1
0
mirror of https://gitlab.crans.org/bde/nk20 synced 2024-11-30 04:13:01 +00:00

Don't display the alias create form if the user can't create anyone

This commit is contained in:
Yohann D'ANELLO 2020-08-30 23:06:51 +02:00
parent a9258c332a
commit 805ceda249
4 changed files with 47 additions and 22 deletions

View File

@ -9,7 +9,9 @@ SPDX-License-Identifier: GPL-3.0-or-later
<h3 class="card-header text-center"> <h3 class="card-header text-center">
{% trans "Note aliases" %} {% trans "Note aliases" %}
</h3> </h3>
<div class="card-body"> <div class="card-body">
{% if can_create %}
<form class="input-group" method="POST" id="form_alias"> <form class="input-group" method="POST" id="form_alias">
{% csrf_token %} {% csrf_token %}
<input type="hidden" name="note" value="{{ object.note.pk }}"> <input type="hidden" name="note" value="{{ object.note.pk }}">
@ -18,6 +20,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
<input type="submit" class="btn btn-success" value="{% trans "Add" %}"> <input type="submit" class="btn btn-success" value="{% trans "Add" %}">
</div> </div>
</form> </form>
{% endif %}
</div> </div>
{% render_table aliases %} {% render_table aliases %}
</div> </div>

View File

@ -10,6 +10,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
{% trans "Note aliases" %} {% trans "Note aliases" %}
</h3> </h3>
<div class="card-body"> <div class="card-body">
{% if can_create %}
<form class="input-group" method="POST" id="form_alias"> <form class="input-group" method="POST" id="form_alias">
{% csrf_token %} {% csrf_token %}
<input type="hidden" name="note" value="{{ object.note.pk }}"> <input type="hidden" name="note" value="{{ object.note.pk }}">
@ -18,6 +19,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
<input type="submit" class="btn btn-success" value="{% trans "Add" %}"> <input type="submit" class="btn btn-success" value="{% trans "Add" %}">
</div> </div>
</form> </form>
{% endif %}
</div> </div>
{% render_table aliases %} {% render_table aliases %}
</div> </div>

View File

@ -218,7 +218,13 @@ class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs) context = super().get_context_data(**kwargs)
note = context['object'].note note = context['object'].note
context["aliases"] = AliasTable(note.alias_set.all()) context["aliases"] = AliasTable(note.alias_set.filter(PermissionBackend
.filter_queryset(self.request.user, Alias, "view")).all())
context["can_create"] = PermissionBackend.check_perm(self.request.user, "note.add_alias", Alias(
note=context["object"].note,
name="",
normalized_name="",
))
return context return context
@ -422,7 +428,13 @@ class ClubAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs) context = super().get_context_data(**kwargs)
note = context['object'].note note = context['object'].note
context["aliases"] = AliasTable(note.alias_set.all()) context["aliases"] = AliasTable(note.alias_set.filter(PermissionBackend
.filter_queryset(self.request.user, Alias, "view")).all())
context["can_create"] = PermissionBackend.check_perm(self.request.user, "note.add_alias", Alias(
note=context["object"].note,
name="",
normalized_name="",
))
return context return context

View File

@ -97,7 +97,7 @@ class HistoryTable(tables.Table):
""" """
When the validation status is hovered, an input field is displayed to let the user specify an invalidity reason When the validation status is hovered, an input field is displayed to let the user specify an invalidity reason
""" """
has_perm = PermissionBackend\ has_perm = PermissionBackend \
.check_perm(get_current_authenticated_user(), "note.change_transaction_invalidity_reason", record) .check_perm(get_current_authenticated_user(), "note.change_transaction_invalidity_reason", record)
val = "" if value else "" val = "" if value else ""
@ -135,8 +135,16 @@ class AliasTable(tables.Table):
delete_col = tables.TemplateColumn(template_code=DELETE_TEMPLATE, delete_col = tables.TemplateColumn(template_code=DELETE_TEMPLATE,
extra_context={"delete_trans": _('delete')}, extra_context={"delete_trans": _('delete')},
attrs={'td': {'class': 'col-sm-1'}}, attrs=
verbose_name=_("Delete"),) {'td':
{'class':
lambda record: 'col-sm-1'
+ (' d-none' if not PermissionBackend
.check_perm(get_current_authenticated_user(),
"note.delete_alias", record) else '')
}
},
verbose_name=_("Delete"), )
class ButtonTable(tables.Table): class ButtonTable(tables.Table):
@ -170,7 +178,7 @@ class ButtonTable(tables.Table):
delete_col = tables.TemplateColumn(template_code=DELETE_TEMPLATE, delete_col = tables.TemplateColumn(template_code=DELETE_TEMPLATE,
extra_context={"delete_trans": _('delete')}, extra_context={"delete_trans": _('delete')},
attrs={'td': {'class': 'col-sm-1'}}, attrs={'td': {'class': 'col-sm-1'}},
verbose_name=_("Delete"),) verbose_name=_("Delete"), )
def render_amount(self, value): def render_amount(self, value):
return pretty_money(value) return pretty_money(value)