_modifiable=True
             )
 
-            for s_key in p_settings:
-                s = p_settings[s_key]
+            for s_key, s_val in p_settings.items():
                 s_field = 'settings.{}.{}'.format(plugin.name, s_key)
 
-                if s['type'] == 'JSON':
-                    # for some reason, there is a distinct possiblity, that the initial value has been discarded and we get '' as value. Seems to only happen in automated tests. Will catch that here.
-                    if self.cleaned_data[s_field] == '':
+                if s_val['type'] == 'JSON':
+                    # for some reason, there is a distinct possiblity, that the
+                    # initial value has been discarded and we get '' as value.
+                    # Seems to only happen in automated tests. Will catch that
+                    # here.
+                    if not self.cleaned_data.get(s_field):
                         self.cleaned_data[s_field] = '{}'
+
                     try:
+
                         self.cleaned_data[s_field] = json.loads(
-                            self.cleaned_data[s_field]
+                            self.cleaned_data.get(s_field)
                         )
+
                     except json.JSONDecodeError as err:
+                        # TODO: Shouldn't we use add_error() instead?
                         raise forms.ValidationError(
-                            'Couldn\'t encode json.\n' + str(err)
+                            'Couldn\'t encode JSON\n' + str(err)
                         )
 
                 if not self.app_settings.validate_setting(
-                    setting_type=s['type'],
+                    setting_type=s_val['type'],
                     setting_value=self.cleaned_data.get(s_field),
                 ):
                     self.add_error(s_field, 'Invalid value')
diff --git a/projectroles/tests/test_app_settings_api.py b/projectroles/tests/test_app_settings_api.py
index bc1b30dd..ded57372 100644
--- a/projectroles/tests/test_app_settings_api.py
+++ b/projectroles/tests/test_app_settings_api.py
@@ -51,55 +51,59 @@ def setUp(self):
         )
 
         # Init test setting
-        setting_str_kwarg = {
+        self.setting_str_values = {
             'app_name': EXAMPLE_APP_NAME,
             'project': self.project,
-            'name': 'str_setting',
+            'name': 'project_string_setting',
             'setting_type': 'STRING',
             'value': 'test',
             'update_value': 'better test',
             'non_valid_value': False,
         }
-        setting_int_kwarg = {
+        self.setting_int_values = {
             'app_name': EXAMPLE_APP_NAME,
             'project': self.project,
-            'name': 'int_setting',
+            'name': 'project_int_setting',
             'setting_type': 'INTEGER',
-            'value': 210,
-            'update_value': 420,
+            'value': 0,
+            'update_value': 170,
             'non_valid_value': 'Nan',
         }
-        setting_bool_kwarg = {
+        self.setting_bool_values = {
             'app_name': EXAMPLE_APP_NAME,
             'project': self.project,
-            'name': 'bool_setting',
+            'name': 'project_bool_setting',
             'setting_type': 'BOOLEAN',
-            'value': True,
-            'update_value': False,
-            'non_valid_value': 69,
+            'value': False,
+            'update_value': True,
+            'non_valid_value': 170,
         }
-        setting_json_kwarg = {
+        self.setting_json_values = {
             'app_name': EXAMPLE_APP_NAME,
             'project': self.project,
-            'name': 'json_setting',
+            'name': 'project_json_setting',
             'setting_type': 'JSON',
-            'value': {'Test': 'often'},
+            'value': {
+                'Example': 'Value',
+                'list': [1, 2, 3, 4, 5],
+                'level_6': False,
+            },
             'update_value': {'Test_more': 'often_always'},
             'non_valid_value': self.project,
         }
         self.settings = [
-            setting_int_kwarg,
-            setting_json_kwarg,
-            setting_str_kwarg,
-            setting_bool_kwarg,
+            self.setting_int_values,
+            self.setting_json_values,
+            self.setting_str_values,
+            self.setting_bool_values,
         ]
         for s in self.settings:
             self._make_setting(
                 app_name=s['app_name'],
                 name=s['name'],
                 setting_type=s['setting_type'],
-                value=s['value'],
-                value_json=s['value'],
+                value=s['value'] if s['setting_type'] != 'JSON' else '',
+                value_json=s['value'] if s['setting_type'] == 'JSON' else {},
                 project=s['project'],
             )
 
@@ -111,7 +115,7 @@ def test_get_project_setting(self):
                 setting_name=setting['name'],
                 project=setting['project'],
             )
-            self.assertEqual(setting['value'], val)
+            self.assertEqual(val, setting['value'])
 
     def test_get_project_setting_default(self):
         """Test get_app_setting() with default value for existing setting"""
@@ -135,6 +139,16 @@ def test_get_project_setting_nonexisting(self):
                 project=self.project,
             )
 
+    def test_get_project_setting_post_safe(self):
+        """Test get_app_setting() with JSON setting and post_safe=True"""
+        val = app_settings.get_app_setting(
+            app_name=self.setting_json_values['app_name'],
+            setting_name=self.setting_json_values['name'],
+            project=self.setting_json_values['project'],
+            post_safe=True,
+        )
+        self.assertEqual(type(val), str)
+
     def test_set_project_setting(self):
         """Test set_app_setting()"""
 
@@ -164,25 +178,37 @@ def test_set_project_setting_unchanged(self):
                 project=setting['project'],
                 value=setting['value'],
             )
-            self.assertEqual(ret, False)
+            self.assertEqual(
+                ret,
+                False,
+                msg='setting={}.{}'.format(
+                    setting['app_name'], setting['name']
+                ),
+            )
 
             val = app_settings.get_app_setting(
                 app_name=setting['app_name'],
                 setting_name=setting['name'],
                 project=setting['project'],
             )
-            self.assertEqual(val, setting['value'])
+            self.assertEqual(
+                val,
+                setting['value'],
+                msg='setting={}.{}'.format(
+                    setting['app_name'], setting['name']
+                ),
+            )
 
     def test_set_project_setting_new(self):
         """Test set_app_setting() with a new but defined setting"""
 
         # Assert precondition
-        with self.assertRaises(AppSetting.DoesNotExist):
-            AppSetting.objects.get(
-                app_plugin=get_app_plugin(EXAMPLE_APP_NAME).get_model(),
-                project=self.project,
-                name=EXISTING_SETTING,
-            )
+        val = AppSetting.objects.get(
+            app_plugin=get_app_plugin(EXAMPLE_APP_NAME).get_model(),
+            project=self.project,
+            name=EXISTING_SETTING,
+        ).value
+        self.assertEqual(bool(int(val)), False)
 
         ret = app_settings.set_app_setting(
             app_name=EXAMPLE_APP_NAME,
@@ -251,31 +277,47 @@ def test_get_setting_defs_project(self):
         """Test get_setting_defs() with the PROJECT scope"""
         app_plugin = get_app_plugin(EXAMPLE_APP_NAME)
         expected = {
+            'project_string_setting': {
+                'scope': APP_SETTING_SCOPE_PROJECT,
+                'type': 'STRING',
+                'label': 'String Setting',
+                'default': '',
+                'description': 'Example string project setting',
+                'user_modifiable': True,
+            },
+            'project_int_setting': {
+                'scope': APP_SETTING_SCOPE_PROJECT,
+                'type': 'INTEGER',
+                'label': 'Integer Setting',
+                'default': 0,
+                'description': 'Example integer project setting',
+                'user_modifiable': True,
+            },
             'project_bool_setting': {
                 'scope': APP_SETTING_SCOPE_PROJECT,
                 'type': 'BOOLEAN',
+                'label': 'Boolean Setting',
                 'default': False,
-                'description': 'Example project setting',
+                'description': 'Example boolean project setting',
                 'user_modifiable': True,
             },
             'project_json_setting': {
                 'scope': APP_SETTING_SCOPE_PROJECT,
                 'type': 'JSON',
+                'label': 'JSON Setting',
                 'default': {
                     'Example': 'Value',
                     'list': [1, 2, 3, 4, 5],
                     'level_6': False,
                 },
-                'description': 'Example project setting for JSON. Will accept '
-                'anything that json.dumps() can.',
+                'description': 'Example JSON project setting',
                 'user_modifiable': True,
             },
             'project_hidden_setting': {
                 'scope': APP_SETTING_SCOPE_PROJECT,
                 'type': 'STRING',
-                'label': 'Hidden project setting',
                 'default': '',
-                'description': 'Should not be displayed in forms',
+                'description': 'Example hidden project setting',
                 'user_modifiable': False,
             },
         }
@@ -291,44 +333,44 @@ def test_get_setting_defs_user(self):
             'user_str_setting': {
                 'scope': APP_SETTING_SCOPE_USER,
                 'type': 'STRING',
-                'label': 'String example',
+                'label': 'String Setting',
                 'default': '',
-                'description': 'Example user setting',
+                'description': 'Example string user setting',
                 'user_modifiable': True,
             },
             'user_int_setting': {
                 'scope': APP_SETTING_SCOPE_USER,
                 'type': 'INTEGER',
-                'label': 'Int example',
+                'label': 'Integer Setting',
                 'default': 0,
+                'description': 'Example integer user setting',
                 'user_modifiable': True,
             },
             'user_bool_setting': {
                 'scope': APP_SETTING_SCOPE_USER,
                 'type': 'BOOLEAN',
-                'label': 'Bool Example',
+                'label': 'Boolean Setting',
                 'default': False,
+                'description': 'Example boolean user setting',
                 'user_modifiable': True,
             },
             'user_json_setting': {
                 'scope': APP_SETTING_SCOPE_USER,
                 'type': 'JSON',
-                'label': 'Json example',
+                'label': 'JSON Setting',
                 'default': {
                     'Example': 'Value',
                     'list': [1, 2, 3, 4, 5],
                     'level_6': False,
                 },
-                'description': 'Example project setting for JSON. Will accept '
-                'anything that json.dumps() can.',
+                'description': 'Example JSON project setting',
                 'user_modifiable': True,
             },
             'user_hidden_setting': {
                 'scope': APP_SETTING_SCOPE_USER,
                 'type': 'STRING',
-                'label': 'Hidden user setting',
                 'default': '',
-                'description': 'Should not be displayed in forms',
+                'description': 'Example hidden user setting',
                 'user_modifiable': False,
             },
         }
@@ -341,11 +383,11 @@ def test_get_setting_defs_modifiable(self):
         defs = app_settings.get_setting_defs(
             app_plugin, APP_SETTING_SCOPE_PROJECT
         )
-        self.assertEqual(len(defs), 3)
+        self.assertEqual(len(defs), 5)
         defs = app_settings.get_setting_defs(
             app_plugin, APP_SETTING_SCOPE_PROJECT, user_modifiable=True
         )
-        self.assertEqual(len(defs), 2)
+        self.assertEqual(len(defs), 4)
 
     def test_get_setting_defs_invalid(self):
         """Test get_setting_defs() with an invalid scope"""
diff --git a/projectroles/tests/test_models.py b/projectroles/tests/test_models.py
index a5fe1d6e..47c8404c 100644
--- a/projectroles/tests/test_models.py
+++ b/projectroles/tests/test_models.py
@@ -818,7 +818,7 @@ def setUp(self):
             project=self.project,
         )
 
-        # Init json setting
+        # Init JSON setting
         self.setting_json = self._make_setting(
             app_name=EXAMPLE_APP_NAME,
             name='json_setting',
@@ -861,7 +861,7 @@ def test_initialization_integer(self):
         self.assertEqual(model_to_dict(self.setting_int), expected)
 
     def test_initialization_json(self):
-        """Test initialization with integer value"""
+        """Test initialization with JSON value"""
         expected = {
             'id': self.setting_json.pk,
             'app_plugin': get_app_plugin(EXAMPLE_APP_NAME).get_model().pk,
@@ -907,7 +907,7 @@ def test_get_value_bool(self):
         self.assertEqual(val, True)
 
     def test_get_value_json(self):
-        """Test get_value() with type BOOLEAN"""
+        """Test get_value() with type JSON"""
         val = self.setting_json.get_value()
         self.assertEqual(val, {'Testing': 'good'})
 
diff --git a/projectroles/tests/test_views.py b/projectroles/tests/test_views.py
index 94e5332b..3eb6e90a 100644
--- a/projectroles/tests/test_views.py
+++ b/projectroles/tests/test_views.py
@@ -59,6 +59,7 @@
 SUBMIT_STATUS_PENDING_TASKFLOW = SODAR_CONSTANTS['SUBMIT_STATUS_PENDING']
 SITE_MODE_TARGET = SODAR_CONSTANTS['SITE_MODE_TARGET']
 SITE_MODE_SOURCE = SODAR_CONSTANTS['SITE_MODE_SOURCE']
+APP_SETTING_SCOPE_PROJECT = SODAR_CONSTANTS['APP_SETTING_SCOPE_PROJECT']
 
 # Local constants
 INVITE_EMAIL = 'test@example.com'
@@ -86,33 +87,6 @@
 app_settings = AppSettingAPI()
 
 
-# TODO: Refactor or remove this (API should be enough?)
-class ProjectSettingMixin:
-    """Helper mixin for Project settings"""
-
-    @classmethod
-    def _get_settings(cls):
-        """Get settings"""
-        ret = {}
-
-        app_plugins = sorted(
-            [
-                p
-                for p in ProjectAppPluginPoint.get_plugins()
-                if p.project_settings
-            ],
-            key=lambda x: x.name,
-        )
-
-        for p in app_plugins:
-            for s_key in p.project_settings:
-                ret[
-                    'settings.{}.{}'.format(p.name, s_key)
-                ] = p.project_settings[s_key]['default']
-
-        return ret
-
-
 class KnoxAuthMixin:
     """Helper mixin for API views with Knox token authorization"""
 
@@ -350,7 +324,7 @@ def test_render(self):
 
 
 class TestProjectCreateView(
-    ProjectMixin, RoleAssignmentMixin, ProjectSettingMixin, TestViewsBase
+    ProjectMixin, RoleAssignmentMixin, TestViewsBase
 ):
     """Tests for Project creation view"""
 
@@ -409,8 +383,7 @@ def test_render_sub(self):
         self.assertIsInstance(form.fields['parent'].widget, HiddenInput)
 
     def test_render_sub_project(self):
-        """Test rendering of Project creation form if creating a subproject
-        under a project (should fail with redirect)"""
+        """Test rendering of Project creation form if creating a subproject under a project (should fail with redirect)"""
         self.project = self._make_project(
             'TestProject', PROJECT_TYPE_PROJECT, None
         )
@@ -448,7 +421,11 @@ def test_create_top_level_category(self):
         }
 
         # Add settings values
-        values.update(self._get_settings())
+        values.update(
+            app_settings.get_all_defaults(
+                APP_SETTING_SCOPE_PROJECT, post_safe=True
+            )
+        )
 
         with self.login(self.user):
             response = self.client.post(reverse('projectroles:create'), values)
@@ -501,9 +478,8 @@ def test_create_top_level_category(self):
             )
 
     def test_create_project(self):
-        """Test Project creation with taskflow"""
-        # create category (no assertions, cause that is covered by other testcase)
-
+        """Test Project creation"""
+        # Create category
         # Issue POST request
         values = {
             'title': 'TestCategory',
@@ -515,7 +491,11 @@ def test_create_project(self):
         }
 
         # Add settings values
-        values.update(self._get_settings())
+        values.update(
+            app_settings.get_all_defaults(
+                APP_SETTING_SCOPE_PROJECT, post_safe=True
+            )
+        )
 
         with self.login(self.user):
             self.client.post(reverse('projectroles:create'), values)
@@ -532,7 +512,11 @@ def test_create_project(self):
         }
 
         # Add settings values
-        values.update(self._get_settings())
+        values.update(
+            app_settings.get_all_defaults(
+                APP_SETTING_SCOPE_PROJECT, post_safe=True
+            )
+        )
 
         with self.login(self.user):
             self.client.post(
@@ -581,7 +565,7 @@ def test_create_project(self):
 
 
 class TestProjectUpdateView(
-    ProjectMixin, RoleAssignmentMixin, ProjectSettingMixin, TestViewsBase
+    ProjectMixin, RoleAssignmentMixin, TestViewsBase
 ):
     """Tests for Project updating view"""
 
@@ -628,7 +612,9 @@ def test_update_project(self):
         values['owner'] = self.user.sodar_uuid  # NOTE: Must add owner
 
         # Add settings values
-        values.update(self._get_settings())
+        values.update(
+            app_settings.get_all_settings(project=self.project, post_safe=True)
+        )
 
         with self.login(self.user):
             response = self.client.post(
@@ -673,15 +659,16 @@ def test_update_project(self):
             )
 
     def test_update_project_owner(self):
-        """Light version of test_update_project. Only to test if a mail is send,
-         when updating the owner of a project and that the project owner is updated correctly"""
+        """Test email sending on project owner update"""
         new_owner = self.make_user('New Owner')
 
         values = model_to_dict(self.project)
         values['owner'] = new_owner.sodar_uuid  # NOTE: Must add owner
 
         # Add settings values
-        values.update(self._get_settings())
+        values.update(
+            app_settings.get_all_settings(project=self.project, post_safe=True)
+        )
 
         with self.login(self.user):
             self.client.post(
@@ -703,7 +690,7 @@ def test_update_project_owner(self):
 class TestProjectSettingsForm(
     AppSettingMixin, TestViewsBase, ProjectMixin, RoleAssignmentMixin
 ):
-    """Tests for the project settings form."""
+    """Tests for project settings in the project create/update view"""
 
     # NOTE: This assumes an example app is available
     def setUp(self):
@@ -716,12 +703,30 @@ def setUp(self):
             self.project, self.user, self.role_owner
         )
 
+        # Init string setting
+        self.setting_bool = self._make_setting(
+            app_name=EXAMPLE_APP_NAME,
+            name='project_string_setting',
+            setting_type='STRING',
+            value='',
+            project=self.project,
+        )
+
+        # Init integer setting
+        self.setting_bool = self._make_setting(
+            app_name=EXAMPLE_APP_NAME,
+            name='project_int_setting',
+            setting_type='INTEGER',
+            value='0',
+            project=self.project,
+        )
+
         # Init boolean setting
         self.setting_bool = self._make_setting(
             app_name=EXAMPLE_APP_NAME,
             name='project_bool_setting',
             setting_type='BOOLEAN',
-            value=True,
+            value=False,
             project=self.project,
         )
 
@@ -731,11 +736,16 @@ def setUp(self):
             name='project_json_setting',
             setting_type='JSON',
             value=None,
-            value_json={'Test': 'More'},
+            value_json={
+                'Example': 'Value',
+                'list': [1, 2, 3, 4, 5],
+                'level_6': False,
+            },
             project=self.project,
         )
 
-    def testGet(self):
+    def test_get(self):
+        """Test rendering the settings values"""
         with self.login(self.user):
             response = self.client.get(
                 reverse(
@@ -745,6 +755,16 @@ def testGet(self):
             )
         self.assertEqual(response.status_code, 200)
         self.assertIsNotNone(response.context['form'])
+        self.assertIsNotNone(
+            response.context['form'].fields.get(
+                'settings.%s.project_string_setting' % EXAMPLE_APP_NAME
+            )
+        )
+        self.assertIsNotNone(
+            response.context['form'].fields.get(
+                'settings.%s.project_int_setting' % EXAMPLE_APP_NAME
+            )
+        )
         self.assertIsNotNone(
             response.context['form'].fields.get(
                 'settings.%s.project_bool_setting' % EXAMPLE_APP_NAME
@@ -756,24 +776,39 @@ def testGet(self):
             )
         )
 
-    def testPost(self):
+    def test_post(self):
+        """Test modifying the settings values"""
+        self.assertEqual(
+            app_settings.get_app_setting(
+                EXAMPLE_APP_NAME, 'project_string_setting', project=self.project
+            ),
+            '',
+        )
+        self.assertEqual(
+            app_settings.get_app_setting(
+                EXAMPLE_APP_NAME, 'project_int_setting', project=self.project
+            ),
+            0,
+        )
         self.assertEqual(
             app_settings.get_app_setting(
                 EXAMPLE_APP_NAME, 'project_bool_setting', project=self.project
             ),
-            True,
+            False,
         )
         self.assertEqual(
             app_settings.get_app_setting(
                 EXAMPLE_APP_NAME, 'project_json_setting', project=self.project
             ),
-            {'Test': 'More'},
+            {'Example': 'Value', 'list': [1, 2, 3, 4, 5], 'level_6': False},
         )
 
         values = {
-            'settings.%s.project_bool_setting' % EXAMPLE_APP_NAME: False,
+            'settings.%s.project_string_setting' % EXAMPLE_APP_NAME: 'updated',
+            'settings.%s.project_int_setting' % EXAMPLE_APP_NAME: 170,
+            'settings.%s.project_bool_setting' % EXAMPLE_APP_NAME: True,
             'settings.%s.project_json_setting'
-            % EXAMPLE_APP_NAME: '{"Test": "Less"}',
+            % EXAMPLE_APP_NAME: '{"Test": "Updated"}',
             'owner': self.user.sodar_uuid,
             'title': 'TestProject',
             'type': PROJECT_TYPE_PROJECT,
@@ -799,17 +834,29 @@ def testPost(self):
             )
 
         # Assert settings state after update
+        self.assertEqual(
+            app_settings.get_app_setting(
+                EXAMPLE_APP_NAME, 'project_string_setting', project=self.project
+            ),
+            'updated',
+        )
+        self.assertEqual(
+            app_settings.get_app_setting(
+                EXAMPLE_APP_NAME, 'project_int_setting', project=self.project
+            ),
+            170,
+        )
         self.assertEqual(
             app_settings.get_app_setting(
                 EXAMPLE_APP_NAME, 'project_bool_setting', project=self.project
             ),
-            False,
+            True,
         )
         self.assertEqual(
             app_settings.get_app_setting(
                 EXAMPLE_APP_NAME, 'project_json_setting', project=self.project
             ),
-            {'Test': 'Less'},
+            {'Test': 'Updated'},
         )
 
 
diff --git a/projectroles/tests/test_views_taskflow.py b/projectroles/tests/test_views_taskflow.py
index acce97d9..f1823191 100644
--- a/projectroles/tests/test_views_taskflow.py
+++ b/projectroles/tests/test_views_taskflow.py
@@ -76,7 +76,9 @@ def _make_project_taskflow(self, title, type, parent, owner, description):
             'sodar_url': self.live_server_url,
         }  # HACK: Override callback URL
         values.update(
-            app_settings.get_all_defaults(APP_SETTING_SCOPE_PROJECT)
+            app_settings.get_all_defaults(
+                APP_SETTING_SCOPE_PROJECT, post_safe=True
+            )
         )  # Add default settings
 
         post_kwargs = {'project': parent.sodar_uuid} if parent else {}
@@ -166,7 +168,9 @@ def setUp(self):
             'description': 'description',
         }
         values.update(
-            app_settings.get_all_defaults(APP_SETTING_SCOPE_PROJECT)
+            app_settings.get_all_defaults(
+                APP_SETTING_SCOPE_PROJECT, post_safe=True
+            )
         )  # Add default settings
 
         with self.login(self.user):
@@ -260,7 +264,7 @@ def test_update_project(self):
         values['owner'] = self.user.sodar_uuid  # NOTE: Must add owner
         values['readme'] = 'updated readme'
         values.update(
-            app_settings.get_all_settings(project=self.project)
+            app_settings.get_all_settings(project=self.project, post_safe=True)
         )  # Add default settings
         values['sodar_url'] = self.live_server_url  # HACK
 
@@ -317,7 +321,7 @@ def test_update_project_new_owner(self):
         values['owner'] = new_user.sodar_uuid
         values['readme'] = 'updated readme'
         values.update(
-            app_settings.get_all_settings(project=self.project)
+            app_settings.get_all_settings(project=self.project, post_safe=True)
         )  # Add default settings
         values['sodar_url'] = self.live_server_url  # HACK
 
diff --git a/projectroles/views.py b/projectroles/views.py
index fe591db4..d1fabe00 100644
--- a/projectroles/views.py
+++ b/projectroles/views.py
@@ -631,7 +631,12 @@ def _get_project_update_data(old_data, project, owner, project_settings):
             )
 
             if old_v != v:
-                extra_data[k] = v
+                if isinstance(v, dict):
+                    extra_data[k] = v
+
+                else:
+                    extra_data[k] = '<JSON>'
+
                 upd_fields.append(k)
 
         return extra_data, upd_fields
@@ -795,7 +800,14 @@ def form_valid(self, form):
 
             for s_key, s_val in p_settings.items():
                 s_name = 'settings.{}.{}'.format(plugin.name, s_key)
-                project_settings[s_name] = form.cleaned_data.get(s_name)
+
+                if s_val['type'] == 'JSON':
+                    project_settings[s_name] = json.dumps(
+                        form.cleaned_data.get(s_name)
+                    )
+
+                else:
+                    project_settings[s_name] = form.cleaned_data.get(s_name)
 
         if timeline:
             if form_action == 'create':
@@ -2652,9 +2664,15 @@ def post(self, request):
         except Project.DoesNotExist as ex:
             return Response(str(ex), status=404)
 
+        project_settings = app_settings.get_all_settings(project)
+
+        for k, v in project_settings.items():
+            if isinstance(v, dict):
+                project_settings[k] = json.dumps(v)
+
         ret_data = {
             'project_uuid': project.sodar_uuid,
-            'settings': app_settings.get_all_settings(project),
+            'settings': project_settings,
         }
 
         return Response(ret_data, status=200)
diff --git a/run.sh b/run.sh
index 58801b6d..e592bd52 100755
--- a/run.sh
+++ b/run.sh
@@ -1,5 +1,2 @@
 #!/usr/bin/env bash
-if [ $# -gt 0 ] && [ $1 = "sync" ]; then
-    ./manage.py synctaskflow
-fi
 ./manage.py runserver --settings=config.settings.local
diff --git a/run_taskflow.sh b/run_taskflow.sh
new file mode 100755
index 00000000..1190bbce
--- /dev/null
+++ b/run_taskflow.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+if [ $# -gt 0 ] && [ $1 = "sync" ]; then
+    ./manage.py synctaskflow --settings=config.settings.local_taskflow
+fi
+./manage.py runserver --settings=config.settings.local_taskflow
diff --git a/userprofile/forms.py b/userprofile/forms.py
index 3942dcd5..67a71b00 100644
--- a/userprofile/forms.py
+++ b/userprofile/forms.py
@@ -70,9 +70,19 @@ def __init__(self, *args, **kwargs):
                     )
 
                 # Set initial value
-                self.initial[s_field] = app_settings.get_app_setting(
-                    app_name=plugin.name, setting_name=s_key, user=self.user
-                )
+                if s_val['type'] != 'JSON':
+                    self.initial[s_field] = app_settings.get_app_setting(
+                        app_name=plugin.name, setting_name=s_key, user=self.user
+                    )
+
+                else:
+                    self.initial[s_field] = json.dumps(
+                        app_settings.get_app_setting(
+                            app_name=plugin.name,
+                            setting_name=s_key,
+                            user=self.user,
+                        )
+                    )
 
     def clean(self):
         """Function for custom form validation and cleanup"""
@@ -87,16 +97,18 @@ def clean(self):
                 if s_val['type'] == 'JSON':
                     try:
                         self.cleaned_data[s_field] = json.loads(
-                            self.cleaned_data[s_field]
+                            self.cleaned_data.get(s_field)
                         )
                     except json.JSONDecodeError as err:
+                        # TODO: Shouldn't we use add_error() instead?
                         raise forms.ValidationError(
-                            'Couldn\'t encode json.\n' + str(err)
+                            'Couldn\'t encode JSON\n' + str(err)
                         )
 
-                app_settings.validate_setting(
+                if not app_settings.validate_setting(
                     setting_type=s_val['type'],
                     setting_value=self.cleaned_data.get(s_field),
-                )
+                ):
+                    self.add_error(s_field, 'Invalid value')
 
         return self.cleaned_data

From 873024b0153da4de017b7daf4d7840e8fea1fcac Mon Sep 17 00:00:00 2001
From: "mikko.nieminen" <mikko.nieminen@bihealth.de>
Date: Tue, 1 Oct 2019 12:30:49 +0200
Subject: [PATCH 06/20] improve project extra data logging (#358, #359), fix
 cosmetic timeline issues (#360, #361), add get_setting_def() to app settings
 api, refactor example app settings, cleanup

---
 CHANGELOG.rst                                 |  2 +
 example_project_app/plugins.py                |  2 +-
 projectroles/app_settings.py                  | 34 ++++++++++
 projectroles/tests/test_app_settings_api.py   | 66 ++++++++++++++++++-
 projectroles/tests/test_views.py              | 25 +++----
 projectroles/views.py                         | 30 ++++++---
 .../templates/timeline/_extra_data_modal.html |  8 ++-
 timeline/templatetags/timeline_tags.py        |  4 +-
 8 files changed, 139 insertions(+), 32 deletions(-)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 5193305a..e36fe9a9 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -37,6 +37,8 @@ Added
     - UI notification for disabled member management on target sites (#301)
     - Management command ``addremotesite`` for adding remote sites (#314)
     - JSON support for app settings (#268)
+    - ``get_setting_def()`` in app settings API
+    - Timeline logging of app settings in project creation (#359)
 - **Timeline**
     - Display event extra data as JSON (#6)
 - **Userprofile**
diff --git a/example_project_app/plugins.py b/example_project_app/plugins.py
index b0dec428..ae7df973 100644
--- a/example_project_app/plugins.py
+++ b/example_project_app/plugins.py
@@ -25,7 +25,7 @@ class ProjectAppPlugin(ProjectAppPluginPoint):
 
     #: Project and user settings
     app_settings = {
-        'project_string_setting': {
+        'project_str_setting': {
             'scope': SODAR_CONSTANTS['APP_SETTING_SCOPE_PROJECT'],
             'type': 'STRING',
             'label': 'String Setting',
diff --git a/projectroles/app_settings.py b/projectroles/app_settings.py
index 6534119a..f26de49f 100644
--- a/projectroles/app_settings.py
+++ b/projectroles/app_settings.py
@@ -334,6 +334,40 @@ def validate_setting(cls, setting_type, setting_value):
                 )
         return True
 
+    @classmethod
+    def get_setting_def(cls, name, plugin=None, app_name=None):
+        """
+        Return definition for a single app setting, either based on an app name
+        or the plugin object.
+
+        :param name: Setting name
+        :param app_name: Name of the app plugin (string)
+        :param name: Plugin object extending ProjectAppPluginPoint
+        :return: Dict
+        :raise: ValueError if neither app_name or plugin are set or if setting
+                is not found in plugin
+        """
+        if not plugin and not app_name:
+            raise ValueError('Plugin and app name both unset')
+
+        elif not plugin:
+            plugin = get_app_plugin(app_name)
+
+            if not plugin:
+                raise ValueError(
+                    'Plugin not found with app name "{}"'.format(app_name)
+                )
+
+        if name not in plugin.app_settings:
+            raise ValueError(
+                'App setting not found in app "{}" with name "{}"'.format(
+                    plugin.name, name
+                )
+            )
+
+        return plugin.app_settings[name]
+
+    # TODO: Refactor to also take app name instead of plugin
     @classmethod
     def get_setting_defs(cls, plugin, scope, user_modifiable=False):
         """
diff --git a/projectroles/tests/test_app_settings_api.py b/projectroles/tests/test_app_settings_api.py
index ded57372..f2c7235b 100644
--- a/projectroles/tests/test_app_settings_api.py
+++ b/projectroles/tests/test_app_settings_api.py
@@ -54,7 +54,7 @@ def setUp(self):
         self.setting_str_values = {
             'app_name': EXAMPLE_APP_NAME,
             'project': self.project,
-            'name': 'project_string_setting',
+            'name': 'project_str_setting',
             'setting_type': 'STRING',
             'value': 'test',
             'update_value': 'better test',
@@ -273,11 +273,73 @@ def test_validate_project_setting_invalid(self):
         with self.assertRaises(ValueError):
             app_settings.validate_setting('INVALID_TYPE', 'value')
 
+    def test_get_setting_def_plugin(self):
+        """Test get_setting_def() with a plugin"""
+        app_plugin = get_app_plugin(EXAMPLE_APP_NAME)
+        expected = {
+            'scope': APP_SETTING_SCOPE_PROJECT,
+            'type': 'STRING',
+            'label': 'String Setting',
+            'default': '',
+            'description': 'Example string project setting',
+            'user_modifiable': True,
+        }
+        s_def = app_settings.get_setting_def(
+            'project_str_setting', plugin=app_plugin
+        )
+        self.assertEqual(s_def, expected)
+
+    def test_get_setting_def_app_name(self):
+        """Test get_setting_def() with an app name"""
+        expected = {
+            'scope': APP_SETTING_SCOPE_PROJECT,
+            'type': 'STRING',
+            'label': 'String Setting',
+            'default': '',
+            'description': 'Example string project setting',
+            'user_modifiable': True,
+        }
+        s_def = app_settings.get_setting_def(
+            'project_str_setting', app_name=EXAMPLE_APP_NAME
+        )
+        self.assertEqual(s_def, expected)
+
+    def test_get_setting_def_user(self):
+        """Test get_setting_def() with a user setting"""
+        expected = {
+            'scope': APP_SETTING_SCOPE_USER,
+            'type': 'STRING',
+            'label': 'String Setting',
+            'default': '',
+            'description': 'Example string user setting',
+            'user_modifiable': True,
+        }
+        s_def = app_settings.get_setting_def(
+            'user_str_setting', app_name=EXAMPLE_APP_NAME
+        )
+        self.assertEqual(s_def, expected)
+
+    def test_get_setting_def_invalid(self):
+        """Test get_setting_def() with innvalid input"""
+        with self.assertRaises(ValueError):
+            app_settings.get_setting_def(
+                'non_existing_setting', app_name=EXAMPLE_APP_NAME
+            )
+
+        with self.assertRaises(ValueError):
+            app_settings.get_setting_def(
+                'project_str_setting', app_name='non_existing_app_name'
+            )
+
+        # Both app_name and plugin unset
+        with self.assertRaises(ValueError):
+            app_settings.get_setting_def('project_str_setting')
+
     def test_get_setting_defs_project(self):
         """Test get_setting_defs() with the PROJECT scope"""
         app_plugin = get_app_plugin(EXAMPLE_APP_NAME)
         expected = {
-            'project_string_setting': {
+            'project_str_setting': {
                 'scope': APP_SETTING_SCOPE_PROJECT,
                 'type': 'STRING',
                 'label': 'String Setting',
diff --git a/projectroles/tests/test_views.py b/projectroles/tests/test_views.py
index 3eb6e90a..c3676ac4 100644
--- a/projectroles/tests/test_views.py
+++ b/projectroles/tests/test_views.py
@@ -27,12 +27,7 @@
     SODAR_CONSTANTS,
     PROJECT_TAG_STARRED,
 )
-from ..plugins import (
-    change_plugin_status,
-    get_backend_api,
-    get_active_plugins,
-    ProjectAppPluginPoint,
-)
+from ..plugins import change_plugin_status, get_backend_api, get_active_plugins
 from ..remote_projects import RemoteProjectAPI
 from ..utils import build_secret, get_display_name
 from .test_models import (
@@ -323,9 +318,7 @@ def test_render(self):
         self.assertEqual(response.context['object'].pk, self.project.pk)
 
 
-class TestProjectCreateView(
-    ProjectMixin, RoleAssignmentMixin, TestViewsBase
-):
+class TestProjectCreateView(ProjectMixin, RoleAssignmentMixin, TestViewsBase):
     """Tests for Project creation view"""
 
     def test_render_top(self):
@@ -564,9 +557,7 @@ def test_create_project(self):
         self.assertEqual(model_to_dict(owner_as), expected)
 
 
-class TestProjectUpdateView(
-    ProjectMixin, RoleAssignmentMixin, TestViewsBase
-):
+class TestProjectUpdateView(ProjectMixin, RoleAssignmentMixin, TestViewsBase):
     """Tests for Project updating view"""
 
     def setUp(self):
@@ -706,7 +697,7 @@ def setUp(self):
         # Init string setting
         self.setting_bool = self._make_setting(
             app_name=EXAMPLE_APP_NAME,
-            name='project_string_setting',
+            name='project_str_setting',
             setting_type='STRING',
             value='',
             project=self.project,
@@ -757,7 +748,7 @@ def test_get(self):
         self.assertIsNotNone(response.context['form'])
         self.assertIsNotNone(
             response.context['form'].fields.get(
-                'settings.%s.project_string_setting' % EXAMPLE_APP_NAME
+                'settings.%s.project_str_setting' % EXAMPLE_APP_NAME
             )
         )
         self.assertIsNotNone(
@@ -780,7 +771,7 @@ def test_post(self):
         """Test modifying the settings values"""
         self.assertEqual(
             app_settings.get_app_setting(
-                EXAMPLE_APP_NAME, 'project_string_setting', project=self.project
+                EXAMPLE_APP_NAME, 'project_str_setting', project=self.project
             ),
             '',
         )
@@ -804,7 +795,7 @@ def test_post(self):
         )
 
         values = {
-            'settings.%s.project_string_setting' % EXAMPLE_APP_NAME: 'updated',
+            'settings.%s.project_str_setting' % EXAMPLE_APP_NAME: 'updated',
             'settings.%s.project_int_setting' % EXAMPLE_APP_NAME: 170,
             'settings.%s.project_bool_setting' % EXAMPLE_APP_NAME: True,
             'settings.%s.project_json_setting'
@@ -836,7 +827,7 @@ def test_post(self):
         # Assert settings state after update
         self.assertEqual(
             app_settings.get_app_setting(
-                EXAMPLE_APP_NAME, 'project_string_setting', project=self.project
+                EXAMPLE_APP_NAME, 'project_str_setting', project=self.project
             ),
             'updated',
         )
diff --git a/projectroles/views.py b/projectroles/views.py
index d1fabe00..815a891b 100644
--- a/projectroles/views.py
+++ b/projectroles/views.py
@@ -626,17 +626,16 @@ def _get_project_update_data(old_data, project, owner, project_settings):
 
         # Settings
         for k, v in project_settings.items():
-            old_v = app_settings.get_app_setting(
-                k.split('.')[1], k.split('.')[2], project
-            )
-
-            if old_v != v:
-                if isinstance(v, dict):
-                    extra_data[k] = v
+            a_name = k.split('.')[1]
+            s_name = k.split('.')[2]
+            s_def = app_settings.get_setting_def(s_name, app_name=a_name)
+            old_v = app_settings.get_app_setting(a_name, s_name, project)
 
-                else:
-                    extra_data[k] = '<JSON>'
+            if s_def['type'] == 'JSON':
+                v = json.loads(v)
 
+            if old_v != v:
+                extra_data[k] = v
                 upd_fields.append(k)
 
         return extra_data, upd_fields
@@ -821,6 +820,19 @@ def form_valid(self, form):
                     'readme': project.readme.raw,
                 }
 
+                # Add settings to extra data
+                for k, v in project_settings.items():
+                    a_name = k.split('.')[1]
+                    s_name = k.split('.')[2]
+                    s_def = app_settings.get_setting_def(
+                        s_name, app_name=a_name
+                    )
+
+                    if s_def['type'] == 'JSON':
+                        v = json.loads(v)
+
+                    extra_data[k] = v
+
             else:  # Update
                 tl_desc = 'update ' + type_str.lower()
                 extra_data, upd_fields = self._get_project_update_data(
diff --git a/timeline/templates/timeline/_extra_data_modal.html b/timeline/templates/timeline/_extra_data_modal.html
index a27ef615..5d78b9a6 100644
--- a/timeline/templates/timeline/_extra_data_modal.html
+++ b/timeline/templates/timeline/_extra_data_modal.html
@@ -2,6 +2,10 @@
 
 {% block css %}
   <style type="text/css">
+    .sodar-tl-modal-dialog {
+      max-width: 75% !important;
+    }
+
     .json-open-bracket, .json-close-bracket {
       color: #CC0011;
     }
@@ -27,8 +31,8 @@
 {% endblock css %}
 
 <!-- Modal -->
-<div id="sodar-tl-modal-{{ event.pk }}" class="modal" tabindex="-1" role="dialog">
-  <div class="modal-dialog modal-dialog-centered" role="document">
+<div id="sodar-tl-modal-{{ event.pk }}" class="modal sodar-tl-modal" tabindex="-1" role="dialog">
+  <div class="modal-dialog modal-dialog-centered sodar-tl-modal-dialog" role="document">
     <div class="modal-content">
       <div style="flex: 1; flex-direction: row; display: flex; flex-wrap: wrap; border-bottom: 1px solid #dee2e6">
         <ul class="nav nav-tabs border-bottom-0">
diff --git a/timeline/templatetags/timeline_tags.py b/timeline/templatetags/timeline_tags.py
index e4d1895f..94276170 100644
--- a/timeline/templatetags/timeline_tags.py
+++ b/timeline/templatetags/timeline_tags.py
@@ -135,10 +135,12 @@ def html_print_obj(obj, str_list: list, indent):
         str_list.append('&quot;')
         str_list.append(html.escape(obj))
         str_list.append('&quot;')
+    elif isinstance(obj, int):
+        str_list.append(str(obj))
     elif isinstance(obj, bool):
         str_list.append(str(obj))
     elif obj is None:
-        str_list.append('Null')
+        str_list.append('null')
 
 
 def html_print_dict(dct: dict, str_list, indent):

From d2410abc2791194a4d7fedab1ac01b2754098957 Mon Sep 17 00:00:00 2001
From: Hendrik Bomhardt <hendrik.bomhardt@mdc-berlin.de>
Date: Tue, 1 Oct 2019 15:01:56 +0200
Subject: [PATCH 07/20] add PROJECT_USER scope for app settings (#266)

---
 CHANGELOG.rst                               |  1 +
 docs/source/dev_project_app.rst             |  2 +-
 example_project_app/plugins.py              | 28 +++++++++++
 projectroles/app_settings.py                | 50 +++++++++++++++-----
 projectroles/constants.py                   |  1 +
 projectroles/models.py                      |  6 +--
 projectroles/tests/test_app_settings_api.py | 51 +++++++++++++++++++++
 7 files changed, 123 insertions(+), 16 deletions(-)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index e36fe9a9..6af231a6 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -39,6 +39,7 @@ Added
     - JSON support for app settings (#268)
     - ``get_setting_def()`` in app settings API
     - Timeline logging of app settings in project creation (#359)
+    - "Project and user" scope for app settings (#266)
 - **Timeline**
     - Display event extra data as JSON (#6)
 - **Userprofile**
diff --git a/docs/source/dev_project_app.rst b/docs/source/dev_project_app.rst
index d9fa805a..ebee4c27 100644
--- a/docs/source/dev_project_app.rst
+++ b/docs/source/dev_project_app.rst
@@ -202,7 +202,7 @@ The following variables and functions are **mandatory**:
 
 Implementing the following is **optional**:
 
-- ``app_settings``: Implement if project or user specific settings for the app
+- ``app_settings``: Implement if project, user or project_user (Settings specific to a project and user) specific settings for the app
   are needed. See the plugin point definition for an example.
 - ``search_types``: Implement if searching the data of the app is enabled
 - ``search_template``: Implement if searching the data of the app is enabled
diff --git a/example_project_app/plugins.py b/example_project_app/plugins.py
index ae7df973..5ccc0e02 100644
--- a/example_project_app/plugins.py
+++ b/example_project_app/plugins.py
@@ -111,6 +111,34 @@ class ProjectAppPlugin(ProjectAppPluginPoint):
             'description': 'Example hidden user setting',
             'user_modifiable': False,
         },
+        'project_user_string_hidden_setting': {
+            'scope': SODAR_CONSTANTS['APP_SETTING_SCOPE_PROJECT_USER'],
+            'type': 'STRING',
+            'default': '',
+            'description': 'Example string project user setting',
+            'user_modifiable': False,
+        },
+        'project_user_int_hidden_setting': {
+            'scope': SODAR_CONSTANTS['APP_SETTING_SCOPE_PROJECT_USER'],
+            'type': 'INTEGER',
+            'default': '',
+            'description': 'Example int project user setting',
+            'user_modifiable': False,
+        },
+        'project_user_bool_hidden_setting': {
+            'scope': SODAR_CONSTANTS['APP_SETTING_SCOPE_PROJECT_USER'],
+            'type': 'BOOLEAN',
+            'default': '',
+            'description': 'Example bool project user setting',
+            'user_modifiable': False,
+        },
+        'project_user_json_hidden_setting': {
+            'scope': SODAR_CONSTANTS['APP_SETTING_SCOPE_PROJECT_USER'],
+            'type': 'JSON',
+            'default': '',
+            'description': 'Example json project user setting',
+            'user_modifiable': False,
+        },
     }
 
     #: FontAwesome icon ID string
diff --git a/projectroles/app_settings.py b/projectroles/app_settings.py
index f26de49f..f667be58 100644
--- a/projectroles/app_settings.py
+++ b/projectroles/app_settings.py
@@ -8,28 +8,48 @@
 # SODAR constants
 APP_SETTING_SCOPE_PROJECT = SODAR_CONSTANTS['APP_SETTING_SCOPE_PROJECT']
 APP_SETTING_SCOPE_USER = SODAR_CONSTANTS['APP_SETTING_SCOPE_USER']
+APP_SETTING_SCOPE_PROJECT_USER = SODAR_CONSTANTS[
+    'APP_SETTING_SCOPE_PROJECT_USER'
+]
 
 # Local constants
-VALID_SCOPES = [APP_SETTING_SCOPE_PROJECT, APP_SETTING_SCOPE_USER]
+VALID_SCOPES = [
+    APP_SETTING_SCOPE_PROJECT,
+    APP_SETTING_SCOPE_USER,
+    APP_SETTING_SCOPE_PROJECT_USER,
+]
 
 
 class AppSettingAPI:
     @classmethod
-    def _check_project_and_user(cls, project, user):
+    def _check_project_and_user(cls, scope, project, user):
         """
         Ensure one of the project and user parameters is set.
 
+        :param scope: Scope of Setting (USER, PROJECT, PROJECT_USER)
         :param project: Project object
         :param user: User object
         :raise: ValueError if none or both objects exist
         """
-        if not project and not user:
-            raise ValueError('Project and user are both unset')
-
-        if project and user:
-            raise ValueError(
-                'Scope of project AND user not currently supported'
-            )
+        if scope == APP_SETTING_SCOPE_PROJECT:
+            if not project:
+                raise ValueError('Project unset for setting with project scope')
+            if user:
+                raise ValueError('User set for setting with project scope')
+        elif scope == APP_SETTING_SCOPE_USER:
+            if project:
+                raise ValueError('Project set for setting with user scope')
+            if not user:
+                raise ValueError('User unset for setting with user scope')
+        elif scope == APP_SETTING_SCOPE_PROJECT_USER:
+            if not project:
+                raise ValueError(
+                    'Project unset for setting with project_user scope'
+                )
+            if not user:
+                raise ValueError(
+                    'User unset for setting with project_user scope'
+                )
 
     @classmethod
     def _check_scope(cls, scope):
@@ -157,7 +177,8 @@ def get_all_settings(cls, project=None, user=None, post_safe=False):
         :return: Dict
         :raise: ValueError if neither project nor user are set
         """
-        cls._check_project_and_user(project, user)
+        if not project and not user:
+            raise ValueError('Project and user are both unset')
 
         ret = {}
         app_plugins = get_active_plugins()
@@ -179,7 +200,7 @@ def get_all_defaults(cls, scope, post_safe=False):
         """
         Get all default settings for a scope.
 
-        :param scope: Setting scope (PROJECT or USER)
+        :param scope: Setting scope (PROJECT, USER or PROJECT_USER)
         :param post_safe: Whether POST safe values should be returned (bool)
         :return: Dict
         """
@@ -225,7 +246,9 @@ def set_app_setting(
         :raise: ValueError if neither project nor user are set
         :raise: KeyError if setting name is not found in plugin specification
         """
-        cls._check_project_and_user(project, user)
+
+        if not project and not user:
+            raise ValueError('Project and user are both unset')
 
         try:
             setting = AppSetting.objects.get(
@@ -268,6 +291,9 @@ def set_app_setting(
                 else True
             )
 
+            cls._check_scope(s_def['scope'])
+            cls._check_project_and_user(s_def['scope'], project, user)
+
             if validate:
                 cls.validate_setting(s_type, value)
 
diff --git a/projectroles/constants.py b/projectroles/constants.py
index 25a68d7d..7e5fad0d 100644
--- a/projectroles/constants.py
+++ b/projectroles/constants.py
@@ -18,6 +18,7 @@
     # App Settings
     'APP_SETTING_SCOPE_PROJECT': 'PROJECT',
     'APP_SETTING_SCOPE_USER': 'USER',
+    'APP_SETTING_SCOPE_PROJECT_USER': 'PROJECT_USER',
     # RemoteSite mode
     'SITE_MODE_SOURCE': 'SOURCE',
     'SITE_MODE_TARGET': 'TARGET',
diff --git a/projectroles/models.py b/projectroles/models.py
index 8dbf21da..7ae4870b 100644
--- a/projectroles/models.py
+++ b/projectroles/models.py
@@ -470,7 +470,7 @@ def get_setting_value(
         """
         Return value of setting_name for app_name in project or for user.
 
-        Note that either project or user must be None but not both.
+        Note that project and/or user must be set.
 
         :param app_name: App plugin name (string)
         :param setting_name: Name of setting (string)
@@ -479,8 +479,8 @@ def get_setting_value(
         :return: Value (string)
         :raise: AppSetting.DoesNotExist if setting is not found
         """
-        if (project is None) == (user is None):
-            raise ValueError('Either project or user has to be None.')
+        if (project is None) and (user is None):
+            raise ValueError('Project and user unset.')
         setting = (
             super()
             .get_queryset()
diff --git a/projectroles/tests/test_app_settings_api.py b/projectroles/tests/test_app_settings_api.py
index f2c7235b..479b6db2 100644
--- a/projectroles/tests/test_app_settings_api.py
+++ b/projectroles/tests/test_app_settings_api.py
@@ -19,6 +19,9 @@
 SUBMIT_STATUS_PENDING_TASKFLOW = SODAR_CONSTANTS['SUBMIT_STATUS_PENDING']
 APP_SETTING_SCOPE_PROJECT = SODAR_CONSTANTS['APP_SETTING_SCOPE_PROJECT']
 APP_SETTING_SCOPE_USER = SODAR_CONSTANTS['APP_SETTING_SCOPE_USER']
+APP_SETTING_SCOPE_PROJECT_USER = SODAR_CONSTANTS[
+    'APP_SETTING_SCOPE_PROJECT_USER'
+]
 
 # Local settings
 EXISTING_SETTING = 'project_bool_setting'
@@ -439,6 +442,44 @@ def test_get_setting_defs_user(self):
         defs = app_settings.get_setting_defs(app_plugin, APP_SETTING_SCOPE_USER)
         self.assertEqual(defs, expected)
 
+    def test_get_setting_defs_project_user(self):
+        """Test get_setting_defs() with the PROJECT_USER scope"""
+        app_plugin = get_app_plugin(EXAMPLE_APP_NAME)
+        expected = {
+            'project_user_string_hidden_setting': {
+                'scope': SODAR_CONSTANTS['APP_SETTING_SCOPE_PROJECT_USER'],
+                'type': 'STRING',
+                'default': '',
+                'description': 'Example string project user setting',
+                'user_modifiable': False,
+            },
+            'project_user_int_hidden_setting': {
+                'scope': SODAR_CONSTANTS['APP_SETTING_SCOPE_PROJECT_USER'],
+                'type': 'INTEGER',
+                'default': '',
+                'description': 'Example int project user setting',
+                'user_modifiable': False,
+            },
+            'project_user_bool_hidden_setting': {
+                'scope': SODAR_CONSTANTS['APP_SETTING_SCOPE_PROJECT_USER'],
+                'type': 'BOOLEAN',
+                'default': '',
+                'description': 'Example bool project user setting',
+                'user_modifiable': False,
+            },
+            'project_user_json_hidden_setting': {
+                'scope': SODAR_CONSTANTS['APP_SETTING_SCOPE_PROJECT_USER'],
+                'type': 'JSON',
+                'default': '',
+                'description': 'Example json project user setting',
+                'user_modifiable': False,
+            },
+        }
+        defs = app_settings.get_setting_defs(
+            app_plugin, APP_SETTING_SCOPE_PROJECT_USER
+        )
+        self.assertEqual(defs, expected)
+
     def test_get_setting_defs_modifiable(self):
         """Test get_setting_defs() with the user_modifiable arg"""
         app_plugin = get_app_plugin(EXAMPLE_APP_NAME)
@@ -462,7 +503,13 @@ def test_get_all_defaults_project(self):
         """Test get_all_defaults() with the PROJECT scope"""
         prefix = 'settings.{}.'.format(EXAMPLE_APP_NAME)
         defaults = app_settings.get_all_defaults(APP_SETTING_SCOPE_PROJECT)
+        self.assertEqual(defaults[prefix + 'project_str_setting'], '')
+        self.assertEqual(defaults[prefix + 'project_int_setting'], 0)
         self.assertEqual(defaults[prefix + 'project_bool_setting'], False)
+        self.assertEqual(
+            defaults[prefix + 'project_json_setting'],
+            {'Example': 'Value', 'list': [1, 2, 3, 4, 5], 'level_6': False},
+        )
 
     def test_get_all_defaults_user(self):
         """Test get_all_defaults() with the USER scope"""
@@ -471,3 +518,7 @@ def test_get_all_defaults_user(self):
         self.assertEqual(defaults[prefix + 'user_str_setting'], '')
         self.assertEqual(defaults[prefix + 'user_int_setting'], 0)
         self.assertEqual(defaults[prefix + 'user_bool_setting'], False)
+        self.assertEqual(
+            defaults[prefix + 'user_json_setting'],
+            {'Example': 'Value', 'list': [1, 2, 3, 4, 5], 'level_6': False},
+        )

From 61af250d0a85faf93427554e4d91c362079cba7d Mon Sep 17 00:00:00 2001
From: "mikko.nieminen" <mikko.nieminen@bihealth.de>
Date: Tue, 1 Oct 2019 17:04:36 +0200
Subject: [PATCH 08/20] refactor and cleanup AppSettingAPI

---
 CHANGELOG.rst                               |  1 +
 docs/source/breaking_changes.rst            |  9 +++
 projectroles/app_settings.py                | 86 ++++++++++++---------
 projectroles/forms.py                       |  5 +-
 projectroles/tests/test_app_settings_api.py | 24 +++---
 projectroles/views.py                       |  2 +-
 userprofile/forms.py                        |  4 +-
 userprofile/views.py                        |  2 +-
 8 files changed, 77 insertions(+), 56 deletions(-)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 6af231a6..70d4a9a6 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -60,6 +60,7 @@ Changed
     - Replace ``login_and_redirect()`` in UI tests with a faster cookie based function (#323)
     - Refactor remote project display on details page (#196)
     - Refactor AppSettingAPI (#268)
+    - Enable calling ``AppSettingAPI.get_setting_defs()`` with app name instead of plugin object
 - **Timeline**
     - Use common pagination template (#336)
 
diff --git a/docs/source/breaking_changes.rst b/docs/source/breaking_changes.rst
index bda38d2f..af174c71 100644
--- a/docs/source/breaking_changes.rst
+++ b/docs/source/breaking_changes.rst
@@ -41,6 +41,15 @@ In ``projectroles.tests.test_views``, the deprecated ``ProjectSettingMixin``
 was removed. If you need to populate app settings in your tests, use the
 ``AppSettingAPI`` instead.
 
+AppSettingAPI get_setting_defs() Signature Changed
+--------------------------------------------------
+
+The ``get_settings_defs()`` function in the app settings API now accepts either
+a project app plugin or simply the name of the plugin as string. Due to this
+change, the signature of the API function including argument order has changed.
+Please see the :ref:`API documentation<app_projectroles_api>` for more details
+and update your function calls accordingly.
+
 
 v0.6.2 (2019-06-21)
 ===================
diff --git a/projectroles/app_settings.py b/projectroles/app_settings.py
index f667be58..dd3c5ef2 100644
--- a/projectroles/app_settings.py
+++ b/projectroles/app_settings.py
@@ -69,21 +69,23 @@ def _get_json_value(cls, value):
 
         :param value: Original value (string or dict)
         :raise: json.decoder.JSONDecodeError if string value is not valid JSON
-        :raise: ValueError if value type is not recognized
+        :raise: ValueError if value type is not recognized or if value is not
+                valid JSON
         :return: dict
         """
         if not value:
             return {}
 
-        elif isinstance(value, str):
-            return json.loads(value)
+        try:
+            if isinstance(value, str):
+                return json.loads(value)
 
-        elif isinstance(value, dict):
-            return value
+            else:
+                json.dumps(value)  # Ensure this is valid
+                return value
 
-        raise ValueError(
-            'Invalid type for value: "{}" ({})'.format(value, type(value))
-        )
+        except Exception:
+            raise ValueError('Value is not valid JSON: {}'.format(value))
 
     @classmethod
     def _compare_value(cls, setting_obj, input_value):
@@ -184,7 +186,9 @@ def get_all_settings(cls, project=None, user=None, post_safe=False):
         app_plugins = get_active_plugins()
 
         for plugin in app_plugins:
-            p_settings = cls.get_setting_defs(plugin, APP_SETTING_SCOPE_PROJECT)
+            p_settings = cls.get_setting_defs(
+                APP_SETTING_SCOPE_PROJECT, plugin=plugin
+            )
 
             for s_key in p_settings:
                 ret[
@@ -210,7 +214,7 @@ def get_all_defaults(cls, scope, post_safe=False):
         app_plugins = get_active_plugins()
 
         for plugin in app_plugins:
-            p_settings = cls.get_setting_defs(plugin, scope)
+            p_settings = cls.get_setting_defs(scope, plugin=plugin)
 
             for s_key in p_settings:
                 ret[
@@ -295,30 +299,25 @@ def set_app_setting(
             cls._check_project_and_user(s_def['scope'], project, user)
 
             if validate:
-                cls.validate_setting(s_type, value)
+                v = cls._get_json_value(value) if s_type == 'JSON' else value
+                cls.validate_setting(s_type, v)
+
+            s_vals = {
+                'app_plugin': app_plugin.get_model(),
+                'project': project,
+                'user': user,
+                'name': setting_name,
+                'type': s_type,
+                'user_modifiable': s_mod,
+            }
 
-            # TODO: Simplfy by creating with **values instead
             if s_type == 'JSON':
-                setting = AppSetting(
-                    app_plugin=app_plugin.get_model(),
-                    project=project,
-                    user=user,
-                    name=setting_name,
-                    type=s_type,
-                    value_json=cls._get_json_value(value),
-                    user_modifiable=s_mod,
-                )
+                s_vals['value_json'] = cls._get_json_value(value)
+
             else:
-                setting = AppSetting(
-                    app_plugin=app_plugin.get_model(),
-                    project=project,
-                    user=user,
-                    name=setting_name,
-                    type=s_type,
-                    value=value,
-                    user_modifiable=s_mod,
-                )
-            setting.save()
+                s_vals['value'] = value
+
+            AppSetting.objects.create(**s_vals)
             return True
 
     @classmethod
@@ -367,8 +366,8 @@ def get_setting_def(cls, name, plugin=None, app_name=None):
         or the plugin object.
 
         :param name: Setting name
+        :param plugin: Plugin object extending ProjectAppPluginPoint
         :param app_name: Name of the app plugin (string)
-        :param name: Plugin object extending ProjectAppPluginPoint
         :return: Dict
         :raise: ValueError if neither app_name or plugin are set or if setting
                 is not found in plugin
@@ -393,21 +392,34 @@ def get_setting_def(cls, name, plugin=None, app_name=None):
 
         return plugin.app_settings[name]
 
-    # TODO: Refactor to also take app name instead of plugin
     @classmethod
-    def get_setting_defs(cls, plugin, scope, user_modifiable=False):
+    def get_setting_defs(
+        cls, scope, plugin=False, app_name=False, user_modifiable=False
+    ):
         """
         Return app setting definitions of a specific scope from a plugin.
 
+        :param scope: PROJECT, USER or PROJECT_USER
         :param plugin: project app plugin object extending ProjectAppPluginPoint
-        :param scope: PROJECT or USER
+        :param app_name: Name of the app plugin (string)
         :param user_modifiable: Only return modifiable settings if True
                                 (boolean)
         :return: Dict
-        :raise: ValueError if scope is invalid
+        :raise: ValueError if scope is invalid or if if neither app_name or
+                plugin are set
         """
-        cls._check_scope(scope)
+        if not plugin and not app_name:
+            raise ValueError('Plugin and app name both unset')
 
+        if not plugin:
+            plugin = get_app_plugin(app_name)
+
+            if not plugin:
+                raise ValueError(
+                    'Plugin not found with app name "{}"'.format(app_name)
+                )
+
+        cls._check_scope(scope)
         return {
             k: v
             for k, v in plugin.app_settings.items()
diff --git a/projectroles/forms.py b/projectroles/forms.py
index e91e7a4b..8c47df92 100644
--- a/projectroles/forms.py
+++ b/projectroles/forms.py
@@ -116,7 +116,7 @@ def __init__(self, project=None, current_user=None, *args, **kwargs):
 
         for plugin in self.app_plugins:
             p_settings = self.app_settings.get_setting_defs(
-                plugin, APP_SETTING_SCOPE_PROJECT, user_modifiable=True
+                APP_SETTING_SCOPE_PROJECT, plugin=plugin, user_modifiable=True
             )
 
             for s_key, s_val in p_settings.items():
@@ -316,7 +316,7 @@ def clean(self):
         # Verify settings fields
         for plugin in self.app_plugins:
             p_settings = self.app_settings.get_setting_defs(
-                plugin, APP_SETTING_SCOPE_PROJECT, user_modifiable=True
+                APP_SETTING_SCOPE_PROJECT, plugin=plugin, user_modifiable=True
             )
 
             for s_key, s_val in p_settings.items():
@@ -331,7 +331,6 @@ def clean(self):
                         self.cleaned_data[s_field] = '{}'
 
                     try:
-
                         self.cleaned_data[s_field] = json.loads(
                             self.cleaned_data.get(s_field)
                         )
diff --git a/projectroles/tests/test_app_settings_api.py b/projectroles/tests/test_app_settings_api.py
index 479b6db2..534e5576 100644
--- a/projectroles/tests/test_app_settings_api.py
+++ b/projectroles/tests/test_app_settings_api.py
@@ -340,7 +340,6 @@ def test_get_setting_def_invalid(self):
 
     def test_get_setting_defs_project(self):
         """Test get_setting_defs() with the PROJECT scope"""
-        app_plugin = get_app_plugin(EXAMPLE_APP_NAME)
         expected = {
             'project_str_setting': {
                 'scope': APP_SETTING_SCOPE_PROJECT,
@@ -387,13 +386,12 @@ def test_get_setting_defs_project(self):
             },
         }
         defs = app_settings.get_setting_defs(
-            app_plugin, APP_SETTING_SCOPE_PROJECT
+            APP_SETTING_SCOPE_PROJECT, app_name=EXAMPLE_APP_NAME
         )
         self.assertEqual(defs, expected)
 
     def test_get_setting_defs_user(self):
         """Test get_setting_defs() with the USER scope"""
-        app_plugin = get_app_plugin(EXAMPLE_APP_NAME)
         expected = {
             'user_str_setting': {
                 'scope': APP_SETTING_SCOPE_USER,
@@ -439,12 +437,13 @@ def test_get_setting_defs_user(self):
                 'user_modifiable': False,
             },
         }
-        defs = app_settings.get_setting_defs(app_plugin, APP_SETTING_SCOPE_USER)
+        defs = app_settings.get_setting_defs(
+            APP_SETTING_SCOPE_USER, app_name=EXAMPLE_APP_NAME
+        )
         self.assertEqual(defs, expected)
 
     def test_get_setting_defs_project_user(self):
         """Test get_setting_defs() with the PROJECT_USER scope"""
-        app_plugin = get_app_plugin(EXAMPLE_APP_NAME)
         expected = {
             'project_user_string_hidden_setting': {
                 'scope': SODAR_CONSTANTS['APP_SETTING_SCOPE_PROJECT_USER'],
@@ -476,28 +475,29 @@ def test_get_setting_defs_project_user(self):
             },
         }
         defs = app_settings.get_setting_defs(
-            app_plugin, APP_SETTING_SCOPE_PROJECT_USER
+            APP_SETTING_SCOPE_PROJECT_USER, app_name=EXAMPLE_APP_NAME
         )
         self.assertEqual(defs, expected)
 
     def test_get_setting_defs_modifiable(self):
         """Test get_setting_defs() with the user_modifiable arg"""
-        app_plugin = get_app_plugin(EXAMPLE_APP_NAME)
         defs = app_settings.get_setting_defs(
-            app_plugin, APP_SETTING_SCOPE_PROJECT
+            APP_SETTING_SCOPE_PROJECT, app_name=EXAMPLE_APP_NAME
         )
         self.assertEqual(len(defs), 5)
         defs = app_settings.get_setting_defs(
-            app_plugin, APP_SETTING_SCOPE_PROJECT, user_modifiable=True
+            APP_SETTING_SCOPE_PROJECT,
+            app_name=EXAMPLE_APP_NAME,
+            user_modifiable=True,
         )
         self.assertEqual(len(defs), 4)
 
     def test_get_setting_defs_invalid(self):
         """Test get_setting_defs() with an invalid scope"""
-        app_plugin = get_app_plugin(EXAMPLE_APP_NAME)
-
         with self.assertRaises(ValueError):
-            app_settings.get_setting_defs(app_plugin, 'Ri4thai8aez5ooRa')
+            app_settings.get_setting_defs(
+                'Ri4thai8aez5ooRa', app_name=EXAMPLE_APP_NAME
+            )
 
     def test_get_all_defaults_project(self):
         """Test get_all_defaults() with the PROJECT scope"""
diff --git a/projectroles/views.py b/projectroles/views.py
index 815a891b..04de43d2 100644
--- a/projectroles/views.py
+++ b/projectroles/views.py
@@ -794,7 +794,7 @@ def form_valid(self, form):
 
         for plugin in app_plugins:
             p_settings = app_settings.get_setting_defs(
-                plugin, APP_SETTING_SCOPE_PROJECT
+                APP_SETTING_SCOPE_PROJECT, plugin=plugin
             )
 
             for s_key, s_val in p_settings.items():
diff --git a/userprofile/forms.py b/userprofile/forms.py
index 67a71b00..52032d31 100644
--- a/userprofile/forms.py
+++ b/userprofile/forms.py
@@ -34,7 +34,7 @@ def __init__(self, *args, **kwargs):
 
         for plugin in self.app_plugins:
             p_settings = app_settings.get_setting_defs(
-                plugin, APP_SETTING_SCOPE_USER, user_modifiable=True
+                APP_SETTING_SCOPE_USER, plugin=plugin, user_modifiable=True
             )
 
             for s_key, s_val in p_settings.items():
@@ -89,7 +89,7 @@ def clean(self):
 
         for plugin in self.app_plugins:
             p_settings = app_settings.get_setting_defs(
-                plugin, APP_SETTING_SCOPE_USER, user_modifiable=True
+                APP_SETTING_SCOPE_USER, plugin=plugin, user_modifiable=True
             )
 
             for s_key, s_val in p_settings.items():
diff --git a/userprofile/views.py b/userprofile/views.py
index fc73e863..2e84d17f 100644
--- a/userprofile/views.py
+++ b/userprofile/views.py
@@ -39,7 +39,7 @@ def _get_user_settings(self):
         ) + get_active_plugins(plugin_type='site_app')
         for plugin in plugins:
             p_settings = app_settings.get_setting_defs(
-                plugin, APP_SETTING_SCOPE_USER, user_modifiable=True
+                APP_SETTING_SCOPE_USER, plugin=plugin, user_modifiable=True
             )
             for s_key, s_val in p_settings.items():
                 yield {

From d47f702207652c62bdb2708eaa2b26af323ada6a Mon Sep 17 00:00:00 2001
From: "mikko.nieminen" <mikko.nieminen@bihealth.de>
Date: Tue, 1 Oct 2019 17:16:23 +0200
Subject: [PATCH 09/20] add ENABLE_DEBUG_TOOLBAR settings toggle (#349)

---
 CHANGELOG.rst            |  1 +
 config/settings/local.py | 24 +++++++++++++-----------
 2 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 70d4a9a6..c383bbab 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -16,6 +16,7 @@ Added
 - **General**
     - Development env file example ``env.example`` (#297)
     - Postgres database development setup script (#302)
+    - ``ENABLE_DEBUG_TOOLBAR`` setting for local development (#349)
 - **Adminalerts**
     - Activate/suspend button in alert list (#42)
 - **Bgjobs**
diff --git a/config/settings/local.py b/config/settings/local.py
index 38c49789..61801c24 100644
--- a/config/settings/local.py
+++ b/config/settings/local.py
@@ -49,20 +49,22 @@
 
 # django-debug-toolbar
 # ------------------------------------------------------------------------------
-MIDDLEWARE += ['debug_toolbar.middleware.DebugToolbarMiddleware']
-INSTALLED_APPS += ['debug_toolbar']
+ENABLE_DEBUG_TOOLBAR = env.bool('ENABLE_DEBUG_TOOLBAR', default=True)
 
-INTERNAL_IPS = ['127.0.0.1', '10.0.2.2']
+if ENABLE_DEBUG_TOOLBAR:
+    MIDDLEWARE += ['debug_toolbar.middleware.DebugToolbarMiddleware']
+    INSTALLED_APPS += ['debug_toolbar']
+    INTERNAL_IPS = ['127.0.0.1', '10.0.2.2']
 
-# tricks to have debug toolbar when developing with docker
-if os.environ.get('USE_DOCKER') == 'yes':
-    ip = socket.gethostbyname(socket.gethostname())
-    INTERNAL_IPS += [ip[:-1] + '1']
+    # tricks to have debug toolbar when developing with docker
+    if os.environ.get('USE_DOCKER') == 'yes':
+        ip = socket.gethostbyname(socket.gethostname())
+        INTERNAL_IPS += [ip[:-1] + '1']
 
-DEBUG_TOOLBAR_CONFIG = {
-    'DISABLE_PANELS': ['debug_toolbar.panels.redirects.RedirectsPanel'],
-    'SHOW_TEMPLATE_CONTEXT': True,
-}
+    DEBUG_TOOLBAR_CONFIG = {
+        'DISABLE_PANELS': ['debug_toolbar.panels.redirects.RedirectsPanel'],
+        'SHOW_TEMPLATE_CONTEXT': True,
+    }
 
 # django-extensions
 # ------------------------------------------------------------------------------

From 119063c9a43fd883ea0b2a020d4c1103c65878da Mon Sep 17 00:00:00 2001
From: "mikko.nieminen" <mikko.nieminen@bihealth.de>
Date: Tue, 1 Oct 2019 17:42:37 +0200
Subject: [PATCH 10/20] upgrade django to 1.11.25 (#346)

---
 CHANGELOG.rst                    | 2 +-
 docs/source/breaking_changes.rst | 2 +-
 requirements/base.txt            | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index c383bbab..782b0af1 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -51,9 +51,9 @@ Changed
 
 - **General**
     - Upgrade Chromedriver to version 77.0.3865.40
-    - Upgrade minimum Django version to 1.11.24 (#324)
     - Use ``CurrentUserFormMixin`` instead of repeated code (#12)
     - Run tests in parallel where applicable
+    - Upgrade minimum Django version to 1.11.25 (#346)
 - **Projectroles**
     - Improve user name placeholder in ``login.html`` (#294)
     - Backend app Javascript and CSS included on-demand instead of for all templates (#261)
diff --git a/docs/source/breaking_changes.rst b/docs/source/breaking_changes.rst
index af174c71..c9444dd5 100644
--- a/docs/source/breaking_changes.rst
+++ b/docs/source/breaking_changes.rst
@@ -16,7 +16,7 @@ v0.7.0 (TBD)
 System Prerequisites
 --------------------
 
-The minimum version requirement for Django has been bumped to 1.11.24.
+The minimum version requirement for Django has been bumped to 1.11.25.
 
 Backend Javascript Include
 --------------------------
diff --git a/requirements/base.txt b/requirements/base.txt
index f8250211..9d545bfa 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -2,7 +2,7 @@
 wheel==0.32.3
 
 # Conservative Django
-django>=1.11.24,<2.0
+django>=1.11.25,<2.0
 
 # Configuration
 django-environ>=0.4.5, <0.5

From bbadddbbcf1aa8add1e8781603b9ca5b529ce9c4 Mon Sep 17 00:00:00 2001
From: "mikko.nieminen" <mikko.nieminen@bihealth.de>
Date: Wed, 2 Oct 2019 16:29:50 +0200
Subject: [PATCH 11/20] add missing appsetting migration

---
 .../migrations/0013_update_appsetting_type.py | 20 +++++++++++++++++++
 projectroles/models.py                        |  1 -
 2 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 projectroles/migrations/0013_update_appsetting_type.py

diff --git a/projectroles/migrations/0013_update_appsetting_type.py b/projectroles/migrations/0013_update_appsetting_type.py
new file mode 100644
index 00000000..775f158d
--- /dev/null
+++ b/projectroles/migrations/0013_update_appsetting_type.py
@@ -0,0 +1,20 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11.25 on 2019-10-02 14:29
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('projectroles', '0012_update_remotesite'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='appsetting',
+            name='type',
+            field=models.CharField(help_text='Type of the setting', max_length=64),
+        ),
+    ]
diff --git a/projectroles/models.py b/projectroles/models.py
index 7ae4870b..094cec42 100644
--- a/projectroles/models.py
+++ b/projectroles/models.py
@@ -540,7 +540,6 @@ class AppSetting(models.Model):
     type = models.CharField(
         max_length=64,
         unique=False,
-        choices=APP_SETTING_TYPE_CHOICES,
         help_text='Type of the setting',
     )
 

From d4fbd5f3039b750ea8415bc9764c77b1c172e772 Mon Sep 17 00:00:00 2001
From: "mikko.nieminen" <mikko.nieminen@bihealth.de>
Date: Tue, 8 Oct 2019 15:56:47 +0200
Subject: [PATCH 12/20] add remote project access revoking (#327), add revoked
 project accesss management (#350), fix timeline event creation in remote
 project sync (#370), refactoring and cleanup

---
 CHANGELOG.rst                                 |   8 +
 config/settings/local_target.py               |   4 -
 config/settings/local_target2.py              |  33 +++
 docs/source/app_projectroles_usage.rst        |  19 +-
 projectroles/constants.py                     |   2 +
 projectroles/models.py                        |  20 +-
 projectroles/remote_projects.py               | 159 ++++++++---
 .../projectroles/_project_header.html         |  12 +-
 .../projectroles/_role_list_buttons.html      |   4 +-
 .../projectroles/project_detail.html          |   6 +-
 .../templates/projectroles/project_roles.html | 267 +++++++++---------
 .../templatetags/projectroles_common_tags.py  |  10 +-
 .../templatetags/projectroles_tags.py         |  21 +-
 projectroles/tests/test_models.py             |  14 +
 projectroles/tests/test_permissions.py        |  79 +++++-
 .../tests/test_remote_projects_api.py         | 189 ++++++++++++-
 projectroles/tests/test_ui.py                 |  84 +++---
 projectroles/views.py                         |  23 +-
 18 files changed, 672 insertions(+), 282 deletions(-)
 create mode 100644 config/settings/local_target2.py

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 782b0af1..6597afac 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -17,6 +17,7 @@ Added
     - Development env file example ``env.example`` (#297)
     - Postgres database development setup script (#302)
     - ``ENABLE_DEBUG_TOOLBAR`` setting for local development (#349)
+    - ``local_target2.py`` config for peer remote site development (#200)
 - **Adminalerts**
     - Activate/suspend button in alert list (#42)
 - **Bgjobs**
@@ -41,6 +42,9 @@ Added
     - ``get_setting_def()`` in app settings API
     - Timeline logging of app settings in project creation (#359)
     - "Project and user" scope for app settings (#266)
+    - ``REVOKED`` status for remote projects with revoked access (#327)
+    - ``Project.is_revoked()`` helper (#327)
+    - Disabling access for non-owner/delegate for revoked projects in ``ProjectPermissionMixin`` (#350)
 - **Timeline**
     - Display event extra data as JSON (#6)
 - **Userprofile**
@@ -62,6 +66,7 @@ Changed
     - Refactor remote project display on details page (#196)
     - Refactor AppSettingAPI (#268)
     - Enable calling ``AppSettingAPI.get_setting_defs()`` with app name instead of plugin object
+    - Use ``ProjectPermissionMixin`` on project detail page (#350)
 - **Timeline**
     - Use common pagination template (#336)
 
@@ -75,6 +80,9 @@ Fixed
     - Crash in ``get_project_column_count()`` with no active project app plugins (#320)
     - UI test helper ``build_selenium_url()`` refactored to work with Chrome v77 (#337)
     - Disallow empty values in ``RemoteSite.name``
+    - Remote sync of parent category roles could fail with multiple subprojects
+    - ``RemoteProject`` modifications not saved during sync update
+    - Timeline events not created in remote project sync (#370)
 - **Timeline**
     - Crash from exception raised by ``get_object_link()`` in a plugin (#328)
 
diff --git a/config/settings/local_target.py b/config/settings/local_target.py
index e4cd4a90..ecf40555 100644
--- a/config/settings/local_target.py
+++ b/config/settings/local_target.py
@@ -2,9 +2,6 @@
 
 from .local import *  # noqa
 
-import socket
-import os
-
 
 # DATABASE CONFIGURATION
 # ------------------------------------------------------------------------------
@@ -12,7 +9,6 @@
 # Uses django-environ to accept uri format
 # See: https://django-environ.readthedocs.io/en/latest/#supported-types
 DATABASES['default']['NAME'] = 'sodar_core_target'
-DATABASES['default']['ATOMIC_REQUESTS'] = False
 
 
 # General site settings
diff --git a/config/settings/local_target2.py b/config/settings/local_target2.py
new file mode 100644
index 00000000..118722a5
--- /dev/null
+++ b/config/settings/local_target2.py
@@ -0,0 +1,33 @@
+"""Configuration for a second remote TARGET site for testing PEER features"""
+
+from .local import *  # noqa
+
+
+# DATABASE CONFIGURATION
+# ------------------------------------------------------------------------------
+# See: https://docs.djangoproject.com/en/1.11/ref/settings/#databases
+# Uses django-environ to accept uri format
+# See: https://django-environ.readthedocs.io/en/latest/#supported-types
+DATABASES['default']['NAME'] = 'sodar_core_target2'
+
+
+# General site settings
+# ------------------------------------------------------------------------------
+
+SITE_TITLE = 'SODAR Core Target Dev Site 2'
+SITE_SUBTITLE = env.str('SITE_SUBTITLE', 'Beta')
+SITE_INSTANCE_TITLE = env.str(
+    'SITE_INSTANCE_TITLE', 'SODAR Core Target 2 Example'
+)
+
+
+# Local App Settings
+# ------------------------------------------------------------------------------
+
+PROJECTROLES_SITE_MODE = 'TARGET'
+
+# Username of default admin for when regular users cannot be assigned to a task
+PROJECTROLES_DEFAULT_ADMIN = 'admin_target2'
+
+# Allowing local users by default when developing target site locally
+PROJECTROLES_ALLOW_LOCAL_USERS = True
diff --git a/docs/source/app_projectroles_usage.rst b/docs/source/app_projectroles_usage.rst
index 63ef4797..3051699b 100644
--- a/docs/source/app_projectroles_usage.rst
+++ b/docs/source/app_projectroles_usage.rst
@@ -224,6 +224,13 @@ Core based Django sites. Remote sites and access can be managed in the
 **Remote Site Access** site app, found in the user dropdown menu in the top
 navigation bar.
 
+Alternatively, remote sites can be created using the following management
+command:
+
+.. code-block:: console
+
+    $ ./manage.py addremotesite
+
 In the current implementation, your django site must either be in **source** or
 **target** mode. A source site can define one or multiple target sites where
 project data can be provided. A target site can define exactly one source site,
@@ -259,11 +266,14 @@ commonly used for internal test sites which only needs to be used by admins.
 
 Once created, you can access the list of projects on your site in regards to the
 created target site. For each project, you may select an access level, of which
-two are currently implemented:
+three are currently implemented:
 
 - **No access**: No access on the remote site (default)
 - **Read roles**: This allows for the target site to read project metadata *and*
   user roles in order to synchronize project access remotely.
+- **Revoked access**: Previously available access which has been revoked. The
+  project will still remain in the target site, but only superusers, the project
+  owner or the project delegate(s) can acesss it.
 
 .. note::
 
@@ -296,13 +306,6 @@ As Target Site
 The source site should be set up as above using the *Set Source Site* link,
 using the provided secret string as the access token.
 
-Alternatively to creating the site in the UI, the following management command can be used
-with additional arguments to create a remote site:
-
-.. code-block:: console
-
-    $ ./manage.py addremotesite
-
 After creating the source site, remote project metadata and member roles (for
 which access has been granted) can be accessed using the *Synchronize* link.
 Additionaly if the remote Source site is synchronized with multiple Target Sites,
diff --git a/projectroles/constants.py b/projectroles/constants.py
index 7e5fad0d..70b440fc 100644
--- a/projectroles/constants.py
+++ b/projectroles/constants.py
@@ -25,6 +25,7 @@
     'SITE_MODE_PEER': 'PEER',
     # RemoteProject access types
     'REMOTE_LEVEL_NONE': 'NONE',
+    'REMOTE_LEVEL_REVOKED': 'REVOKED',
     'REMOTE_LEVEL_VIEW_AVAIL': 'VIEW_AVAIL',
     'REMOTE_LEVEL_READ_INFO': 'READ_INFO',
     'REMOTE_LEVEL_READ_ROLES': 'READ_ROLES',
@@ -33,6 +34,7 @@
     # RemoteProject access type legend
     'REMOTE_ACCESS_LEVELS': {
         'NONE': 'No access',
+        'REVOKED': 'Revoked access',
         'VIEW_AVAIL': 'View availability',
         'READ_INFO': 'Read information',
         'READ_ROLES': 'Read members',
diff --git a/projectroles/models.py b/projectroles/models.py
index 094cec42..8ce2bd90 100644
--- a/projectroles/models.py
+++ b/projectroles/models.py
@@ -297,6 +297,22 @@ def is_remote(self):
 
         return False
 
+    def is_revoked(self):
+        """Return True if remote access has been revoked for the project"""
+        if self.is_remote():
+            remote_project = RemoteProject.objects.filter(
+                project=self, site=self.get_source_site()
+            ).first()
+
+            if (
+                remote_project
+                and remote_project.level
+                == SODAR_CONSTANTS['REMOTE_LEVEL_REVOKED']
+            ):
+                return True
+
+        return False
+
 
 # Role -------------------------------------------------------------------------
 
@@ -538,9 +554,7 @@ class AppSetting(models.Model):
 
     #: Type of the setting
     type = models.CharField(
-        max_length=64,
-        unique=False,
-        help_text='Type of the setting',
+        max_length=64, unique=False, help_text='Type of the setting'
     )
 
     #: Value of the setting
diff --git a/projectroles/remote_projects.py b/projectroles/remote_projects.py
index ef2cd7e6..fd27969e 100644
--- a/projectroles/remote_projects.py
+++ b/projectroles/remote_projects.py
@@ -39,6 +39,7 @@
 SITE_MODE_PEER = SODAR_CONSTANTS['SITE_MODE_PEER']
 
 REMOTE_LEVEL_NONE = SODAR_CONSTANTS['REMOTE_LEVEL_NONE']
+REMOTE_LEVEL_REVOKED = SODAR_CONSTANTS['REMOTE_LEVEL_REVOKED']
 REMOTE_LEVEL_VIEW_AVAIL = SODAR_CONSTANTS['REMOTE_LEVEL_VIEW_AVAIL']
 REMOTE_LEVEL_READ_INFO = SODAR_CONSTANTS['REMOTE_LEVEL_READ_INFO']
 REMOTE_LEVEL_READ_ROLES = SODAR_CONSTANTS['REMOTE_LEVEL_READ_ROLES']
@@ -47,23 +48,24 @@
 class RemoteProjectAPI:
     """Remote project data handling API"""
 
-    #: Remote data retrieved from source site
-    remote_data = None
+    def __init__(self):
+        #: Remote data retrieved from source site
+        self.remote_data = None
 
-    #: Remote source site currently being worked with
-    source_site = None
+        #: Remote source site currently being worked with
+        self.source_site = None
 
-    #: Timeline API
-    timeline = get_backend_api('timeline_backend')
+        #: Timeline API
+        self.timeline = get_backend_api('timeline_backend')
 
-    #: User for storing timeline events
-    tl_user = None
+        #: User for storing timeline events
+        self.tl_user = None
 
-    #: Default owner for projects
-    default_owner = None
+        #: Default owner for projects
+        self.default_owner = None
 
-    #: Updated parent projects in current sync operation
-    updated_parents = []
+        #: Updated parent projects in current sync operation
+        self.updated_parents = []
 
     # Internal functions -------------------------------------------------------
 
@@ -72,6 +74,7 @@ def _update_obj(obj, data, fields):
         """Update object"""
         for f in [f for f in fields if hasattr(obj, f)]:
             setattr(obj, f, data[f])
+
         obj.save()
         return obj
 
@@ -192,7 +195,7 @@ def _update_project(self, project, p_data, parent):
 
             self.remote_data['projects'][uuid]['status'] = 'updated'
 
-            if self.tl_user:  # Taskflow
+            if self.tl_user:  # Timeline
                 tl_desc = (
                     'update project from remote site '
                     '"{{{}}}" ({})'.format('site', ', '.join(updated_fields))
@@ -250,7 +253,7 @@ def _create_project(self, uuid, p_data, parent):
 
         self.remote_data['projects'][uuid]['status'] = 'created'
 
-        if self.tl_user:  # Taskflow
+        if self.tl_user:  # Timeline
             tl_event = self.timeline.add_event(
                 project=project,
                 app_name=APP_NAME,
@@ -281,9 +284,11 @@ def _update_peer_site(self, uuid, site_data):
         site = RemoteSite.objects.filter(sodar_uuid=uuid).first()
 
         updated_fields = []
+
         for k, v in site_data.items():
             if hasattr(site, k) and str(getattr(site, k)) != str(v):
                 updated_fields.append(k)
+
         if updated_fields:
             site = self._update_obj(site, site_data, updated_fields)
             logger.info(
@@ -293,7 +298,7 @@ def _update_peer_site(self, uuid, site_data):
             )
 
         else:
-            logger.debug('Nothing to update')
+            logger.debug('Nothing to update for peer site "{}"'.format(uuid))
 
     def _update_roles(self, project, p_data):
         """Create or update project roles"""
@@ -469,8 +474,9 @@ def _update_roles(self, project, p_data):
                 ]['status'] = 'created'
 
                 if self.tl_user:  # Taskflow
-                    tl_desc = 'add role "{}" for {{{}}} from site {{{}}}'.format(
-                        role.name, 'user', 'site'
+                    tl_desc = (
+                        'add role "{}" for {{{}}} '
+                        'from site {{{}}}'.format(role.name, 'user', 'site')
                     )
                     tl_event = self.timeline.add_event(
                         project=project,
@@ -519,7 +525,7 @@ def _remove_deleted_roles(self, project, p_data):
                     'status': 'deleted',
                 }
 
-                if self.tl_user:  # Taskflow
+                if self.tl_user:  # Timeline
                     tl_desc = (
                         'remove role "{}" from {{{}}} by site '
                         '{{{}}}'.format(del_role.name, 'user', 'site')
@@ -599,6 +605,7 @@ def _sync_project(self, uuid, p_data):
             remote_project.level = p_data['level']
             remote_project.project = project
             remote_project.date_access = timezone.now()
+            remote_project.save()
             remote_action = 'updated'
 
         except RemoteProject.DoesNotExist:
@@ -618,18 +625,23 @@ def _sync_project(self, uuid, p_data):
         )
 
         # Skip the rest if not updating roles
-        if 'level' in p_data and p_data['level'] != REMOTE_LEVEL_READ_ROLES:
+        if 'level' in p_data and p_data['level'] not in [
+            REMOTE_LEVEL_READ_ROLES,
+            REMOTE_LEVEL_REVOKED,
+        ]:
             return
 
         # Create/update roles
         # NOTE: Only update AD/LDAP user roles and local owner roles
-        self._update_roles(project, p_data)
+        if p_data['level'] == REMOTE_LEVEL_READ_ROLES:
+            self._update_roles(project, p_data)
 
-        # Remove deleted user roles
+        # Remove deleted user roles (also for REVOKED projects)
         self._remove_deleted_roles(project, p_data)
 
-    def _sync_peer_project(self, uuid, p_data):
-        """Creates RemoteProject objects to represent local project on different peer sites"""
+    def _sync_peer_projects(self, uuid, p_data):
+        """Create RemoteProject objects to represent local project on different
+        peer sites"""
 
         if p_data.get('remote_sites', None):
             for remote_site_uuid in p_data['remote_sites']:
@@ -656,16 +668,18 @@ def _sync_peer_project(self, uuid, p_data):
                         project_uuid=uuid,
                         project=Project.objects.filter(sodar_uuid=uuid).first(),
                         level=p_data['level'],
-                        date_access=timezone.now(),  # This might not be needed for Peer Projects
+                        date_access=timezone.now(),  # This might not be needed
                     )
                     remote_action = 'created'
+
             logger.debug(
-                '{} PeerProject {} for the following peer sites: {}'.format(
+                '{} Peer project {} for the following peer sites: {}'.format(
                     remote_action.capitalize(),
                     remote_project.sodar_uuid,
                     ', '.join(p_data['remote_sites']),
                 )
             )
+
         else:
             logger.debug(
                 '{} is not a peer project (no remote site field)'.format(
@@ -673,6 +687,45 @@ def _sync_peer_project(self, uuid, p_data):
                 )
             )
 
+    def _remove_revoked_peers(self, uuid, p_data):
+        """Remove RemoteProject objects for revoked peer projects"""
+        removed_sites = []
+
+        if p_data.get('remote_sites', None):
+            local_peers = RemoteProject.objects.filter(
+                project_uuid=uuid, site__mode=SITE_MODE_PEER
+            )
+
+            # DEBUG
+            if p_data['level'] == REMOTE_LEVEL_REVOKED:
+                print('DEBUG: local_peers={}'.format(local_peers))
+                print('DEBUG: remote_sites={}'.format(p_data['remote_sites']))
+
+            if not local_peers:
+                return
+
+            for rp in local_peers:
+                if str(rp.site.sodar_uuid) not in p_data['remote_sites']:
+                    removed_sites.append(rp.site.name)
+                    rp.delete()
+
+        else:  # If an empty list, remove all
+            removed_sites += [
+                rp.site.name
+                for rp in RemoteProject.objects.filter(
+                    project_uuid=uuid, site__mode=SITE_MODE_PEER
+                )
+            ]
+            RemoteProject.objects.filter(
+                project_uuid=uuid, site__mode=SITE_MODE_PEER
+            ).delete()
+
+        logger.debug(
+            'Removed peer project(s) for the following sites: {}'.format(
+                ', '.join(removed_sites)
+            )
+        )
+
     # API functions ------------------------------------------------------------
 
     def get_target_data(self, target_site):
@@ -701,7 +754,13 @@ def _add_parent_categories(category, project_level):
             if category.parent:
                 _add_parent_categories(category.parent, project_level)
 
-            if str(category.sodar_uuid) not in sync_data['projects'].keys():
+            # Add if not added yet OR if a READ_ROLES project is encountered
+            if (
+                str(category.sodar_uuid) not in sync_data['projects'].keys()
+                or sync_data['projects'][str(category.sodar_uuid)]['level']
+                != REMOTE_LEVEL_READ_ROLES
+                and sync_data[project_level] == REMOTE_LEVEL_READ_ROLES
+            ):
                 cat_data = {
                     'title': category.title,
                     'type': PROJECT_TYPE_CATEGORY,
@@ -730,7 +789,6 @@ def _add_parent_categories(category, project_level):
         def _add_peer_site(site):
             # Do not add sites twice
             if not sync_data['peer_sites'].get(str(site.sodar_uuid), None):
-
                 sync_data['peer_sites'][str(site.sodar_uuid)] = {
                     'name': site.name,
                     'url': site.url,
@@ -741,8 +799,9 @@ def _add_peer_site(site):
         for rp in target_site.projects.all():
             project = rp.get_project()
 
-            # All RemoteSites which also host this project with a sufficient access level
-            other_remote_sites = [
+            # All RemoteSites which also host this project with a sufficient
+            # access level
+            remote_sites = [
                 relation.site
                 for relation in RemoteProject.objects.filter(
                     project_uuid=project.sodar_uuid
@@ -753,16 +812,14 @@ def _add_peer_site(site):
             ]
 
             # RemoteSite data to create objects on target site
-            for site in other_remote_sites:
+            for site in remote_sites:
                 _add_peer_site(site)
 
             project_data = {
                 'level': rp.level,
                 'title': project.title,
                 'type': PROJECT_TYPE_PROJECT,
-                'remote_sites': [
-                    str(site.sodar_uuid) for site in other_remote_sites
-                ],
+                'remote_sites': [str(site.sodar_uuid) for site in remote_sites],
             }
 
             # View available projects
@@ -773,6 +830,7 @@ def _add_peer_site(site):
             elif project and rp.level in [
                 REMOTE_LEVEL_READ_INFO,
                 REMOTE_LEVEL_READ_ROLES,
+                REMOTE_LEVEL_REVOKED,
             ]:
                 project_data['description'] = project.description
                 project_data['readme'] = project.readme.raw
@@ -782,16 +840,22 @@ def _add_peer_site(site):
                     _add_parent_categories(project.parent, rp.level)
                     project_data['parent_uuid'] = str(project.parent.sodar_uuid)
 
-            # If level is READ_ROLES, add categories and roles
-            if rp.level in REMOTE_LEVEL_READ_ROLES:
+            # If level is READ_ROLES or REVOKED, add roles
+            if rp.level in [REMOTE_LEVEL_READ_ROLES, REMOTE_LEVEL_REVOKED]:
                 project_data['roles'] = {}
 
                 for role_as in project.roles.all():
-                    project_data['roles'][str(role_as.sodar_uuid)] = {
-                        'user': role_as.user.username,
-                        'role': role_as.role.name,
-                    }
-                    _add_user(role_as.user)
+                    # If REVOKED, only sync owner and delegate
+                    if (
+                        rp.level == REMOTE_LEVEL_READ_ROLES
+                        or role_as.role.name
+                        in ['project owner', 'project delegate']
+                    ):
+                        project_data['roles'][str(role_as.sodar_uuid)] = {
+                            'user': role_as.user.username,
+                            'role': role_as.role.name,
+                        }
+                        _add_user(role_as.user)
 
             sync_data['projects'][str(rp.project_uuid)] = project_data
 
@@ -837,15 +901,18 @@ def sync_source_data(self, site, remote_data, request=None):
             k: v
             for k, v in self.remote_data['projects'].items()
             if v['type'] == PROJECT_TYPE_PROJECT
-            and v['level'] == REMOTE_LEVEL_READ_ROLES
+            and v['level'] in [REMOTE_LEVEL_READ_ROLES, REMOTE_LEVEL_REVOKED]
         }.values():
-            logger.info('No READ_ROLES access set, nothing to synchronize')
+            logger.info(
+                'No READ_ROLES or REVOKED access set, nothing to synchronize'
+            )
             return self.remote_data
 
         ##############
         # Peer Sites
         ##############
         logger.info('Synchronizing Peer Sites...')
+
         if self.remote_data.get('peer_sites', None):
             for remote_site_uuid, site_data in self.remote_data[
                 'peer_sites'
@@ -854,12 +921,15 @@ def sync_source_data(self, site, remote_data, request=None):
                 remote_site = RemoteSite.objects.filter(
                     sodar_uuid=remote_site_uuid
                 ).first()
+
                 if remote_site:
                     self._update_peer_site(remote_site_uuid, site_data)
+
                 else:
                     self._create_peer_site(remote_site_uuid, site_data)
 
             logger.info('Peer Site Sync OK')
+
         else:
             logger.info('No new Peer Sites to sync')
 
@@ -889,10 +959,11 @@ def sync_source_data(self, site, remote_data, request=None):
             k: v
             for k, v in self.remote_data['projects'].items()
             if v['type'] == PROJECT_TYPE_PROJECT
-            and v['level'] == REMOTE_LEVEL_READ_ROLES
+            and v['level'] in [REMOTE_LEVEL_READ_ROLES, REMOTE_LEVEL_REVOKED]
         }.items():
             self._sync_project(sodar_uuid, p_data)
-            self._sync_peer_project(sodar_uuid, p_data)
+            self._sync_peer_projects(sodar_uuid, p_data)
+            self._remove_revoked_peers(sodar_uuid, p_data)
 
         logger.info('Synchronization OK')
         return self.remote_data
diff --git a/projectroles/templates/projectroles/_project_header.html b/projectroles/templates/projectroles/_project_header.html
index 4d8f4145..25a293d9 100644
--- a/projectroles/templates/projectroles/_project_header.html
+++ b/projectroles/templates/projectroles/_project_header.html
@@ -47,11 +47,19 @@ <h2 class="sodar-pr-content-title">{{ project.title }}</h2>
   </div>
   {% if project.is_remote and request.user.is_superuser %}
     <div class="ml-auto">
-      <i class="fa fa-globe text-info fa-2x sodar-pr-remote-project-icon"
-         title="Remote {% get_display_name 'PROJECT' %} from {{ project.get_source_site.name }}"
+      <i class="fa fa-globe fa-2x sodar-pr-remote-project-icon {% if project.is_revoked %}text-danger{% else %}text-info{% endif %}"
+         title="{% if project.is_revoked %}REVOKED remote{% else %}Remote{% endif %} {% get_display_name 'PROJECT' %} from {{ project.get_source_site.name }}"
          data-toggle="tooltip" data-placement="left">
       </i>
     </div>
   {% endif %}
 
 </div>
+
+{% if project.is_revoked %}
+  <div class="alert alert-danger mt-3" id="sodar-pr-alert-remote-revoked">
+    <strong>Access revoked:</strong> The source site has revoked access to this
+    remotely synchronized project. Only a superuser, an owner or a delegate can
+    currently access the project.
+  </div>
+{% endif %}
diff --git a/projectroles/templates/projectroles/_role_list_buttons.html b/projectroles/templates/projectroles/_role_list_buttons.html
index c2b3f953..1a26372a 100644
--- a/projectroles/templates/projectroles/_role_list_buttons.html
+++ b/projectroles/templates/projectroles/_role_list_buttons.html
@@ -1,5 +1,7 @@
 <div class="btn-group ml-auto" id="sodar-pr-btn-role-list">
-  <button class="btn btn-primary dropdown-toggle" id="sodar-pr-btn-perm" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+  <button class="btn btn-primary dropdown-toggle" id="sodar-pr-btn-role-op" type="button"
+          data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"
+          {% if project.is_remote %}disabled="disabled"{% endif %}>
     Member Operations
   </button>
   <div class="dropdown-menu dropdown-menu-right">
diff --git a/projectroles/templates/projectroles/project_detail.html b/projectroles/templates/projectroles/project_detail.html
index 1250935f..9b5a297d 100644
--- a/projectroles/templates/projectroles/project_detail.html
+++ b/projectroles/templates/projectroles/project_detail.html
@@ -46,7 +46,7 @@ <h4><i class="fa fa-globe"></i> {% get_display_name object.type title=True %} on
             <h4><i class="fa fa-globe"></i> {% get_display_name object.type title=True %} on Other Sites</h4>
           </div>
           <div class="card-body pb-2 mr-2">
-            <a class="btn btn-info mb-1"
+            <a class="btn btn-info mb-1 sodar-pr-link-remote sodar-pr-link-remote-master"
                 href="{{ object.get_source_site.get_url }}{% url 'projectroles:detail' project=object.sodar_uuid %}"
                 role="button"
                 title="{% if object.get_source_site.description %}{{ object.get_source_site.description }}{% endif %}"
@@ -56,13 +56,13 @@ <h4><i class="fa fa-globe"></i> {% get_display_name object.type title=True %} on
             </a>
             {% get_visible_projects peer_projects can_view_hidden_projects as visible_peer_projects %}
             {% for peer_p in visible_peer_projects %}
-              <a class="btn btn-info mb-1"
+              <a class="btn btn-info mb-1 sodar-pr-link-remote sodar-pr-link-remote-peer"
                   href="{{ peer_p.site.get_url }}{% url 'projectroles:detail' project=peer_p.sodar_uuid %}"
                   role="button"
                   title="{% if peer_p.site.description %}{{ peer_p.site.description }}{% endif %}"
                   data-toggle="tooltip"
                   target="_blank">
-                <i class="fa fa-globe"></i> {{ peer_p.site.name }} (Peer Project)
+                <i class="fa fa-globe"></i> {{ peer_p.site.name }}
               </a>
             {% endfor %}
           </div>
diff --git a/projectroles/templates/projectroles/project_roles.html b/projectroles/templates/projectroles/project_roles.html
index 4e1043d2..f2598ff2 100644
--- a/projectroles/templates/projectroles/project_roles.html
+++ b/projectroles/templates/projectroles/project_roles.html
@@ -5,157 +5,150 @@
 {% block title %}Members of {{ project.title }}{% endblock title %}
 
 {% block css %}
-    {{ block.super }}
-    <style type="text/css">
-        table#sodar-pr-role-list-table tbody td:nth-child(5) {
-            width: 3em;
-        }
-
-        /* Responsive modifications */
-        @media screen and (max-width: 800px) {
-            .table#sodar-pr-role-list-table thead tr th:nth-child(3),
-            .table#sodar-pr-role-list-table tbody tr td:nth-child(3) {
-                display: none;
-            }
-        }
-
-        @media screen and (max-width: 550px) {
-            .table#sodar-pr-role-list-table thead tr th:nth-child(1),
-            .table#sodar-pr-role-list-table tbody tr td:nth-child(1) {
-                display: none;
-            }
-        }
-    </style>
+
+{{ block.super }}
+<style type="text/css">
+  table#sodar-pr-role-list-table tbody td:nth-child(5) {
+    width: 3em;
+  }
+
+  /* Responsive modifications */
+  @media screen and (max-width: 800px) {
+    .table#sodar-pr-role-list-table thead tr th:nth-child(3),
+    .table#sodar-pr-role-list-table tbody tr td:nth-child(3) {
+        display: none;
+    }
+  }
+
+  @media screen and (max-width: 550px) {
+      .table#sodar-pr-role-list-table thead tr th:nth-child(1),
+      .table#sodar-pr-role-list-table tbody tr td:nth-child(1) {
+          display: none;
+      }
+  }
+</style>
+
 {% endblock css %}
 
 {% block projectroles_extend %}
 
-    {% has_perm 'projectroles.update_project_owner' request.user project as can_update_owner %}
-    {% has_perm 'projectroles.update_project_members' request.user project as can_update_members %}
-    {% has_perm 'projectroles.update_project_delegate' request.user project as can_update_delegate %}
-    {% has_perm 'projectroles.invite_users' request.user project as can_invite %}
-
-    <div class="row sodar-subtitle-container bg-white sticky-top">
-      <h3>
-        <i class="fa fa-users"></i> {% get_display_name project.type title=True %} Members
-      </h3>
-      {% if project.is_remote %}
-        <div class="btn-group ml-auto" id="sodar-pr-btn-role-list">
-          <button class="btn btn-secondary" id="sodar-pr-btn-remote" type="button" disabled="True" title="This is a remote project.
-          You can only update or invite members on the source site of this project." data-toggle="tooltip">
-          Member Operations
-          </button>
-        </div>
-      {% else %}
-        {% if can_update_members or can_invite %}
-          {% include 'projectroles/_role_list_buttons.html' with project=project can_update_members=can_update_members can_invite=can_invite %}
-        {% else %}
-        <div class="btn-group ml-auto" id="sodar-pr-btn-role-list">
-          <button class="btn btn-secondary" id="sodar-pr-btn-no-perm" type="button" disabled="True" title="You have no permission to update or invite members" data-toggle="tooltip">
-          Member Operations
-          </button>
-        </div>
-        {% endif %}
-      {% endif %}
-    </div>
+{% has_perm 'projectroles.update_project_owner' request.user project as can_update_owner %}
+{% has_perm 'projectroles.update_project_members' request.user project as can_update_members %}
+{% has_perm 'projectroles.update_project_delegate' request.user project as can_update_delegate %}
+{% has_perm 'projectroles.invite_users' request.user project as can_invite %}
 
-    <div class="container-fluid sodar-page-container">
-        <div class="card" id="sodar-pr-role-list">
-            <div class="card-body p-0">
-                <table class="table table-striped sodar-card-table" id="sodar-pr-role-list-table">
-                    <thead>
-                    <tr>
-                        <th>User</th>
-                        <th>Name</th>
-                        <th>Email</th>
-                        <th>Role</th>
-                        <th></th>
-                    </tr>
-                    </thead>
-                    <tbody>
-                    <tr>
-                        <td>{{ owner.user.username }}</td>
-                        <td>{{ owner.user.name }}</td>
-                        <td><a href="mailto:{{ owner.user.email }}">{{ owner.user.email }}</a></td>
-                        <td><strong>project owner <i class="fa fa-star" aria-hidden="true"></i></strong></td>
-                        <td>
-                            {% if not project.is_remote and can_update_owner %}
-                                {% include 'projectroles/_project_roles_owner_dropdown.html' with user=owner.user assignment_id=owner.sodar_uuid %}
-                            {% endif %}
-                        </td>
-                    </tr>
-                    {% for delegate in delegates %}
-                        <tr>
-                            <td>{{ delegate.user.username }}</td>
-                            <td>{{ delegate.user.name }}</td>
-                            <td><a href="mailto:{{ delegate.user.email }}">{{ delegate.user.email }}</a></td>
-                            <td><strong>project delegate <i class="fa fa-star-half-o" aria-hidden="true"></i></strong>
-                            </td>
-                            <td>
-                                {% if not project.is_remote and can_update_delegate %}
-                                    {% include 'projectroles/_project_roles_buttons.html' with user=delegate.user assignment_id=delegate.sodar_uuid %}
-                                {% endif %}
-                            </td>
-                        </tr>
-                    {% endfor %}
-                    {% for member in members %}
-                        <tr>
-                            <td>{{ member.user.username }}</td>
-                            <td>{{ member.user.name }}</td>
-                            <td><a href="mailto:{{ member.user.email }}">{{ member.user.email }}</a></td>
-                            <td>{{ member.role.name }}</td>
-                            <td>
-                                {% if not project.is_remote and can_update_members %}
-                                    {% include 'projectroles/_project_roles_buttons.html' with user=member.user assignment_id=member.sodar_uuid %}
-                                {% endif %}
-                            </td>
-                        </tr>
-                    {% endfor %}
-                    </tbody>
-                </table>
-            </div>
-        </div>
+<div class="row sodar-subtitle-container bg-white sticky-top">
+  <h3><i class="fa fa-users"></i> {% get_display_name project.type title=True %} Members</h3>
+  {% if can_update_members or can_invite %}
+    {% include 'projectroles/_role_list_buttons.html' with project=project can_update_members=can_update_members can_invite=can_invite %}
+  {% endif %}
+</div>
+
+<div class="container-fluid sodar-page-container">
+  {% if project.is_remote %}
+    {% if can_update_members or can_invite %}
+      <div class="alert alert-info">
+        This is a remote project. You can only update or invite members on the
+        source site of this project.
+      </div>
+    {% endif %}
+  {% endif %}
+
+  <div class="card" id="sodar-pr-role-list">
+    <div class="card-body p-0">
+      <table class="table table-striped sodar-card-table" id="sodar-pr-role-list-table">
+        <thead>
+          <tr>
+            <th>User</th>
+            <th>Name</th>
+            <th>Email</th>
+            <th>Role</th>
+            <th></th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <td>{{ owner.user.username }}</td>
+            <td>{{ owner.user.name }}</td>
+            <td><a href="mailto:{{ owner.user.email }}">{{ owner.user.email }}</a></td>
+            <td><strong>project owner <i class="fa fa-star" aria-hidden="true"></i></strong></td>
+            <td>
+              {% if not project.is_remote and can_update_owner %}
+                {% include 'projectroles/_project_roles_owner_dropdown.html' with user=owner.user assignment_id=owner.sodar_uuid %}
+              {% endif %}
+            </td>
+          </tr>
+          {% for delegate in delegates %}
+            <tr>
+              <td>{{ delegate.user.username }}</td>
+              <td>{{ delegate.user.name }}</td>
+              <td><a href="mailto:{{ delegate.user.email }}">{{ delegate.user.email }}</a></td>
+              <td><strong>project delegate <i class="fa fa-star-half-o" aria-hidden="true"></i></strong></td>
+              <td>
+                {% if not project.is_remote and can_update_delegate %}
+                  {% include 'projectroles/_project_roles_buttons.html' with user=delegate.user assignment_id=delegate.sodar_uuid %}
+                {% endif %}
+              </td>
+            </tr>
+          {% endfor %}
+          {% for member in members %}
+            <tr>
+              <td>{{ member.user.username }}</td>
+              <td>{{ member.user.name }}</td>
+              <td><a href="mailto:{{ member.user.email }}">{{ member.user.email }}</a></td>
+              <td>{{ member.role.name }}</td>
+              <td>
+                {% if not project.is_remote and can_update_members %}
+                  {% include 'projectroles/_project_roles_buttons.html' with user=member.user assignment_id=member.sodar_uuid %}
+                {% endif %}
+              </td>
+            </tr>
+          {% endfor %}
+        </tbody>
+      </table>
     </div>
+  </div>
+</div>
 
 {% endblock projectroles_extend %}
 
 {% block javascript %}
-    {{ block.super }}
+  {{ block.super }}
+
+  {# Tour content #}
+  <script type="text/javascript">
+    tourEnabled = true;
 
-    {# Tour content #}
-    <script type="text/javascript">
-        tourEnabled = true;
+    tour.addStep('role_list', {
+        title: 'Members List',
+        text: 'List of users given access for this ' +
+            '{% get_display_name "PROJECT" %} can be seen here.',
+        attachTo: '#sodar-pr-role-list top',
+        advanceOn: '.docs-link click',
+        showCancelLink: true
+    });
 
-        tour.addStep('role_list', {
-            title: 'Members List',
-            text: 'List of users given access for this ' +
-                '{% get_display_name "PROJECT" %} can be seen here.',
-            attachTo: '#sodar-pr-role-list top',
+    if ($('#sodar-pr-btn-role-list').length) {
+        tour.addStep('role_actions', {
+            title: 'Member Operations Menu',
+            text: 'Use this menu to add members, send invites or view existing ' +
+                'invites.',
+            attachTo: '#sodar-pr-btn-role-list left',
             advanceOn: '.docs-link click',
             showCancelLink: true
         });
+    }
 
-        if ($('#sodar-pr-btn-role-list').length) {
-            tour.addStep('role_actions', {
-                title: 'Member Operations Menu',
-                text: 'Use this menu to add members, send invites or view existing ' +
-                    'invites.',
-                attachTo: '#sodar-pr-btn-role-list left',
-                advanceOn: '.docs-link click',
-                showCancelLink: true
-            });
-        }
-
-        if ($('div.pr_role_buttons').length) {
-            tour.addStep('role_menu', {
-                title: 'Member Editing Menu',
-                text: 'Individual memberships can be updated or removed from these ' +
-                    'menues.',
-                attachTo: 'div.sodar-pr-btn-grp-role left',
-                advanceOn: '.docs-link click',
-                showCancelLink: true,
-                scrollTo: true
-            });
-        }
-    </script>
+    if ($('div.pr_role_buttons').length) {
+        tour.addStep('role_menu', {
+            title: 'Member Editing Menu',
+            text: 'Individual memberships can be updated or removed from these ' +
+                'menues.',
+            attachTo: 'div.sodar-pr-btn-grp-role left',
+            advanceOn: '.docs-link click',
+            showCancelLink: true,
+            scrollTo: true
+        });
+    }
+  </script>
 {% endblock javascript %}
diff --git a/projectroles/templatetags/projectroles_common_tags.py b/projectroles/templatetags/projectroles_common_tags.py
index d61b02e1..95da7787 100644
--- a/projectroles/templatetags/projectroles_common_tags.py
+++ b/projectroles/templatetags/projectroles_common_tags.py
@@ -264,10 +264,14 @@ def get_remote_icon(project, request):
                 project=project, site__mode=SITE_MODE_SOURCE
             )
             return (
-                '<i class="fa fa-globe text-info mx-1 '
-                'sodar-pr-remote-project-icon" title="Remote project from '
+                '<i class="fa fa-globe {} mx-1 '
+                'sodar-pr-remote-project-icon" title="{} project from '
                 '{}" data-toggle="tooltip" data-placement="top">'
-                '</i>'.format(remote_project.site.name)
+                '</i>'.format(
+                    'text-danger' if project.is_revoked() else 'text-info',
+                    'REVOKED remote' if project.is_revoked() else 'Remote',
+                    remote_project.site.name,
+                )
             )
 
         except RemoteProject.DoesNotExist:
diff --git a/projectroles/templatetags/projectroles_tags.py b/projectroles/templatetags/projectroles_tags.py
index 34307fdf..a2569119 100644
--- a/projectroles/templatetags/projectroles_tags.py
+++ b/projectroles/templatetags/projectroles_tags.py
@@ -24,6 +24,10 @@
     else 7
 )
 
+# SODAR Constants
+REMOTE_LEVEL_NONE = SODAR_CONSTANTS['REMOTE_LEVEL_NONE']
+REMOTE_LEVEL_REVOKED = SODAR_CONSTANTS['REMOTE_LEVEL_REVOKED']
+
 # Local constants
 INDENT_PX = 25
 
@@ -381,7 +385,20 @@ def get_target_project_select(site, project):
 
     for level in ACTIVE_LEVEL_TYPES:
         selected = False
-        legend = SODAR_CONSTANTS['REMOTE_ACCESS_LEVELS'][level]
+
+        if (
+            level == REMOTE_LEVEL_NONE
+            and current_level
+            and current_level != REMOTE_LEVEL_NONE
+        ):
+            legend = SODAR_CONSTANTS['REMOTE_ACCESS_LEVELS'][
+                REMOTE_LEVEL_REVOKED
+            ]
+            level_val = REMOTE_LEVEL_REVOKED
+
+        else:
+            legend = SODAR_CONSTANTS['REMOTE_ACCESS_LEVELS'][level]
+            level_val = level
 
         if level == current_level or (
             level == SODAR_CONSTANTS['REMOTE_LEVEL_NONE'] and not current_level
@@ -389,7 +406,7 @@ def get_target_project_select(site, project):
             selected = True
 
         ret += '<option value="{}" {}>{}</option>\n'.format(
-            level, 'selected' if selected else '', legend
+            level_val, 'selected' if selected else '', legend
         )
 
     ret += '</select>\n'
diff --git a/projectroles/tests/test_models.py b/projectroles/tests/test_models.py
index 47c8404c..c8366fdf 100644
--- a/projectroles/tests/test_models.py
+++ b/projectroles/tests/test_models.py
@@ -351,6 +351,10 @@ def test_is_remote(self):
         """Test Project.is_remote() without remote projects"""
         self.assertEqual(self.project_sub.is_remote(), False)
 
+    def test_is_revoked(self):
+        """Test Project.is_revoked() without remote projects"""
+        self.assertEqual(self.project_sub.is_revoked(), False)
+
     def test_validate_parent(self):
         """Test parent ForeignKey validation: project can't be its own
         parent"""
@@ -1256,6 +1260,16 @@ def test_get_source_site_target(self):
         self.site.save()
         self.assertEqual(self.project.get_source_site(), self.site)
 
+    @override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
+    def test_is_revoked_target(self):
+        """Test Project.is_revoked() as target"""
+        self.site.mode = SITE_MODE_SOURCE
+        self.site.save()
+        self.assertEqual(self.project.is_revoked(), False)
+        self.remote_project.level = SODAR_CONSTANTS['REMOTE_LEVEL_REVOKED']
+        self.remote_project.save()
+        self.assertEqual(self.project.is_revoked(), True)
+
     @override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
     @override_settings(PROJECTROLES_DELEGATE_LIMIT=1)
     def test_validate_remote_delegates(self):
diff --git a/projectroles/tests/test_permissions.py b/projectroles/tests/test_permissions.py
index 387c5342..7de2bcdd 100644
--- a/projectroles/tests/test_permissions.py
+++ b/projectroles/tests/test_permissions.py
@@ -789,6 +789,7 @@ def test_user_autocomplete_api(self):
             self.assertFalse(data['results'])
 
 
+@override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
 class TestTargetProjectViews(
     RemoteSiteMixin, RemoteProjectMixin, TestProjectPermissionBase
 ):
@@ -820,7 +821,6 @@ def setUp(self):
             level=SODAR_CONSTANTS['REMOTE_LEVEL_READ_ROLES'],
         )
 
-    @override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
     def test_update(self):
         """Test access to project updating as target"""
         url = reverse(
@@ -837,7 +837,6 @@ def test_update(self):
         ]
         self.assert_redirect(url, bad_users)
 
-    @override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
     def test_create_top_allowed(self):
         """Test access to top level project creation as target"""
         url = reverse('projectroles:create')
@@ -853,7 +852,6 @@ def test_create_top_allowed(self):
         self.assert_render200_ok(url, good_users)
         self.assert_redirect(url, bad_users)
 
-    @override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
     def test_create_sub(self):
         """Test access to subproject creation as target"""
         url = reverse(
@@ -870,10 +868,7 @@ def test_create_sub(self):
         self.assert_render200_ok(url, good_users)
         self.assert_redirect(url, bad_users)
 
-    @override_settings(
-        PROJECTROLES_SITE_MODE=SITE_MODE_TARGET,
-        PROJECTROLES_TARGET_CREATE=False,
-    )
+    @override_settings(PROJECTROLES_TARGET_CREATE=False)
     def test_create_sub_disallowed(self):
         """Test access to subproject creation with creation disallowed as target"""
         url = reverse(
@@ -890,7 +885,6 @@ def test_create_sub_disallowed(self):
         ]
         self.assert_redirect(url, bad_users)
 
-    @override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
     def test_role_create(self):
         """Test access to role creation as target"""
         url = reverse(
@@ -908,7 +902,6 @@ def test_role_create(self):
         ]
         self.assert_redirect(url, bad_users)
 
-    @override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
     def test_role_update(self):
         """Test access to role updating as target"""
         url = reverse(
@@ -926,7 +919,6 @@ def test_role_update(self):
         ]
         self.assert_redirect(url, bad_users)
 
-    @override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
     def test_role_delete(self):
         """Test access to role deletion as target"""
         url = reverse(
@@ -944,7 +936,6 @@ def test_role_delete(self):
         ]
         self.assert_redirect(url, bad_users)
 
-    @override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
     def test_role_update_delegate(self):
         """Test access to delegate role update as target"""
         url = reverse(
@@ -962,7 +953,6 @@ def test_role_update_delegate(self):
         ]
         self.assert_redirect(url, bad_users)
 
-    @override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
     def test_role_delete_delegate(self):
         """Test access to role deletion for delegate as target"""
         url = reverse(
@@ -980,7 +970,6 @@ def test_role_delete_delegate(self):
         ]
         self.assert_redirect(url, bad_users)
 
-    @override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
     def test_role_invite_create(self):
         """Test access to role invite creation as target"""
         url = reverse(
@@ -998,7 +987,6 @@ def test_role_invite_create(self):
         ]
         self.assert_redirect(url, bad_users)
 
-    @override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
     def test_role_invite_list(self):
         """Test access to role invite list as target"""
         url = reverse(
@@ -1016,6 +1004,69 @@ def test_role_invite_list(self):
         self.assert_redirect(url, bad_users)
 
 
+@override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
+class TestRevokedRemoteProject(
+    RemoteSiteMixin, RemoteProjectMixin, TestProjectPermissionBase
+):
+    """Tests for views for a revoked project on a TARGET site"""
+
+    def setUp(self):
+        super().setUp()
+
+        # Create site
+        self.site = self._make_site(
+            name=REMOTE_SITE_NAME,
+            url=REMOTE_SITE_URL,
+            mode=SODAR_CONSTANTS['SITE_MODE_SOURCE'],
+            description='',
+            secret=REMOTE_SITE_SECRET,
+        )
+
+        # Create RemoteProject objects
+        self.remote_category = self._make_remote_project(
+            project_uuid=self.category.sodar_uuid,
+            project=self.category,
+            site=self.site,
+            level=SODAR_CONSTANTS['REMOTE_LEVEL_READ_INFO'],
+        )
+        self.remote_project = self._make_remote_project(
+            project_uuid=self.project.sodar_uuid,
+            project=self.project,
+            site=self.site,
+            level=SODAR_CONSTANTS['REMOTE_LEVEL_REVOKED'],
+        )
+
+    def test_project_details(self):
+        """Test access to REVOKED project detail page as target"""
+        url = reverse(
+            'projectroles:detail', kwargs={'project': self.project.sodar_uuid}
+        )
+        good_users = [self.superuser, self.as_owner.user, self.as_delegate.user]
+        bad_users = [
+            self.anonymous,
+            self.as_contributor.user,
+            self.as_guest.user,
+            self.user_no_roles,
+        ]
+        self.assert_response(url, good_users, 200)
+        self.assert_redirect(url, bad_users)
+
+    def test_role_list(self):
+        """Test access to REVOKED project's role list as target"""
+        url = reverse(
+            'projectroles:roles', kwargs={'project': self.project.sodar_uuid}
+        )
+        good_users = [self.superuser, self.as_owner.user, self.as_delegate.user]
+        bad_users = [
+            self.anonymous,
+            self.as_contributor.user,
+            self.as_guest.user,
+            self.user_no_roles,
+        ]
+        self.assert_response(url, good_users, 200)
+        self.assert_redirect(url, bad_users)
+
+
 class TestRemoteSiteApp(RemoteSiteMixin, TestPermissionBase):
     """Tests for remote site management views"""
 
diff --git a/projectroles/tests/test_remote_projects_api.py b/projectroles/tests/test_remote_projects_api.py
index 64781f0c..2e62015f 100644
--- a/projectroles/tests/test_remote_projects_api.py
+++ b/projectroles/tests/test_remote_projects_api.py
@@ -47,6 +47,7 @@
 REMOTE_LEVEL_VIEW_AVAIL = SODAR_CONSTANTS['REMOTE_LEVEL_VIEW_AVAIL']
 REMOTE_LEVEL_READ_INFO = SODAR_CONSTANTS['REMOTE_LEVEL_READ_INFO']
 REMOTE_LEVEL_READ_ROLES = SODAR_CONSTANTS['REMOTE_LEVEL_READ_ROLES']
+REMOTE_LEVEL_REVOKED = SODAR_CONSTANTS['REMOTE_LEVEL_REVOKED']
 
 # Local constants
 SOURCE_SITE_NAME = 'Test source site'
@@ -295,7 +296,6 @@ def test_read_roles(self):
             site=self.target_site,
             level=REMOTE_LEVEL_READ_ROLES,
         )
-
         self._make_remote_project(
             project_uuid=self.project.sodar_uuid,
             site=self.peer_site,
@@ -358,6 +358,64 @@ def test_read_roles(self):
 
         self.assertEqual(sync_data, expected)
 
+    def test_revoked(self):
+        """Test get data with project level of REVOKED"""
+        user_source_new = self.make_user('new_source_user')
+        self._make_assignment(self.project, user_source_new, self.role_guest)
+        self._make_remote_project(
+            project_uuid=self.project.sodar_uuid,
+            site=self.target_site,
+            level=REMOTE_LEVEL_REVOKED,
+        )
+        self._make_remote_project(
+            project_uuid=self.project.sodar_uuid,
+            site=self.peer_site,
+            level=REMOTE_LEVEL_REVOKED,
+        )
+
+        sync_data = self.remote_api.get_target_data(self.target_site)
+
+        expected = {
+            'users': {
+                str(self.user_source.sodar_uuid): {
+                    'username': self.user_source.username,
+                    'name': self.user_source.name,
+                    'first_name': self.user_source.first_name,
+                    'last_name': self.user_source.last_name,
+                    'email': self.user_source.email,
+                    'groups': [SOURCE_USER_GROUP],
+                }
+            },
+            'projects': {
+                str(self.category.sodar_uuid): {
+                    'title': self.category.title,
+                    'type': PROJECT_TYPE_CATEGORY,
+                    'level': REMOTE_LEVEL_READ_INFO,
+                    'parent_uuid': None,
+                    'description': self.category.description,
+                    'readme': self.category.readme.raw,
+                },
+                str(self.project.sodar_uuid): {
+                    'title': self.project.title,
+                    'type': PROJECT_TYPE_PROJECT,
+                    'level': REMOTE_LEVEL_REVOKED,
+                    'description': self.project.description,
+                    'readme': self.project.readme.raw,
+                    'parent_uuid': str(self.category.sodar_uuid),
+                    'roles': {
+                        str(self.project_owner_as.sodar_uuid): {
+                            'user': self.project_owner_as.user.username,
+                            'role': self.project_owner_as.role.name,
+                        }  # NOTE: Another user should not be synced
+                    },
+                    'remote_sites': [],
+                },
+            },
+            'peer_sites': {},
+        }
+
+        self.assertEqual(sync_data, expected)
+
     def test_no_access(self):
         """Test get data with no project access set in the source site"""
         sync_data = self.remote_api.get_target_data(self.target_site)
@@ -367,6 +425,7 @@ def test_no_access(self):
         self.assertEqual(sync_data, expected)
 
 
+@override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
 class TestSyncSourceData(
     ProjectMixin,
     RoleAssignmentMixin,
@@ -458,7 +517,6 @@ def setUp(self):
             },
         }
 
-    @override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
     def test_create(self):
         """Test sync with non-existing project data and READ_ROLE access"""
 
@@ -610,7 +668,6 @@ def test_create(self):
 
         self.assertEqual(remote_data, expected)
 
-    @override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
     def test_create_multiple(self):
         """Test sync with non-existing project data and multiple projects"""
 
@@ -699,7 +756,6 @@ def test_create_multiple(self):
 
         self.assertEqual(remote_data, expected)
 
-    @override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
     def test_create_local_owner(self):
         """Test sync with non-existing project data and a local owner"""
 
@@ -736,7 +792,6 @@ def test_create_local_owner(self):
         project_obj = Project.objects.get(sodar_uuid=SOURCE_PROJECT_UUID)
         self.assertEqual(project_obj.get_owner().user, self.admin_user)
 
-    @override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
     def test_update(self):
         """Test sync with existing project data and READ_ROLE access"""
 
@@ -989,7 +1044,123 @@ def test_update(self):
 
         self.assertEqual(remote_data, expected)
 
-    @override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
+    def test_update_revoke(self):
+        """Test sync with existing project data and REVOKED access"""
+
+        # Set up target category and project
+        category_obj = self._make_project(
+            title='NewCategoryTitle',
+            type=PROJECT_TYPE_CATEGORY,
+            parent=None,
+            description='New description',
+            readme='New readme',
+            sodar_uuid=SOURCE_CATEGORY_UUID,
+        )
+        project_obj = self._make_project(
+            title='NewProjectTitle',
+            type=PROJECT_TYPE_PROJECT,
+            parent=category_obj,
+            description='New description',
+            readme='New readme',
+            sodar_uuid=SOURCE_PROJECT_UUID,
+        )
+
+        # Set up users and roles
+        target_user = self._make_sodar_user(
+            username=SOURCE_USER_USERNAME,
+            name='NewFirstName NewLastName',
+            first_name='NewFirstName',
+            last_name='NewLastName',
+            email='newemail@example.com',
+        )
+        new_user_username = 'newuser@' + SOURCE_USER_DOMAIN
+        target_user2 = self._make_sodar_user(
+            username=new_user_username,
+            name='Some OtherName',
+            first_name='Some',
+            last_name='OtherName',
+            email='othername@example.com',
+        )
+        self._make_assignment(category_obj, target_user, self.role_owner)
+        self._make_assignment(project_obj, target_user, self.role_owner)
+        self._make_assignment(project_obj, target_user2, self.role_contributor)
+
+        # Set up RemoteProject objects
+        self._make_remote_project(
+            project_uuid=category_obj.sodar_uuid,
+            project=category_obj,
+            site=self.source_site,
+            level=REMOTE_LEVEL_READ_ROLES,
+        )
+        self._make_remote_project(
+            project_uuid=project_obj.sodar_uuid,
+            project=project_obj,
+            site=self.source_site,
+            level=REMOTE_LEVEL_READ_ROLES,
+        )
+
+        # Set up Peer Objects
+        peer_site = RemoteSite.objects.create(
+            **{
+                'name': PEER_SITE_NAME,
+                'url': PEER_SITE_URL,
+                'mode': SITE_MODE_PEER,
+                'description': PEER_SITE_DESC,
+                'secret': None,
+                'sodar_uuid': PEER_SITE_UUID,
+                'user_display': PEER_SITE_USER_DISPLAY,
+            }
+        )
+
+        self._make_remote_project(
+            project_uuid=project_obj.sodar_uuid,
+            project=project_obj,
+            site=peer_site,
+            level=SODAR_CONSTANTS['REMOTE_LEVEL_READ_ROLES'],
+        )
+
+        # Assert preconditions
+        self.assertEqual(Project.objects.all().count(), 2)
+        self.assertEqual(RoleAssignment.objects.all().count(), 3)
+        self.assertEqual(User.objects.all().count(), 3)
+        self.assertEqual(RemoteProject.objects.all().count(), 3)
+        self.assertEqual(RemoteSite.objects.all().count(), 2)
+
+        remote_data = self.default_data
+
+        # Revoke access to project
+        remote_data['projects'][SOURCE_PROJECT_UUID][
+            'level'
+        ] = REMOTE_LEVEL_REVOKED
+        remote_data['projects'][SOURCE_PROJECT_UUID]['remote_sites'] = []
+
+        # Do sync
+        self.remote_api.sync_source_data(self.source_site, remote_data)
+
+        # Assert database status
+        self.assertEqual(Project.objects.all().count(), 2)
+        self.assertEqual(RoleAssignment.objects.all().count(), 2)
+        self.assertEqual(User.objects.all().count(), 3)
+        self.assertEqual(RemoteProject.objects.all().count(), 2)
+        self.assertEqual(RemoteSite.objects.all().count(), 2)
+
+        new_user = User.objects.get(username=new_user_username)
+
+        # Assert removal of role assignment
+        with self.assertRaises(RoleAssignment.DoesNotExist):
+            RoleAssignment.objects.get(
+                project__sodar_uuid=SOURCE_PROJECT_UUID,
+                user=new_user,
+                role__name=PROJECT_ROLE_CONTRIBUTOR,
+            )
+
+        # Assert update_data changes
+        self.assertEqual(
+            remote_data['projects'][SOURCE_PROJECT_UUID]['level'],
+            REMOTE_LEVEL_REVOKED,
+        )
+        self.assertNotIn(str(new_user.sodar_uuid), remote_data['users'].keys())
+
     def test_delete_role(self):
         """Test sync with existing project data and a removed role"""
 
@@ -1098,7 +1269,6 @@ def test_delete_role(self):
 
         self.assertEqual(remote_data, expected)
 
-    @override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
     def test_update_no_changes(self):
         """Test sync with existing project data and no changes"""
 
@@ -1300,7 +1470,6 @@ def test_update_no_changes(self):
         # Assert no changes between update_data and remote_data
         self.assertEqual(original_data, remote_data)
 
-    @override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
     def test_create_no_access(self):
         """Test sync with no READ_ROLE access set"""
 
@@ -1328,7 +1497,6 @@ def test_create_no_access(self):
         # Assert no changes between update_data and remote_data
         self.assertEqual(original_data, remote_data)
 
-    @override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
     def test_create_local_user(self):
         """Test sync with a local non-owner user"""
 
@@ -1400,7 +1568,6 @@ def test_create_local_user_allow(self):
         self.assertEqual(RemoteProject.objects.all().count(), 3)
         self.assertEqual(RemoteSite.objects.all().count(), 2)
 
-    @override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
     @override_settings(PROJECTROLES_ALLOW_LOCAL_USERS=True)
     def test_create_local_user_allow_unavailable(self):
         """Test sync with a non-existent local user with local users allowed"""
@@ -1435,7 +1602,6 @@ def test_create_local_user_allow_unavailable(self):
         self.assertEqual(RemoteProject.objects.all().count(), 3)
         self.assertEqual(RemoteSite.objects.all().count(), 2)
 
-    @override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
     @override_settings(PROJECTROLES_ALLOW_LOCAL_USERS=True)
     def test_create_local_owner_allow(self):
         """Test sync with a local owner with local users allowed"""
@@ -1479,7 +1645,6 @@ def test_create_local_owner_allow(self):
         new_project = Project.objects.get(sodar_uuid=SOURCE_PROJECT_UUID)
         self.assertEqual(new_project.get_owner().user, new_user)
 
-    @override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
     @override_settings(PROJECTROLES_ALLOW_LOCAL_USERS=True)
     def test_create_local_owner_allow_unavailable(self):
         """Test sync with an unavailable local owner"""
diff --git a/projectroles/tests/test_ui.py b/projectroles/tests/test_ui.py
index 5ec71d03..f94a1420 100644
--- a/projectroles/tests/test_ui.py
+++ b/projectroles/tests/test_ui.py
@@ -738,10 +738,9 @@ def test_peer_project_source_invisible(self):
 
     @override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
     def test_peer_project_target_visible(self):
-        """Checks visibility of peer projects on TARGET site (user_display=False)"""
+        """Test visibility of peer projects on TARGET site (user_display=False)"""
         # There needs to be a source mode remote project as master project
         # otherwise peer project logic wont be reached
-        # TODO: Clean up when implementing #196 (refactoring project_detail.html logic)
         source_site = self._make_site(
             name='Second Remote Site',
             url='second_remote.site',
@@ -750,14 +749,12 @@ def test_peer_project_target_visible(self):
             secret=build_secret(),
             user_display=True,
         )
-
         self._make_remote_project(
             project_uuid=self.project.sodar_uuid,
             site=source_site,
             level=SODAR_CONSTANTS['REMOTE_LEVEL_READ_ROLES'],
             project=self.project,
         )
-
         self.setup_remote_project(site_mode=SITE_MODE_PEER)
 
         url = reverse(
@@ -773,26 +770,24 @@ def test_peer_project_target_visible(self):
 
         for user in users:
             self.login_and_redirect(user, url)
-
-            projects_on_other_sites = self.selenium.find_element_by_id(
-                'sodar-pr-details-card-remote'
+            remote_links = self.selenium.find_elements_by_class_name(
+                'sodar-pr-link-remote'
             )
-
-            details = projects_on_other_sites.find_elements_by_css_selector('a')
-            self.assertEqual(len(details), 2)
-            self.assertEqual(
-                details[0].text, source_site.name + ' (Master Project)'
+            self.assertEqual(len(remote_links), 2)
+            self.assertIn(
+                'sodar-pr-link-remote-master',
+                remote_links[0].get_attribute('class'),
             )
-            self.assertEqual(
-                details[1].text, self.remote_site.name + ' (Peer Project)'
+            self.assertIn(
+                'sodar-pr-link-remote-peer',
+                remote_links[1].get_attribute('class'),
             )
 
     @override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
     def test_peer_project_target_invisible(self):
-        """Checks invisibility of peer projects on TARGET site for different users (user_display=False)"""
+        """Test invisibility of peer projects on TARGET site for users (user_display=False)"""
         # There needs to be a source mode remote project as master project
         # otherwise peer project logic wont be reached
-        # TODO: Clean up when implementing #196 (refactoring project_detail.html logic)
         source_site = self._make_site(
             name='Second Remote Site',
             url='second_remote.site',
@@ -825,29 +820,28 @@ def test_peer_project_target_invisible(self):
 
         for user in expected_true:
             self.login_and_redirect(user, url)
-
-            projects_on_other_sites = self.selenium.find_element_by_id(
-                'sodar-pr-details-card-remote'
+            remote_links = self.selenium.find_elements_by_class_name(
+                'sodar-pr-link-remote'
             )
-            details = projects_on_other_sites.find_elements_by_css_selector('a')
-            self.assertEqual(len(details), 2)
-            self.assertEqual(
-                details[0].text, source_site.name + ' (Master Project)'
+            self.assertEqual(len(remote_links), 2)
+            self.assertIn(
+                'sodar-pr-link-remote-master',
+                remote_links[0].get_attribute('class'),
             )
-            self.assertEqual(
-                details[1].text, self.remote_site.name + ' (Peer Project)'
+            self.assertIn(
+                'sodar-pr-link-remote-peer',
+                remote_links[1].get_attribute('class'),
             )
 
         for user in expected_false:
             self.login_and_redirect(user, url)
-
-            projects_on_other_sites = self.selenium.find_element_by_id(
-                'sodar-pr-details-card-remote'
+            remote_links = self.selenium.find_elements_by_class_name(
+                'sodar-pr-link-remote'
             )
-            details = projects_on_other_sites.find_elements_by_css_selector('a')
-            self.assertEqual(len(details), 1)
-            self.assertEqual(
-                details[0].text, source_site.name + ' (Master Project)'
+            self.assertEqual(len(remote_links), 1)
+            self.assertIn(
+                'sodar-pr-link-remote-master',
+                remote_links[0].get_attribute('class'),
             )
 
     @override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
@@ -915,24 +909,17 @@ class TestProjectRoles(RemoteTargetMixin, TestUIBase):
     def test_list_buttons(self):
         """Test visibility of role list button group according to user
         permissions"""
-        users_with_perm = [
-            self.superuser,
-            self.as_owner.user,
-            self.as_delegate.user,
-        ]
-
-        users_without_perm = [self.as_contributor.user, self.as_guest.user]
-
+        good_users = [self.superuser, self.as_owner.user, self.as_delegate.user]
+        bad_users = [self.as_contributor.user, self.as_guest.user]
         url = reverse(
             'projectroles:roles', kwargs={'project': self.project.sodar_uuid}
         )
 
         self.assert_element_exists(
-            users_with_perm, url, 'sodar-pr-btn-perm', True
+            good_users, url, 'sodar-pr-btn-role-op', True
         )
-
         self.assert_element_exists(
-            users_without_perm, url, 'sodar-pr-btn-no-perm', True
+            bad_users, url, 'sodar-pr-btn-role-op', False
         )
 
     @override_settings(PROJECTROLES_SITE_MODE=SITE_MODE_TARGET)
@@ -942,8 +929,7 @@ def test_list_buttons_target(self):
         # Set up site as target
         self._set_up_as_target(projects=[self.category, self.project])
 
-        users = [
-            self.superuser,
+        non_superusers = [
             self.as_owner.user,
             self.as_delegate.user,
             self.as_contributor.user,
@@ -953,7 +939,13 @@ def test_list_buttons_target(self):
             'projectroles:roles', kwargs={'project': self.project.sodar_uuid}
         )
 
-        self.assert_element_exists(users, url, 'sodar-pr-btn-remote', True)
+        self.login_and_redirect(self.superuser, url)
+        btn = self.selenium.find_element_by_id('sodar-pr-btn-role-op')
+        self.assertEqual(btn.is_enabled(), False)
+
+        self.assert_element_exists(
+            non_superusers, url, 'sodar-pr-btn-role-op', False
+        )
 
     def test_role_list_invite_button(self):
         """Test visibility of role invite button according to user
diff --git a/projectroles/views.py b/projectroles/views.py
index 04de43d2..467ec621 100644
--- a/projectroles/views.py
+++ b/projectroles/views.py
@@ -242,9 +242,10 @@ def get_permission_object(self):
         return self.get_project()
 
     def has_permission(self):
-        """Disable project app access for categories"""
+        """Overrides for project permission access"""
         project = self.get_project()
 
+        # Disable project app access for categories
         if project and project.type == PROJECT_TYPE_CATEGORY:
             request_url = resolve(self.request.get_full_path())
 
@@ -254,10 +255,22 @@ def has_permission(self):
             ):
                 return False
 
+        # Disable access for non-owner/delegate if remote project is revoked
+        if project and project.is_revoked():
+            role_as = RoleAssignment.objects.filter(
+                project=project, user=self.request.user
+            ).first()
+
+            if role_as and role_as.role.name not in [
+                PROJECT_ROLE_OWNER,
+                PROJECT_ROLE_DELEGATE,
+            ]:
+                return False
+
         return super().has_permission()
 
     def get_queryset(self, *args, **kwargs):
-        """Override ``get_query_set()`` to filter down to the currently selected
+        """Override ``get_queryset()`` to filter down to the currently selected
         object."""
         qs = super().get_queryset(*args, **kwargs)
 
@@ -448,7 +461,11 @@ def get_context_data(self, *args, **kwargs):
 
 
 class ProjectDetailView(
-    LoginRequiredMixin, LoggedInPermissionMixin, ProjectContextMixin, DetailView
+    LoginRequiredMixin,
+    LoggedInPermissionMixin,
+    ProjectPermissionMixin,
+    ProjectContextMixin,
+    DetailView,
 ):
     """Project details view"""
 

From 825550cbb3f6029aa6e3c11f3949fbf6bbe93c0d Mon Sep 17 00:00:00 2001
From: "mikko.nieminen" <mikko.nieminen@bihealth.de>
Date: Tue, 8 Oct 2019 16:43:49 +0200
Subject: [PATCH 13/20] fix minor layout issues (#365, #367, #371)

---
 CHANGELOG.rst                                 |  2 ++
 .../static/projectroles/css/projectroles.css  |  2 ++
 .../static/projectroles/js/projectroles.js    | 32 ++++++++++++-------
 3 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 6597afac..cdadd99c 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -83,6 +83,8 @@ Fixed
     - Remote sync of parent category roles could fail with multiple subprojects
     - ``RemoteProject`` modifications not saved during sync update
     - Timeline events not created in remote project sync (#370)
+    - DAL select modifying HTML body width (#365)
+    - Footer overflow breaking layout (#367)
 - **Timeline**
     - Crash from exception raised by ``get_object_link()`` in a plugin (#328)
 
diff --git a/projectroles/static/projectroles/css/projectroles.css b/projectroles/static/projectroles/css/projectroles.css
index 5d2066a9..a7ff00a6 100644
--- a/projectroles/static/projectroles/css/projectroles.css
+++ b/projectroles/static/projectroles/css/projectroles.css
@@ -13,6 +13,7 @@
 
 body {
   margin: 0;
+  overflow-x: hidden; /* Fix for DAL select bug (issue #365) */
 }
 
 body,
@@ -160,6 +161,7 @@ div.sodar-page-container {
   line-height: 36px;
   margin: 0;
   background-color: #f5f5f5;
+  overflow-y: hidden;
 }
 
 
diff --git a/projectroles/static/projectroles/js/projectroles.js b/projectroles/static/projectroles/js/projectroles.js
index deefe431..a2fe45bb 100644
--- a/projectroles/static/projectroles/js/projectroles.js
+++ b/projectroles/static/projectroles/js/projectroles.js
@@ -398,23 +398,31 @@ $(document).ready(function () {
     }
 });
 
-/* Hide Sidebar based on its element count */
+
+/* Hide sidebar based on element count -------------------------------------- */
+
+
+function toggleSidebar() {
+    if (!window.sidebar.is(':visible')) {
+        if (window.sidebarMinWindowHeight < window.innerHeight && window.innerWidth > 1000) {
+            window.sidebar.show();
+            window.sidebar_alt_btn.hide();
+        }
+    } else if (window.sidebarMinWindowHeight > window.innerHeight || window.innerWidth < 1000) {
+        window.sidebar_alt_btn.show();
+        window.sidebar.hide();
+    }
+}
+
 $(document).ready(function () {
-    // remember sidebar total height
+    // Remember sidebar total height
     window.sidebar = $('#sodar-pr-sidebar');
     window.sidebar_alt_btn = $('#sodar-pr-sidebar-alt-btn');
     let sidebarContent = $('#sodar-pr-sidebar-navbar').get(0);
     window.sidebarMinWindowHeight = sidebarContent.scrollHeight + sidebarContent.getBoundingClientRect().top;
+    toggleSidebar();
 });
 
 $(window).on('resize', function () {
-    if (!window.sidebar.is(':visible')) {
-        if (window.sidebarMinWindowHeight < window.innerHeight && window.innerWidth > 1000) {
-            window.sidebar.collapse('show');
-            window.sidebar_alt_btn.collapse('hide');
-        }
-    } else if (window.sidebarMinWindowHeight > window.innerHeight || window.innerWidth < 1000) {
-        window.sidebar_alt_btn.collapse('show');
-        window.sidebar.collapse('hide');
-    }
-});
\ No newline at end of file
+    toggleSidebar();
+});

From 905a14eba0a097cfd5ecc6717e4c1f1cf9a52fab Mon Sep 17 00:00:00 2001
From: "mikko.nieminen" <mikko.nieminen@bihealth.de>
Date: Tue, 8 Oct 2019 18:28:28 +0200
Subject: [PATCH 14/20] cleanup for v0.7.0 release

---
 AUTHORS.rst                                   |   7 +-
 CHANGELOG.rst                                 |   2 +
 .../templates/adminalerts/alert_list.html     | 342 ++++++++----------
 adminalerts/tests/test_models.py              |   1 -
 adminalerts/tests/test_permissions.py         |   6 +
 adminalerts/tests/test_views.py               |  10 +-
 adminalerts/urls.py                           |   2 +-
 adminalerts/views.py                          |  42 ++-
 docs/source/app_projectroles_usage.rst        |  14 +-
 docs/source/dev_general.rst                   |  13 +
 .../example_backend_app/css/greeting.css      |   2 +-
 filesfolders/tests/test_models.py             |   4 +-
 .../project_roles_transfer_owner.html         |  62 ++--
 projectroles/tests/test_templatetags.py       |   2 +-
 projectroles/tests/test_ui.py                 |  28 +-
 .../templates/timeline/_extra_data_modal.html |   3 +-
 userprofile/tests/test_views.py               |   6 +-
 17 files changed, 278 insertions(+), 268 deletions(-)

diff --git a/AUTHORS.rst b/AUTHORS.rst
index 66cfd0c3..e3ee8221 100644
--- a/AUTHORS.rst
+++ b/AUTHORS.rst
@@ -4,6 +4,7 @@ Credits
 * Mikko Nieminen <mikko.nieminen@bihealth.de>
 * Manuel Holtgrewe <manuel.holtgrewe@bihealth.de>
 * Franziska Schumann <franziska.schumann@fu-berlin.de>
-* Raunak Agarwal <raunak.agarwal@mdc-berlin.de>
-* Hendrik Bomhardt <hendrik.bomhardt@mdc-berlin.de>
-* Tim Garrels <tim.garrels@mdc-berlin.de>
+* Oliver Stolpe <oliver.stolpe@bihealth.de>
+* Hendrik Bomhardt <hendrik.bomhardt@student.hpi.de>
+* Tim Garrels <tim.garrels@student.hpi.uni-potsdam.de>
+* Raunak Agarwal
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index cdadd99c..2878d482 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -58,6 +58,8 @@ Changed
     - Use ``CurrentUserFormMixin`` instead of repeated code (#12)
     - Run tests in parallel where applicable
     - Upgrade minimum Django version to 1.11.25 (#346)
+- **Adminalerts**
+    - Use common pagination template
 - **Projectroles**
     - Improve user name placeholder in ``login.html`` (#294)
     - Backend app Javascript and CSS included on-demand instead of for all templates (#261)
diff --git a/adminalerts/templates/adminalerts/alert_list.html b/adminalerts/templates/adminalerts/alert_list.html
index 633b9c2b..4ab84a1c 100644
--- a/adminalerts/templates/adminalerts/alert_list.html
+++ b/adminalerts/templates/adminalerts/alert_list.html
@@ -7,200 +7,176 @@
 {% block title %}Admin Alerts{% endblock %}
 
 {% block css %}
-    {{ block.super }}
-    <style type="text/css">
-        table#sodar-aa-list-table tr td:nth-child(3),
-        table#sodar-aa-list-table tr td:nth-child(4) {
-            white-space: nowrap;
-        }
-
-        table#sodar-aa-list-table thead tr th:nth-child(5),
-        table#sodar-aa-list-table tbody tr td:nth-child(5) {
-            width: 150px;
-        }
-
-        table#sodar-aa-list-table tr td:nth-child(6) {
-            width: 75px;
-        }
-
-        /* Responsive modifications */
-        @media screen and (max-width: 1100px) {
-            table#sodar-aa-list-table tr th:nth-child(3),
-            table#sodar-aa-list-table tr td:nth-child(3) {
-                display: none;
-            }
-        }
-
-        @media screen and (max-width: 900px) {
-            table#sodar-aa-list-table tr th:nth-child(2),
-            table#sodar-aa-list-table tr td:nth-child(2) {
-                display: none;
-            }
-        }
-
-        @media screen and (max-width: 750px) {
-            table#sodar-aa-list-table tr th:nth-child(4),
-            table#sodar-aa-list-table tr td:nth-child(4) {
-                display: none;
-            }
-        }
-    </style>
+  {{ block.super }}
+  <style type="text/css">
+    table#sodar-aa-list-table tr td:nth-child(3),
+    table#sodar-aa-list-table tr td:nth-child(4) {
+      white-space: nowrap;
+    }
+
+    table#sodar-aa-list-table thead tr th:nth-child(5),
+    table#sodar-aa-list-table tbody tr td:nth-child(5) {
+      width: 150px;
+    }
+
+    table#sodar-aa-list-table tr td:nth-child(6) {
+      width: 75px;
+    }
+
+    /* Responsive modifications */
+    @media screen and (max-width: 1100px) {
+      table#sodar-aa-list-table tr th:nth-child(3),
+      table#sodar-aa-list-table tr td:nth-child(3) {
+        display: none;
+      }
+    }
+
+    @media screen and (max-width: 900px) {
+      table#sodar-aa-list-table tr th:nth-child(2),
+      table#sodar-aa-list-table tr td:nth-child(2) {
+        display: none;
+      }
+    }
+
+    @media screen and (max-width: 750px) {
+      table#sodar-aa-list-table tr th:nth-child(4),
+      table#sodar-aa-list-table tr td:nth-child(4) {
+        display: none;
+      }
+    }
+  </style>
 {% endblock css %}
 
 {% block javascript %}
-    {{ block.super }}
-    <script>
-        function toogleBtnState(button, is_active)
-        {
-            if (is_active) {
-                    button.classList.add("btn-success");
-                    button.classList.remove("btn-warning");
-                    button.innerText = 'ACTIVE';
-                } else {
-                    button.innerText = 'SUSPENDED';
-                    button.classList.remove("btn-success");
-                    button.classList.add("btn-warning");
+  {{ block.super }}
+  <script>
+    function toogleBtnState(button, is_active)
+    {
+        if (is_active) {
+                button.classList.add("btn-success");
+                button.classList.remove("btn-warning");
+                button.innerText = 'ACTIVE';
+            } else {
+                button.innerText = 'SUSPENDED';
+                button.classList.remove("btn-success");
+                button.classList.add("btn-warning");
+            }
+    }
+
+    $('.js-change-alert-state-button').each(function () {
+        this.addEventListener("click", function (event) {
+            // We change the buttons color and text, before getting a response,
+            // to improve responsiveness
+            const is_active_guess = event.target.innerText = 'ACTIVE';
+            toogleBtnState(event.target, is_active_guess);
+
+            $.ajax({
+                type: 'POST',
+                url: '{% url 'adminalerts:ajax_alert_activation' %}',
+                data: {
+                    'uuid': event.target.dataset.uuid,
+                },
+                success: function (data) {
+                    // check if we guessed correctly
+                    if (data.is_active === is_active_guess)
+                        return;
+                    toogleBtnState(event.target, data.is_active);
                 }
-        }
-
-        $(".js-change-alert-state-button").each(function () {
-            this.addEventListener("click", function (event) {
-                //we gonna change the buttons color and text, before getting a response, to improve responsiveness
-                const is_active_guess = event.target.innerText = 'ACTIVE';
-                toogleBtnState(event.target, is_active_guess);
-
-                $.ajax({
-                    type: "POST",
-                    url: "{% url 'adminalerts:ajax_alert_activation' %}",
-                    data: {
-                        'uuid': event.target.dataset.uuid,
-                    },
-                    success: function (data) {
-                        // check if we guessed correctly
-                        if (data.is_active == is_active_guess)
-                            return;
-                        toogleBtnState(event.target, data.is_active);
-                    }
-                })
-            });
+            })
         });
-    </script>
-{% endblock %}
+    });
+  </script>
+{% endblock javascript %}
 
 {% block projectroles %}
 
-    <div class="row sodar-subtitle-container bg-white sticky-top">
-        <h2><i class="fa fa-exclamation-triangle"></i> Admin Alerts</h2>
-
-        <a role="button" class="btn btn-primary ml-auto"
-           href="{% url 'adminalerts:create' %}">
-            <i class="fa fa-plus"></i> Create Alert
-        </a>
-    </div>
-
-    <div class="container-fluid sodar-page-container">
-
-        {% if object_list.count > 0 %}
-            <div class="card" id="sodar-aa-alert-list">
-                <div class="card-body p-0">
-                    <table class="table table-striped sodar-card-table" id="sodar-aa-list-table">
-                        <thead>
-                        <tr>
-                            <th>Message</th>
-                            <th>User</th>
-                            <th>Created</th>
-                            <th>Expiry</th>
-                            <th>Status</th>
-                            <th></th>
-                        </tr>
-                        </thead>
-                        <tbody>
-                        {% for a in object_list %}
-                            <tr {% if not a.is_active %}class="text-muted"{% endif %}
-                                id="sodar-aa-alert-item-{{ a.pk }}">
-                                <td><a href="{% url 'adminalerts:detail' uuid=a.sodar_uuid %}">{{ a.message }}</a></td>
-                                <td>{% get_user_html a.user as user_html %}{{ user_html|safe }}</td>
-                                <td>{{ a.date_created | date:'Y-m-d H:i:s' }}</td>
-                                <td>{{ a.date_expire | date:'Y-m-d' }}</td>
-                                <td>
-                                    <button class="btn sodar-list-btn
-                                                  {% if not a.is_expired and a.active %}btn-success
-                                                  {% elif not a.is_expired and not a.active %} btn-warning
-                                                  {% else %} btn-danger{% endif %} js-change-alert-state-button"
-                                            type="button" data-uuid="{{ a.sodar_uuid }}"
-                                            {% if a.is_expired %}
-                                            disabled
-                                            {% endif %}
-                                    >
-                                        {% if a.is_expired %}
-                                            EXPIRED
-                                        {% elif a.active %}
-                                            ACTIVE
-                                        {% else %}
-                                            SUSPENDED
-                                        {% endif %}
-                                    </button>
-                                </td>
-                                <td>
-                                    <div class="btn-group sodar-list-btn-group" id="sodar-aa-alert-buttons-{{ a.pk }}">
-                                        <button class="btn btn-secondary dropdown-toggle sodar-list-dropdown"
-                                                type="button" data-toggle="dropdown" aria-expanded="false">
-                                            <i class="fa fa-cog"></i>
-                                        </button>
-                                        <div class="dropdown-menu dropdown-menu-right">
-                                            <a class="dropdown-item"
-                                               href="{% url 'adminalerts:update' uuid=a.sodar_uuid %}">
-                                                <i class="fa fa-fw fa-pencil"></i> Update Alert
-                                            </a>
-                                            <a class="dropdown-item"
-                                               href="{% url 'adminalerts:delete' uuid=a.sodar_uuid %}">
-                                                <i class="fa fa-fw fa-close"></i> Delete Alert
-                                            </a>
-                                        </div>
-                                    </div>
-                                </td>
-                            </tr>
-                        {% endfor %}
-                        </tbody>
-                    </table>
-                </div>
-            </div>
-
-            {% if is_paginated %}
-                <div class="row">
-                    <div class="btn-group ml-auto" id="sodar-aa-nav-buttons">
-                        {% if page_obj.has_previous %}
-                            <a role="button" class="btn btn-secondary"
-                               href="?page={{ page_obj.previous_page_number }}">
-                                <i class="fa fa-arrow-circle-left"></i> Newer
-                            </a>
-                        {% else %}
-                            <a role="button" class="btn btn-secondary disabled" href="#">
-                                <i class="fa fa-arrow-circle-left"></i> Newer
-                            </a>
-                        {% endif %}
-                        {% if page_obj.has_next %}
-                            <a role="button" class="btn btn-secondary"
-                               href="?page={{ page_obj.next_page_number }}">
-                                <i class="fa fa-arrow-circle-right"></i> Older
-                            </a>
-                        {% else %}
-                            <a role="button" class="btn btn-secondary disabled" href="#">
-                                <i class="fa fa-arrow-circle-right"></i> Older
-                            </a>
-                        {% endif %}
+<div class="row sodar-subtitle-container bg-white sticky-top">
+  <h2><i class="fa fa-exclamation-triangle"></i> Admin Alerts</h2>
+
+  <a role="button" class="btn btn-primary ml-auto"
+     href="{% url 'adminalerts:create' %}">
+    <i class="fa fa-plus"></i> Create Alert
+  </a>
+</div>
+
+<div class="container-fluid sodar-page-container">
+
+  {% if object_list.count > 0 %}
+    <div class="card" id="sodar-aa-alert-list">
+      <div class="card-body p-0">
+        <table class="table table-striped sodar-card-table" id="sodar-aa-list-table">
+          <thead>
+            <tr>
+              <th>Message</th>
+              <th>User</th>
+              <th>Created</th>
+              <th>Expiry</th>
+              <th>Status</th>
+              <th></th>
+            </tr>
+          </thead>
+          <tbody>
+            {% for a in object_list %}
+              <tr {% if not a.is_active %}class="text-muted"{% endif %}
+                  id="sodar-aa-alert-item-{{ a.pk }}">
+                <td><a href="{% url 'adminalerts:detail' uuid=a.sodar_uuid %}">{{ a.message }}</a></td>
+                <td>{% get_user_html a.user as user_html %}{{ user_html|safe }}</td>
+                <td>{{ a.date_created | date:'Y-m-d H:i:s' }}</td>
+                <td>{{ a.date_expire | date:'Y-m-d' }}</td>
+                <td>
+                  <button class="btn sodar-list-btn
+                          {% if not a.is_expired and a.active %}btn-success
+                          {% elif not a.is_expired and not a.active %} btn-warning
+                          {% else %} btn-danger{% endif %} js-change-alert-state-button"
+                          type="button" data-uuid="{{ a.sodar_uuid }}"
+                          {% if a.is_expired %}disabled{% endif %}
+                  >
+                    {% if a.is_expired %}
+                      EXPIRED
+                    {% elif a.active %}
+                      ACTIVE
+                    {% else %}
+                      SUSPENDED
+                    {% endif %}
+                  </button>
+                </td>
+                <td>
+                  <div class="btn-group sodar-list-btn-group" id="sodar-aa-alert-buttons-{{ a.pk }}">
+                    <button class="btn btn-secondary dropdown-toggle sodar-list-dropdown"
+                            type="button" data-toggle="dropdown" aria-expanded="false">
+                      <i class="fa fa-cog"></i>
+                    </button>
+                    <div class="dropdown-menu dropdown-menu-right">
+                      <a class="dropdown-item"
+                         href="{% url 'adminalerts:update' uuid=a.sodar_uuid %}">
+                        <i class="fa fa-fw fa-pencil"></i> Update Alert
+                      </a>
+                      <a class="dropdown-item"
+                         href="{% url 'adminalerts:delete' uuid=a.sodar_uuid %}">
+                        <i class="fa fa-fw fa-close"></i> Delete Alert
+                      </a>
                     </div>
-                </div>
-            {% endif %}
+                  </div>
+                </td>
+              </tr>
+            {% endfor %}
+          </tbody>
+        </table>
+      </div>
+    </div>
 
-        {% else %}
-            <div class="container-fluid">
-                <div class="alert alert-info" role="alert">
-                    No alerts found.
-                </div>
-            </div>
-        {% endif %}
+    {% if is_paginated %}
+      {% include 'projectroles/_pagination.html' with pg_small=False %}
+    {% endif %}
 
+  {% else %} {# if object_list.count == 0 #}
+    <div class="container-fluid">
+      <div class="alert alert-info" role="alert">
+        No alerts found.
+      </div>
     </div>
+  {% endif %}
+
+</div>
 
 {% endblock projectroles %}
diff --git a/adminalerts/tests/test_models.py b/adminalerts/tests/test_models.py
index fae3db2b..c8c657ac 100644
--- a/adminalerts/tests/test_models.py
+++ b/adminalerts/tests/test_models.py
@@ -40,7 +40,6 @@ class TestAdminAlert(AdminAlertMixin, TestCase):
     """Tests for AdminAlert model"""
 
     def setUp(self):
-
         # Create superuser
         self.superuser = self.make_user('superuser')
         self.superuser.is_superuser = True
diff --git a/adminalerts/tests/test_permissions.py b/adminalerts/tests/test_permissions.py
index a91eb6ab..08bceeef 100644
--- a/adminalerts/tests/test_permissions.py
+++ b/adminalerts/tests/test_permissions.py
@@ -32,6 +32,7 @@ def setUp(self):
         )
 
     def test_alert_create(self):
+        """Test permissions for AdminAlert creation"""
         url = reverse('adminalerts:create')
         good_users = [self.superuser]
         bad_users = [self.anonymous, self.regular_user]
@@ -39,6 +40,7 @@ def test_alert_create(self):
         self.assert_redirect(url, bad_users)
 
     def test_alert_update(self):
+        """Test permissions for AdminAlert updating"""
         url = reverse(
             'adminalerts:update', kwargs={'uuid': self.alert.sodar_uuid}
         )
@@ -48,6 +50,7 @@ def test_alert_update(self):
         self.assert_redirect(url, bad_users)
 
     def test_alert_delete(self):
+        """Test permissions for AdminAlert deletion"""
         url = reverse(
             'adminalerts:delete', kwargs={'uuid': self.alert.sodar_uuid}
         )
@@ -57,6 +60,7 @@ def test_alert_delete(self):
         self.assert_redirect(url, bad_users)
 
     def test_alert_list(self):
+        """Test permissions for AdminAlert list"""
         url = reverse('adminalerts:list')
         good_users = [self.superuser]
         bad_users = [self.anonymous, self.regular_user]
@@ -64,6 +68,7 @@ def test_alert_list(self):
         self.assert_redirect(url, bad_users)
 
     def test_alert_detail(self):
+        """Test permissions for AdminAlert details"""
         url = reverse(
             'adminalerts:detail', kwargs={'uuid': self.alert.sodar_uuid}
         )
@@ -73,6 +78,7 @@ def test_alert_detail(self):
         self.assert_redirect(url, bad_users)
 
     def test_alert_activation(self):
+        """Test permissions for AdminAlert activation API view"""
         url = reverse('adminalerts:ajax_alert_activation')
         good_users = [self.superuser]
         bad_users = [self.anonymous, self.regular_user]
diff --git a/adminalerts/tests/test_views.py b/adminalerts/tests/test_views.py
index 287ac02d..2bd06e9c 100644
--- a/adminalerts/tests/test_views.py
+++ b/adminalerts/tests/test_views.py
@@ -232,8 +232,10 @@ def test_delete(self):
 
 
 class TestAdminAlertActivationView(TestViewsBase):
+    """Tests for the AdminAlert activation API view"""
+
     def test_deactivate_alert(self):
-        """There is 1 active alert currently. Try to deactivate it."""
+        """Test alert deactivation"""
         with self.login(self.superuser):
             self.assertTrue(self.alert.active)
 
@@ -246,10 +248,10 @@ def test_deactivate_alert(self):
             data = json.loads(response.content)
             self.alert.refresh_from_db()
             self.assertFalse(self.alert.active)
-            self.assertFalse(data["is_active"])
+            self.assertFalse(data['is_active'])
 
     def test_activate_alert(self):
-        """There is 1 active alert currently. Try to deactivate it."""
+        """Test alert activation"""
         with self.login(self.superuser):
             self.alert.active = False
             self.alert.save()
@@ -263,4 +265,4 @@ def test_activate_alert(self):
             data = json.loads(response.content)
             self.alert.refresh_from_db()
             self.assertTrue(self.alert.active)
-            self.assertTrue(data["is_active"])
+            self.assertTrue(data['is_active'])
diff --git a/adminalerts/urls.py b/adminalerts/urls.py
index 5d6e4bdc..5bcf0c65 100644
--- a/adminalerts/urls.py
+++ b/adminalerts/urls.py
@@ -28,7 +28,7 @@
     ),
     url(
         regex=r'^ajax/update-state',
-        view=views.AdminAlertActivationView.as_view(),
+        view=views.AdminAlertActivationAPIView.as_view(),
         name='ajax_alert_activation',
     ),
 ]
diff --git a/adminalerts/views.py b/adminalerts/views.py
index ed9d5b3e..6e8152b7 100644
--- a/adminalerts/views.py
+++ b/adminalerts/views.py
@@ -105,7 +105,29 @@ class AdminAlertUpdateView(
     slug_field = 'sodar_uuid'
 
 
-class AdminAlertActivationView(LoggedInPermissionMixin, HTTPRefererMixin, View):
+class AdminAlertDeleteView(
+    LoggedInPermissionMixin, HTTPRefererMixin, DeleteView
+):
+    """AdminAlert deletion view"""
+
+    model = AdminAlert
+    permission_required = 'adminalerts.update_alert'
+    slug_url_kwarg = 'uuid'
+    slug_field = 'sodar_uuid'
+
+    def get_success_url(self):
+        """Override for redirecting alert list view with message"""
+        messages.success(self.request, 'Alert deleted.')
+        return reverse('adminalerts:list')
+
+
+# API views --------------------------------------------------------------------
+
+
+class AdminAlertActivationAPIView(
+    LoggedInPermissionMixin, HTTPRefererMixin, View
+):
+    """AdminAlert activation/deactivation API view"""
 
     permission_required = 'adminalerts.update_alert'
     http_method_names = ['post']
@@ -113,28 +135,12 @@ class AdminAlertActivationView(LoggedInPermissionMixin, HTTPRefererMixin, View):
     def post(self, request: HttpRequest):
         uuid = request.POST.get('uuid', None)
 
-        alert = None
         try:
             alert = AdminAlert.objects.get(sodar_uuid__exact=uuid)
+
         except AdminAlert.DoesNotExist:
             return HttpResponseBadRequest()
 
         alert.active = not alert.active
         alert.save()
         return JsonResponse({'is_active': alert.active})
-
-
-class AdminAlertDeleteView(
-    LoggedInPermissionMixin, HTTPRefererMixin, DeleteView
-):
-    """AdminAlert deletion view"""
-
-    model = AdminAlert
-    permission_required = 'adminalerts.update_alert'
-    slug_url_kwarg = 'uuid'
-    slug_field = 'sodar_uuid'
-
-    def get_success_url(self):
-        """Override for redirecting alert list view with message"""
-        messages.success(self.request, 'Alert deleted.')
-        return reverse('adminalerts:list')
diff --git a/docs/source/app_projectroles_usage.rst b/docs/source/app_projectroles_usage.rst
index 3051699b..cf325db3 100644
--- a/docs/source/app_projectroles_usage.rst
+++ b/docs/source/app_projectroles_usage.rst
@@ -155,11 +155,17 @@ before will be presented to the user.
 App Settings
 ------------
 
-Project and site apps may define project or user specific :term:`app settings`.
+Project and site apps may define :term:`app settings`, which can be either be
+set with the scope of *project*, *user* or *user within a project*.
+
 Widgets for project specific settings will show up in the project creation and
-updating form. User specific settings will be displayed in the :ref:`Userpforile
-app <app_userprofile>`. Project settings can only be modified by users with
-sufficient project access.
+updating form and can only be modified by users with sufficient project access.
+User specific settings will be displayed in the
+:ref:`Userpforile app <app_userprofile>`.
+
+Settings with the scope of user within a project do not currently have a
+separate UI of their own. Instead, project apps can produce their own user
+specific UIs for this functionality if manual user selection is needed.
 
 .. note::
 
diff --git a/docs/source/dev_general.rst b/docs/source/dev_general.rst
index 2cf889cc..8555fff7 100644
--- a/docs/source/dev_general.rst
+++ b/docs/source/dev_general.rst
@@ -27,6 +27,19 @@ Common Helpers
 Via the projectroles app, SODAR Core provides optional templates for aiding in
 maintaining common functionality and layout. Those are defined here.
 
+App Setting API
+---------------
+
+For accessing and modifying app settings for project or site apps, you should
+use the ``AppSettingAPI``. Below is an example of invoking the API. For the full
+API docs, see :ref:`app_projectroles_api`.
+
+.. code-block:: python
+
+    from projectroles.app_settings import AppSettingAPI
+    app_settings = AppSettingAPI()
+    app_settings.get_app_setting('app_name', 'setting_name', project_object)  # Etc..
+
 Pagination Template
 -------------------
 
diff --git a/example_backend_app/static/example_backend_app/css/greeting.css b/example_backend_app/static/example_backend_app/css/greeting.css
index 24929937..bbc93e22 100644
--- a/example_backend_app/static/example_backend_app/css/greeting.css
+++ b/example_backend_app/static/example_backend_app/css/greeting.css
@@ -1,3 +1,3 @@
 #example_backend_greeting {
-    border: 1px solid grey;
+  font-weight: bold;
 }
\ No newline at end of file
diff --git a/filesfolders/tests/test_models.py b/filesfolders/tests/test_models.py
index 0f609a21..7c369122 100644
--- a/filesfolders/tests/test_models.py
+++ b/filesfolders/tests/test_models.py
@@ -329,7 +329,7 @@ def test__repr__(self):
         self.assertEqual(repr(self.file), expected)
 
     def test_file_access(self):
-        """Ensure file can be accessed in database after creation"""
+        """Test file can be accessed in database after creation"""
         file_data = FileData.objects.get(file_name=self.file.file.name)
 
         expected = {
@@ -343,7 +343,7 @@ def test_file_access(self):
         self.assertEqual(model_to_dict(file_data), expected)
 
     def test_file_deletion(self):
-        """Ensure file is removed from database after deletion"""
+        """Test file is removed from database after deletion"""
 
         # Assert precondition
         self.assertEqual(FileData.objects.all().count(), 1)
diff --git a/projectroles/templates/projectroles/project_roles_transfer_owner.html b/projectroles/templates/projectroles/project_roles_transfer_owner.html
index c6bbe02c..f16b704b 100644
--- a/projectroles/templates/projectroles/project_roles_transfer_owner.html
+++ b/projectroles/templates/projectroles/project_roles_transfer_owner.html
@@ -5,50 +5,48 @@
 {% load static %}
 
 {% block title %}
-    Transfer ownership of {{ project.title }}
+  Transfer ownership of {{ project.title }}
 {% endblock title %}
 
 {% block projectroles_extend %}
 
-    <div class="row sodar-subtitle-container bg-white sticky-top">
-        <h3>Transfer Project Ownership from User {{ current_owner.username }}</h3>
+<div class="row sodar-subtitle-container bg-white sticky-top">
+  <h3>Transfer Project Ownership from User {{ current_owner.username }}</h3>
+</div>
+
+<div class="container-fluid sodar-page-container">
+  <form method="post">
+    {% csrf_token %}
+    {{ form | crispy }}
+
+    <div class="row">
+      <div class="btn-group ml-auto">
+        <a role="button" class="btn btn-secondary"
+           href="{{ request.session.real_referer }}">
+          <i class="fa fa-arrow-circle-left"></i> Cancel
+        </a>
+        <button type="submit" class="btn btn-primary">
+          <i class="fa fa-exchange"></i> Transfer
+        </button>
+      </div>
     </div>
+  </form>
+</div>
 
-    <div class="container-fluid sodar-page-container">
-        <form method="post">
-            {% csrf_token %}
-            {{ form | crispy }}
-
-
-            <div class="row">
-                <div class="btn-group ml-auto">
-                    <a role="button" class="btn btn-secondary"
-                       href="{{ request.session.real_referer }}">
-                        <i class="fa fa-arrow-circle-left"></i> Cancel
-                    </a>
-                    <button type="submit" class="btn btn-primary">
-                        <i class="fa fa-exchange"></i>
-                        Transfer
-                    </button>
-                </div>
-            </div>
-        </form>
-    </div>
-
-    <span class="sodar-popup-overlay" id="sodar-pr-email-preview-popup"></span>
+<span class="sodar-popup-overlay" id="sodar-pr-email-preview-popup"></span>
 
 {% endblock projectroles_extend %}
 
 {% block javascript %}
-    {{ block.super }}
+  {{ block.super }}
 
-    <!-- DAL for autocomplete widgets -->
-    <script type="text/javascript" src="{% static 'admin/js/vendor/jquery/jquery.js' %}"></script>
-    {{ form.media }}
+  <!-- DAL for autocomplete widgets -->
+  <script type="text/javascript" src="{% static 'admin/js/vendor/jquery/jquery.js' %}"></script>
+  {{ form.media }}
 {% endblock javascript %}
 
 {% block css %}
-    {{ block.super }}
-    <!-- Select2 theme -->
-    <link href="https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.6-rc.0/css/select2.min.css" rel="stylesheet"/>
+  {{ block.super }}
+  <!-- Select2 theme -->
+  <link href="https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.6-rc.0/css/select2.min.css" rel="stylesheet"/>
 {% endblock css %}
diff --git a/projectroles/tests/test_templatetags.py b/projectroles/tests/test_templatetags.py
index 7e37999a..2daba567 100644
--- a/projectroles/tests/test_templatetags.py
+++ b/projectroles/tests/test_templatetags.py
@@ -258,7 +258,7 @@ def test_highlight_search_term(self):
         )
 
     def test_get_info_link(self):
-        """Tet get_info_link()"""
+        """Test get_info_link()"""
         self.assertEqual(
             c_tags.get_info_link('content'),
             '<a class="sodar-info-link" tabindex="0" data-toggle="popover" '
diff --git a/projectroles/tests/test_ui.py b/projectroles/tests/test_ui.py
index f94a1420..0334dd5d 100644
--- a/projectroles/tests/test_ui.py
+++ b/projectroles/tests/test_ui.py
@@ -511,10 +511,10 @@ def test_link_create_toplevel(self):
 class TestProjectDetail(TestUIBase, RemoteSiteMixin, RemoteProjectMixin):
     """Tests for the project detail page UI functionalities"""
 
-    def setup_remote_project(
+    def _setup_remote_project(
         self, site_mode=SITE_MODE_TARGET, user_visibility=True
     ):
-        """Creates a remote site and project with given user_visibility setting"""
+        """Create a remote site and project with given user_visibility setting"""
         self.remote_site = self._make_site(
             name=REMOTE_SITE_NAME,
             url=REMOTE_SITE_URL,
@@ -532,8 +532,8 @@ def setup_remote_project(
             project=self.project,
         )
 
-    def add_remote_association(self):
-        """Fills and submits add source/target site form"""
+    def _add_remote_association(self):
+        """Fill an submits add source/target site form"""
         # Instead we could also set up a real RemoteProject, but this makes
         # the test run faster
         url = reverse('projectroles:remote_site_create')
@@ -666,8 +666,8 @@ def test_copy_uuid_visibility_enabled(self):
         )
 
     def test_remote_project_visible(self):
-        """Checks project card for enabled visbility for all users"""
-        self.setup_remote_project(user_visibility=True)
+        """Test project card for enabled visbility for all users"""
+        self._setup_remote_project(user_visibility=True)
         users = [
             self.superuser,
             self.user_owner,
@@ -691,8 +691,8 @@ def test_remote_project_visible(self):
             self.assertEqual(remote_project.text, REMOTE_SITE_NAME)
 
     def test_remote_project_invisible(self):
-        """Checks project card for disabled visibility for different users"""
-        self.setup_remote_project(user_visibility=False)
+        """Test project card for disabled visibility for different users"""
+        self._setup_remote_project(user_visibility=False)
         users = [self.user_delegate, self.user_contributor, self.user_guest]
         url = reverse(
             'projectroles:detail', kwargs={'project': self.project.sodar_uuid}
@@ -716,8 +716,8 @@ def test_remote_project_invisible(self):
             self.assertEqual(remote_project.text, REMOTE_SITE_NAME)
 
     def test_peer_project_source_invisible(self):
-        """Checks visibility of peer projects on SOURCE site"""
-        self.setup_remote_project(site_mode=SITE_MODE_PEER)
+        """Test visibility of peer projects on SOURCE site"""
+        self._setup_remote_project(site_mode=SITE_MODE_PEER)
 
         url = reverse(
             'projectroles:detail', kwargs={'project': self.project.sodar_uuid}
@@ -755,7 +755,7 @@ def test_peer_project_target_visible(self):
             level=SODAR_CONSTANTS['REMOTE_LEVEL_READ_ROLES'],
             project=self.project,
         )
-        self.setup_remote_project(site_mode=SITE_MODE_PEER)
+        self._setup_remote_project(site_mode=SITE_MODE_PEER)
 
         url = reverse(
             'projectroles:detail', kwargs={'project': self.project.sodar_uuid}
@@ -804,7 +804,7 @@ def test_peer_project_target_invisible(self):
             project=self.project,
         )
 
-        self.setup_remote_project(
+        self._setup_remote_project(
             site_mode=SITE_MODE_PEER, user_visibility=False
         )
 
@@ -855,7 +855,7 @@ def test_target_visibility(self):
             self.selenium.find_element_by_id('id_user_display').is_displayed()
         )
 
-        self.add_remote_association()
+        self._add_remote_association()
         # Check Visible to User column visibility
         remote_site_table = self.selenium.find_element_by_id(
             'sodar-pr-remote-site-table'
@@ -878,7 +878,7 @@ def test_source_visibility(self):
         element = self.selenium.find_element_by_id('div_id_user_display')
         self.assertIsNotNone(element)
 
-        self.add_remote_association()
+        self._add_remote_association()
         # Check Visible to User column visibility
         remote_site_table = self.selenium.find_element_by_id(
             'sodar-pr-remote-site-table'
diff --git a/timeline/templates/timeline/_extra_data_modal.html b/timeline/templates/timeline/_extra_data_modal.html
index 5d78b9a6..f6203972 100644
--- a/timeline/templates/timeline/_extra_data_modal.html
+++ b/timeline/templates/timeline/_extra_data_modal.html
@@ -44,8 +44,7 @@
             </li>
           {% endfor %}
         </ul>
-        <button type="button" class="close ml-auto" data-dismiss="modal" aria-label="Close"
-                style="width: 2rem; border-left: 1px solid #dee2e6">
+        <button type="button" class="close ml-auto mr-3" data-dismiss="modal" aria-label="Close">
           <span aria-hidden="true">&times;</span>
         </button>
       </div>
diff --git a/userprofile/tests/test_views.py b/userprofile/tests/test_views.py
index 7d5f3c58..10b1e176 100644
--- a/userprofile/tests/test_views.py
+++ b/userprofile/tests/test_views.py
@@ -86,7 +86,8 @@ def setUp(self):
             user=self.user,
         )
 
-    def testGet(self):
+    def test_get(self):
+        """Test GET request on settings update form"""
         with self.login(self.user):
             response = self.client.get(reverse('userprofile:settings_update'))
         self.assertEqual(response.status_code, 200)
@@ -112,7 +113,8 @@ def testGet(self):
             )
         )
 
-    def testPost(self):
+    def test_post(self):
+        """Test POST request on settings update form"""
         self.assertEqual(
             app_settings.get_app_setting(
                 EXAMPLE_APP_NAME, 'user_str_setting', user=self.user

From b2dc7aaad6f31251a4900d52ad8a01f5a4b121a8 Mon Sep 17 00:00:00 2001
From: "mikko.nieminen" <mikko.nieminen@bihealth.de>
Date: Tue, 8 Oct 2019 18:31:14 +0200
Subject: [PATCH 15/20] remove debug prints from remote_projects.py

---
 projectroles/remote_projects.py | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/projectroles/remote_projects.py b/projectroles/remote_projects.py
index fd27969e..fdccba11 100644
--- a/projectroles/remote_projects.py
+++ b/projectroles/remote_projects.py
@@ -696,11 +696,6 @@ def _remove_revoked_peers(self, uuid, p_data):
                 project_uuid=uuid, site__mode=SITE_MODE_PEER
             )
 
-            # DEBUG
-            if p_data['level'] == REMOTE_LEVEL_REVOKED:
-                print('DEBUG: local_peers={}'.format(local_peers))
-                print('DEBUG: remote_sites={}'.format(p_data['remote_sites']))
-
             if not local_peers:
                 return
 

From 9e453d4da289210811e0cc8c41c34979a1a6be3f Mon Sep 17 00:00:00 2001
From: "mikko.nieminen" <mikko.nieminen@bihealth.de>
Date: Wed, 9 Oct 2019 11:51:19 +0200
Subject: [PATCH 16/20] hide timeline event extra data in details view,
 refactor css styling, rename test cases

---
 .../templates/timeline/_extra_data_modal.html  | 14 +++++++++++++-
 timeline/templates/timeline/_list_item.html    |  6 +++---
 timeline/tests/test_ui.py                      | 18 +++++++++---------
 3 files changed, 25 insertions(+), 13 deletions(-)

diff --git a/timeline/templates/timeline/_extra_data_modal.html b/timeline/templates/timeline/_extra_data_modal.html
index f6203972..57d9513d 100644
--- a/timeline/templates/timeline/_extra_data_modal.html
+++ b/timeline/templates/timeline/_extra_data_modal.html
@@ -22,6 +22,18 @@
       color: #222222;
     }
 
+    .sodar-tl-link-extra {
+      cursor: pointer;
+    }
+
+    .sodar-tl-modal-tabs {
+      flex: 1;
+      flex-direction: row;
+      display: flex;
+      flex-wrap: wrap;
+      border-bottom: 1px solid #dee2e6;
+    }
+
     .sodar-tl-copy-btn {
       position: absolute;
       top: 10px;
@@ -34,7 +46,7 @@
 <div id="sodar-tl-modal-{{ event.pk }}" class="modal sodar-tl-modal" tabindex="-1" role="dialog">
   <div class="modal-dialog modal-dialog-centered sodar-tl-modal-dialog" role="document">
     <div class="modal-content">
-      <div style="flex: 1; flex-direction: row; display: flex; flex-wrap: wrap; border-bottom: 1px solid #dee2e6">
+      <div class="sodar-tl-modal-tabs">
         <ul class="nav nav-tabs border-bottom-0">
           {% for data in event|collect_extra_data %}
             <li class="nav-item">
diff --git a/timeline/templates/timeline/_list_item.html b/timeline/templates/timeline/_list_item.html
index 71c97e76..d27d0323 100644
--- a/timeline/templates/timeline/_list_item.html
+++ b/timeline/templates/timeline/_list_item.html
@@ -18,9 +18,9 @@
     {% autoescape off %}
       {% get_event_description event request %}
     {% endautoescape %}
-    {% if event|has_extra_data %}
-      <a class="pull-right" tabindex="0" data-toggle="modal"
-         data-trigger="focus" data-target="#sodar-tl-modal-{{ event.pk }}" style="cursor: pointer;">
+    {% if not details_card_mode and event|has_extra_data %}
+      <a class="sodar-tl-link-extra pull-right" tabindex="0" data-toggle="modal"
+         data-trigger="focus" data-target="#sodar-tl-modal-{{ event.pk }}">
         <i class="fa fa-fw fa-file-text" title="Extra Data"
            data-toggle="tooltip" data-placement="left">
         </i>
diff --git a/timeline/tests/test_ui.py b/timeline/tests/test_ui.py
index ee074ded..1b7db8c3 100644
--- a/timeline/tests/test_ui.py
+++ b/timeline/tests/test_ui.py
@@ -140,7 +140,7 @@ def setUp(self):
             extra_data={},
         )
 
-    def test_extra_data_badge_visibility(self):
+    def test_extra_data_badge(self):
         """Test visibility of extra data badges to open a model in the timeline event list"""
         expected = [
             (self.superuser, 1),
@@ -162,7 +162,7 @@ def test_extra_data_badge_visibility(self):
             path='//table[@id="sodar-tl-table"]/tbody/tr/td/',
         )
 
-    def test_status_extra_data_only_badge_visibility(self):
+    def test_status_extra_data_only_badge(self):
         """Test visibility when event only has extra data in one of its states."""
         self.event_with_status = self.timeline.add_event(
             project=self.project,
@@ -195,7 +195,7 @@ def test_status_extra_data_only_badge_visibility(self):
             path='//table/tbody/tr/td/',
         )
 
-    def test_object_event_extra_data_badge_visibility(self):
+    def test_object_event_extra_data(self):
         """Test visibility of object related events events in the timeline event list"""
 
         # Add user as an object reference
@@ -228,14 +228,14 @@ def test_object_event_extra_data_badge_visibility(self):
             path='//table[@id="sodar-tl-table"]/tbody/tr/td/',
         )
 
-    def test_event_extra_data_badge_visibility_details(self):
+    def test_event_extra_data_details(self):
         """Test visibility of events on the project details page"""
         expected = [
-            (self.superuser, 1),
-            (self.as_owner.user, 1),
-            (self.as_delegate.user, 1),
-            (self.as_contributor.user, 1),
-            (self.as_guest.user, 1),
+            (self.superuser, 0),
+            (self.as_owner.user, 0),
+            (self.as_delegate.user, 0),
+            (self.as_contributor.user, 0),
+            (self.as_guest.user, 0),
         ]
 
         url = reverse(

From e35362141691108bad8248de830aebbf0aed85c5 Mon Sep 17 00:00:00 2001
From: "mikko.nieminen" <mikko.nieminen@bihealth.de>
Date: Wed, 9 Oct 2019 14:27:43 +0200
Subject: [PATCH 17/20] upgrade python requirements (#282)

---
 CHANGELOG.rst                    |  1 +
 docs/source/breaking_changes.rst |  5 ++++-
 requirements/base.txt            | 29 ++++++++++++++---------------
 requirements/local.txt           |  2 +-
 requirements/test.txt            | 14 +++++++-------
 5 files changed, 27 insertions(+), 24 deletions(-)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 2878d482..5c06e5e3 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -58,6 +58,7 @@ Changed
     - Use ``CurrentUserFormMixin`` instead of repeated code (#12)
     - Run tests in parallel where applicable
     - Upgrade minimum Django version to 1.11.25 (#346)
+    - General upgrade for Python package requirements (#282)
 - **Adminalerts**
     - Use common pagination template
 - **Projectroles**
diff --git a/docs/source/breaking_changes.rst b/docs/source/breaking_changes.rst
index c9444dd5..3d75aeb5 100644
--- a/docs/source/breaking_changes.rst
+++ b/docs/source/breaking_changes.rst
@@ -16,7 +16,10 @@ v0.7.0 (TBD)
 System Prerequisites
 --------------------
 
-The minimum version requirement for Django has been bumped to 1.11.25.
+The minimum supported versions have been upgraded for a number of Python
+packages in this release. It is highly recommended to also upgrade these for
+your SODAR Core based site. See the ``requirements`` directory for up-to date
+dependencies.
 
 Backend Javascript Include
 --------------------------
diff --git a/requirements/base.txt b/requirements/base.txt
index 9d545bfa..fe880930 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -1,8 +1,8 @@
 # Wheel
-wheel==0.32.3
+wheel==0.33.6
 
 # Conservative Django
-django>=1.11.25,<2.0
+django>=1.11.25, <2.0
 
 # Configuration
 django-environ>=0.4.5, <0.5
@@ -11,27 +11,27 @@ django-environ>=0.4.5, <0.5
 django-crispy-forms>=1.7.2, <1.8
 
 # Models
-django-model-utils>=3.1.2, <3.2
+django-model-utils>=3.2.0, <3.3
 
 # Images
-Pillow>=5.4.1, <5.5
+Pillow>=6.2.0, <6.3
 
 # Password storage
 argon2-cffi>=19.1.0, <19.2
 
 # Python-PostgreSQL Database Adapter
-psycopg2-binary>=2.7.6.1, <2.8
+psycopg2-binary>=2.8.3, <2.9
 
 # Unicode slugification
 awesome-slugify>=1.6.5, <1.7
 
 # Time zones support
-pytz>=2018.9
+pytz>=2019.3
 
 # Online documentation via django-docs.
-Sphinx>=1.8.3, <1.9
+Sphinx>=2.2.0, <2.3
 django-docs>=0.3.1, <0.4
-sphinx-rtd-theme>=0.4.2, <0.5
+sphinx-rtd-theme>=0.4.3, <0.5
 
 # Versioning
 versioneer>=0.18
@@ -44,18 +44,18 @@ versioneer>=0.18
 -e git+https://github.com/mikkonie/django-plugins.git@1bc07181e6ab68b0f9ed3a00382eb1f6519e1009#egg=django-plugins
 
 # Rules for permissions
-rules>=2.0.1, <2.1
+rules>=2.1, <2.2
 
 # REST framework
-djangorestframework>=3.9.1, <3.10
+djangorestframework>=3.10.3, <3.11
 
 # Token authentication
-django-rest-knox>=3.6.0, <3.7
+django-rest-knox>=4.1.0, <4.2
 
 # Markdown field support
-markdown>=3.0.1, <3.1
+markdown>=3.1.1, <3.2
 django-markupfield>=1.5.1, <1.6
-django-pagedown>=1.0.6, <1.1
+django-pagedown>=1.0.6, <1.1  # NOTE: v2.x requires Django 2.1+
 mistune>=0.8.4, <0.9
 
 # Database file storage for filesfolders
@@ -65,5 +65,4 @@ django-db-file-storage==0.5.3
 celery<4.2  # pyup: <4.2  # blocker: https://github.com/celery/celery/issues/4878
 
 # Django autocomplete light (DAL)
-django-autocomplete-light==3.2.10  #higher versions are not compatible with django 1.11
-
+django-autocomplete-light==3.2.10  # Higher versions require Django 2.x
diff --git a/requirements/local.txt b/requirements/local.txt
index 8961bddb..f41cfe72 100644
--- a/requirements/local.txt
+++ b/requirements/local.txt
@@ -7,4 +7,4 @@ Werkzeug==0.15.3
 django-debug-toolbar==1.11
 
 # improved REPL
-ipdb==0.11
+ipdb==0.12.2, <0.13
diff --git a/requirements/test.txt b/requirements/test.txt
index 978079a5..3e750d23 100644
--- a/requirements/test.txt
+++ b/requirements/test.txt
@@ -1,14 +1,14 @@
 # Test dependencies go here.
 -r base.txt
 
-flake8==3.6.0 # pyup: != 2.6.0
-django-test-plus==1.1.1
-factory-boy==2.11.1
-coverage==4.5.2
+flake8==3.7.8
+django-test-plus==1.3.1
+factory-boy==2.12.0
+coverage==4.5.4
 django-coverage-plugin==1.6.0
 
 # pytest
-pytest-django==3.4.5
+pytest-django==3.5.1
 pytest-sugar==0.9.2
 
 # Selenium for UI testing
@@ -18,10 +18,10 @@ selenium==3.141.0
 tblib==1.4.0
 
 # BeautifulSoup for HTML testing
-beautifulsoup4==4.7.1
+beautifulsoup4==4.8.1
 
 # Coverage through Codacy
 codacy-coverage==1.3.11
 
 # Black for formatting
-black==18.9b0
+black==19.3b0

From e6dc50807def74680a91843fa782682cb137f550 Mon Sep 17 00:00:00 2001
From: "mikko.nieminen" <mikko.nieminen@bihealth.de>
Date: Wed, 9 Oct 2019 14:56:53 +0200
Subject: [PATCH 18/20] improved fix for footer overflow (#367, #375), update
 default footer template

---
 CHANGELOG.rst                                         | 2 +-
 docs/source/breaking_changes.rst                      | 7 +++++++
 projectroles/static/projectroles/css/projectroles.css | 9 +++++++--
 projectroles/templates/projectroles/_footer.html      | 6 ++----
 4 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 5c06e5e3..bd91db96 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -87,7 +87,7 @@ Fixed
     - ``RemoteProject`` modifications not saved during sync update
     - Timeline events not created in remote project sync (#370)
     - DAL select modifying HTML body width (#365)
-    - Footer overflow breaking layout (#367)
+    - Footer overflow breaking layout (#367, #375)
 - **Timeline**
     - Crash from exception raised by ``get_object_link()`` in a plugin (#328)
 
diff --git a/docs/source/breaking_changes.rst b/docs/source/breaking_changes.rst
index 3d75aeb5..5ae25459 100644
--- a/docs/source/breaking_changes.rst
+++ b/docs/source/breaking_changes.rst
@@ -53,6 +53,13 @@ change, the signature of the API function including argument order has changed.
 Please see the :ref:`API documentation<app_projectroles_api>` for more details
 and update your function calls accordingly.
 
+Default Footer Styling Changed
+------------------------------
+
+The styling of the page footer and the default ``_footer.html`` have changed.
+You no longer need an extra ``<div>`` element for the footer content, unless
+you need to do styling overrides yourself.
+
 
 v0.6.2 (2019-06-21)
 ===================
diff --git a/projectroles/static/projectroles/css/projectroles.css b/projectroles/static/projectroles/css/projectroles.css
index a7ff00a6..d609020b 100644
--- a/projectroles/static/projectroles/css/projectroles.css
+++ b/projectroles/static/projectroles/css/projectroles.css
@@ -157,11 +157,16 @@ div.sodar-page-container {
 
 .sodar-footer {
   width: 100%;
-  height: 36px;
+  min-height: 36px;
   line-height: 36px;
   margin: 0;
+  padding-left: 6px;
+  padding-right: 6px;
   background-color: #f5f5f5;
-  overflow-y: hidden;
+  text-align: center;
+  overflow: hidden;
+  white-space: nowrap;
+  text-overflow: ellipsis;
 }
 
 
diff --git a/projectroles/templates/projectroles/_footer.html b/projectroles/templates/projectroles/_footer.html
index 21f19029..7e35ba73 100644
--- a/projectroles/templates/projectroles/_footer.html
+++ b/projectroles/templates/projectroles/_footer.html
@@ -3,7 +3,5 @@
 
 {% get_django_setting 'SITE_TITLE' as site_title %}
 
-<div class="text-sm-center">
-  Set the content for your footer in include/_footer.html.
-  {{ site_title }} v{% site_version %} / SODAR Core v{% core_version %}
-</div>
+Set the content for your footer in include/_footer.html.
+{{ site_title }} v{% site_version %} / SODAR Core v{% core_version %}

From 078c3a026ee733d27200849638f0301b090178ff Mon Sep 17 00:00:00 2001
From: "mikko.nieminen" <mikko.nieminen@bihealth.de>
Date: Wed, 9 Oct 2019 15:02:03 +0200
Subject: [PATCH 19/20] tweak some text labels

---
 bgjobs/templates/bgjobs/_details_card.html    | 2 +-
 projectroles/templates/projectroles/home.html | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/bgjobs/templates/bgjobs/_details_card.html b/bgjobs/templates/bgjobs/_details_card.html
index 7e9ca1cb..4dfbdced 100644
--- a/bgjobs/templates/bgjobs/_details_card.html
+++ b/bgjobs/templates/bgjobs/_details_card.html
@@ -18,7 +18,7 @@
       {% endfor %}
     {% else %}
         <tr>
-          <td class="bg-faded font-italic text-center" colspan="5">No background jobs (yet)</td>
+          <td class="bg-faded font-italic text-center" colspan="5">No background jobs</td>
         </tr>
     {% endif %}
   </tbody>
diff --git a/projectroles/templates/projectroles/home.html b/projectroles/templates/projectroles/home.html
index dcb43678..140b913c 100644
--- a/projectroles/templates/projectroles/home.html
+++ b/projectroles/templates/projectroles/home.html
@@ -76,7 +76,7 @@ <h4><i class="fa fa-globe"></i> Available {% get_display_name 'PROJECT' title=Tr
         {% elif request.user.is_superuser %}
            <tr>
              <td class="bg-faded font-italic text-center text-danger" colspan={% get_project_column_count app_plugins %}>
-               No {% get_display_name 'PROJECT' title=False plural=True %} created yet!
+               No {% get_display_name 'PROJECT' title=False plural=True %} created
               </td>
            </tr>
         {% else %}

From 5deb087fd03e715e9e72b8cb223913f53e6a50d1 Mon Sep 17 00:00:00 2001
From: "mikko.nieminen" <mikko.nieminen@bihealth.de>
Date: Wed, 9 Oct 2019 15:07:40 +0200
Subject: [PATCH 20/20] preparing v0.7.0 release

---
 CHANGELOG.rst                                | 4 ++--
 README.rst                                   | 2 +-
 docs/source/app_projectroles_integration.rst | 2 +-
 docs/source/breaking_changes.rst             | 8 ++++----
 docs/source/conf.py                          | 2 +-
 docs/source/getting_started.rst              | 2 +-
 6 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index bd91db96..4e375d36 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -7,8 +7,8 @@ Changelog for the **SODAR Core** Django app package. Loosely follows the
 Note that the issue IDs here refer to ones in the private CUBI GitLab.
 
 
-Unreleased
-==========
+v0.7.0 (2019-10-09)
+===================
 
 Added
 -----
diff --git a/README.rst b/README.rst
index 617d3f4f..17bc1b7a 100644
--- a/README.rst
+++ b/README.rst
@@ -67,7 +67,7 @@ installation is forthcoming.
 
 .. code-block:: console
 
-    pip install -e git+https://github.com/bihealth/sodar_core.git@v0.6.2#egg=django-sodar-core
+    pip install -e git+https://github.com/bihealth/sodar_core.git@v0.7.0#egg=django-sodar-core
 
 Please note that This package installs a collection Django apps to
 be used in a Django web site project. See
diff --git a/docs/source/app_projectroles_integration.rst b/docs/source/app_projectroles_integration.rst
index e99ea2f8..ea3001e1 100644
--- a/docs/source/app_projectroles_integration.rst
+++ b/docs/source/app_projectroles_integration.rst
@@ -94,7 +94,7 @@ desired release tag.
 .. code-block:: console
 
     -e git://github.com/mikkonie/django-plugins.git@1bc07181e6ab68b0f9ed3a00382eb1f6519e1009#egg=django-plugins
-    -e git://github.com/bihealth/sodar_core.git@v0.6.2#egg=django-sodar-core
+    -e git://github.com/bihealth/sodar_core.git@v0.7.0#egg=django-sodar-core
 
 Install the requirements for development:
 
diff --git a/docs/source/breaking_changes.rst b/docs/source/breaking_changes.rst
index 5ae25459..8151818d 100644
--- a/docs/source/breaking_changes.rst
+++ b/docs/source/breaking_changes.rst
@@ -10,8 +10,8 @@ version. For a complete list of changes in the current release, see the
 ``CHANGELOG.rst`` file.
 
 
-v0.7.0 (TBD)
-============
+v0.7.0 (2019-10-09)
+===================
 
 System Prerequisites
 --------------------
@@ -30,8 +30,8 @@ associated to a backend plugin should now be included in app templates as
 needed. This is done using the newly introduced ``get_backend_include()``
 template tag in ``projectroles_common_tags``.
 
-Deprecated get_settings() Tag Removed
--------------------------------------
+Deprecated get_setting() Tag Removed
+------------------------------------
 
 The deprecated ``get_setting()`` template tag has been removed from
 ``projectroles_common_tags``. Please use ``get_django_setting()`` in your
diff --git a/docs/source/conf.py b/docs/source/conf.py
index 8bfdfded..7eb5361a 100644
--- a/docs/source/conf.py
+++ b/docs/source/conf.py
@@ -29,7 +29,7 @@
 # The short X.Y version
 version = '0.7'
 # The full version, including alpha/beta/rc tags
-release = '0.7.0-WIP'
+release = '0.7.0'
 
 
 # -- General configuration ---------------------------------------------------
diff --git a/docs/source/getting_started.rst b/docs/source/getting_started.rst
index 89ac7771..505fbe20 100644
--- a/docs/source/getting_started.rst
+++ b/docs/source/getting_started.rst
@@ -18,7 +18,7 @@ forthcoming.
 
 .. code-block:: console
 
-    pip install -e git+https://github.com/bihealth/sodar_core.git@v0.6.2#egg=django-sodar-core
+    pip install -e git+https://github.com/bihealth/sodar_core.git@v0.7.0#egg=django-sodar-core
 
 Please note that the django-sodar-core package only installs
 :term:`Django apps<Django App>`, which you need to include in a