From 805ceda24917d3b3268b2327f9eb269b17112130 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Sun, 30 Aug 2020 23:06:51 +0200 Subject: [PATCH] Don't display the alias create form if the user can't create anyone --- apps/member/templates/member/club_alias.html | 19 +++++++++++-------- .../templates/member/profile_alias.html | 18 ++++++++++-------- apps/member/views.py | 16 ++++++++++++++-- apps/note/tables.py | 16 ++++++++++++---- 4 files changed, 47 insertions(+), 22 deletions(-) diff --git a/apps/member/templates/member/club_alias.html b/apps/member/templates/member/club_alias.html index d80dfa0b..f4b33f42 100644 --- a/apps/member/templates/member/club_alias.html +++ b/apps/member/templates/member/club_alias.html @@ -9,15 +9,18 @@ SPDX-License-Identifier: GPL-3.0-or-later

{% trans "Note aliases" %}

+
-
- {% csrf_token %} - - -
- -
-
+ {% if can_create %} +
+ {% csrf_token %} + + +
+ +
+
+ {% endif %}
{% render_table aliases %} diff --git a/apps/member/templates/member/profile_alias.html b/apps/member/templates/member/profile_alias.html index d80dfa0b..78989627 100644 --- a/apps/member/templates/member/profile_alias.html +++ b/apps/member/templates/member/profile_alias.html @@ -10,14 +10,16 @@ SPDX-License-Identifier: GPL-3.0-or-later {% trans "Note aliases" %}
-
- {% csrf_token %} - - -
- -
-
+ {% if can_create %} +
+ {% csrf_token %} + + +
+ +
+
+ {% endif %}
{% render_table aliases %} diff --git a/apps/member/views.py b/apps/member/views.py index c97d15a3..79cbed8d 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -218,7 +218,13 @@ class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView): def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) note = context['object'].note - context["aliases"] = AliasTable(note.alias_set.all()) + context["aliases"] = AliasTable(note.alias_set.filter(PermissionBackend + .filter_queryset(self.request.user, Alias, "view")).all()) + context["can_create"] = PermissionBackend.check_perm(self.request.user, "note.add_alias", Alias( + note=context["object"].note, + name="", + normalized_name="", + )) return context @@ -422,7 +428,13 @@ class ClubAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView): def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) note = context['object'].note - context["aliases"] = AliasTable(note.alias_set.all()) + context["aliases"] = AliasTable(note.alias_set.filter(PermissionBackend + .filter_queryset(self.request.user, Alias, "view")).all()) + context["can_create"] = PermissionBackend.check_perm(self.request.user, "note.add_alias", Alias( + note=context["object"].note, + name="", + normalized_name="", + )) return context diff --git a/apps/note/tables.py b/apps/note/tables.py index 9a23cd5d..d27915e7 100644 --- a/apps/note/tables.py +++ b/apps/note/tables.py @@ -97,7 +97,7 @@ class HistoryTable(tables.Table): """ When the validation status is hovered, an input field is displayed to let the user specify an invalidity reason """ - has_perm = PermissionBackend\ + has_perm = PermissionBackend \ .check_perm(get_current_authenticated_user(), "note.change_transaction_invalidity_reason", record) val = "✔" if value else "✖" @@ -135,8 +135,16 @@ class AliasTable(tables.Table): delete_col = tables.TemplateColumn(template_code=DELETE_TEMPLATE, extra_context={"delete_trans": _('delete')}, - attrs={'td': {'class': 'col-sm-1'}}, - verbose_name=_("Delete"),) + attrs= + {'td': + {'class': + lambda record: 'col-sm-1' + + (' d-none' if not PermissionBackend + .check_perm(get_current_authenticated_user(), + "note.delete_alias", record) else '') + } + }, + verbose_name=_("Delete"), ) class ButtonTable(tables.Table): @@ -170,7 +178,7 @@ class ButtonTable(tables.Table): delete_col = tables.TemplateColumn(template_code=DELETE_TEMPLATE, extra_context={"delete_trans": _('delete')}, attrs={'td': {'class': 'col-sm-1'}}, - verbose_name=_("Delete"),) + verbose_name=_("Delete"), ) def render_amount(self, value): return pretty_money(value)