Don't display the alias create form if the user can't create anyone

This commit is contained in:
Yohann D'ANELLO 2020-08-30 23:06:51 +02:00
parent a9258c332a
commit 805ceda249
4 changed files with 47 additions and 22 deletions

View File

@ -9,15 +9,18 @@ SPDX-License-Identifier: GPL-3.0-or-later
<h3 class="card-header text-center">
{% trans "Note aliases" %}
</h3>
<div class="card-body">
<form class="input-group" method="POST" id="form_alias">
{% csrf_token %}
<input type="hidden" name="note" value="{{ object.note.pk }}">
<input type="text" name="name" class="form-control">
<div class="input-group-append">
<input type="submit" class="btn btn-success" value="{% trans "Add" %}">
</div>
</form>
{% if can_create %}
<form class="input-group" method="POST" id="form_alias">
{% csrf_token %}
<input type="hidden" name="note" value="{{ object.note.pk }}">
<input type="text" name="name" class="form-control">
<div class="input-group-append">
<input type="submit" class="btn btn-success" value="{% trans "Add" %}">
</div>
</form>
{% endif %}
</div>
{% render_table aliases %}
</div>

View File

@ -10,14 +10,16 @@ SPDX-License-Identifier: GPL-3.0-or-later
{% trans "Note aliases" %}
</h3>
<div class="card-body">
<form class="input-group" method="POST" id="form_alias">
{% csrf_token %}
<input type="hidden" name="note" value="{{ object.note.pk }}">
<input type="text" name="name" class="form-control">
<div class="input-group-append">
<input type="submit" class="btn btn-success" value="{% trans "Add" %}">
</div>
</form>
{% if can_create %}
<form class="input-group" method="POST" id="form_alias">
{% csrf_token %}
<input type="hidden" name="note" value="{{ object.note.pk }}">
<input type="text" name="name" class="form-control">
<div class="input-group-append">
<input type="submit" class="btn btn-success" value="{% trans "Add" %}">
</div>
</form>
{% endif %}
</div>
{% render_table aliases %}
</div>

View File

@ -218,7 +218,13 @@ class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
note = context['object'].note
context["aliases"] = AliasTable(note.alias_set.all())
context["aliases"] = AliasTable(note.alias_set.filter(PermissionBackend
.filter_queryset(self.request.user, Alias, "view")).all())
context["can_create"] = PermissionBackend.check_perm(self.request.user, "note.add_alias", Alias(
note=context["object"].note,
name="",
normalized_name="",
))
return context
@ -422,7 +428,13 @@ class ClubAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
note = context['object'].note
context["aliases"] = AliasTable(note.alias_set.all())
context["aliases"] = AliasTable(note.alias_set.filter(PermissionBackend
.filter_queryset(self.request.user, Alias, "view")).all())
context["can_create"] = PermissionBackend.check_perm(self.request.user, "note.add_alias", Alias(
note=context["object"].note,
name="",
normalized_name="",
))
return context

View File

@ -97,7 +97,7 @@ class HistoryTable(tables.Table):
"""
When the validation status is hovered, an input field is displayed to let the user specify an invalidity reason
"""
has_perm = PermissionBackend\
has_perm = PermissionBackend \
.check_perm(get_current_authenticated_user(), "note.change_transaction_invalidity_reason", record)
val = "" if value else ""
@ -135,8 +135,16 @@ class AliasTable(tables.Table):
delete_col = tables.TemplateColumn(template_code=DELETE_TEMPLATE,
extra_context={"delete_trans": _('delete')},
attrs={'td': {'class': 'col-sm-1'}},
verbose_name=_("Delete"),)
attrs=
{'td':
{'class':
lambda record: 'col-sm-1'
+ (' d-none' if not PermissionBackend
.check_perm(get_current_authenticated_user(),
"note.delete_alias", record) else '')
}
},
verbose_name=_("Delete"), )
class ButtonTable(tables.Table):
@ -170,7 +178,7 @@ class ButtonTable(tables.Table):
delete_col = tables.TemplateColumn(template_code=DELETE_TEMPLATE,
extra_context={"delete_trans": _('delete')},
attrs={'td': {'class': 'col-sm-1'}},
verbose_name=_("Delete"),)
verbose_name=_("Delete"), )
def render_amount(self, value):
return pretty_money(value)