ynerant/nk20
1
0
Fork 0
mirror of https://gitlab.crans.org/bde/nk20 synced 2024-11-26 18:37:12 +00:00
Code Issues Releases Wiki Activity

Don't display the alias create form if the user can't create anyone

Browse Source
This commit is contained in:
Yohann D'ANELLO 2020-08-30 23:06:51 +02:00
parent a9258c332a
commit 805ceda249
4 changed files with 47 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
apps/member/templates/member/club_alias.html
View File

@ -9,15 +9,18 @@ SPDX-License-Identifier: GPL-3.0-or-later
<h3 class="card-header text-center"> <h3 class="card-header text-center">
{% trans "Note aliases" %} {% trans "Note aliases" %}
</h3> </h3>
<div class="card-body"> <div class="card-body">
<form class="input-group" method="POST" id="form_alias"> {% if can_create %}
{% csrf_token %} <form class="input-group" method="POST" id="form_alias">
<input type="hidden" name="note" value="{{ object.note.pk }}"> {% csrf_token %}
<input type="text" name="name" class="form-control"> <input type="hidden" name="note" value="{{ object.note.pk }}">
<div class="input-group-append"> <input type="text" name="name" class="form-control">
<input type="submit" class="btn btn-success" value="{% trans "Add" %}"> <div class="input-group-append">
</div> <input type="submit" class="btn btn-success" value="{% trans "Add" %}">
</form> </div>
</form>
{% endif %}
</div> </div>
{% render_table aliases %} {% render_table aliases %}
</div> </div>

18
apps/member/templates/member/profile_alias.html
View File

@ -10,14 +10,16 @@ SPDX-License-Identifier: GPL-3.0-or-later
{% trans "Note aliases" %} {% trans "Note aliases" %}
</h3> </h3>
<div class="card-body"> <div class="card-body">
<form class="input-group" method="POST" id="form_alias"> {% if can_create %}
{% csrf_token %} <form class="input-group" method="POST" id="form_alias">
<input type="hidden" name="note" value="{{ object.note.pk }}"> {% csrf_token %}
<input type="text" name="name" class="form-control"> <input type="hidden" name="note" value="{{ object.note.pk }}">
<div class="input-group-append"> <input type="text" name="name" class="form-control">
<input type="submit" class="btn btn-success" value="{% trans "Add" %}"> <div class="input-group-append">
</div> <input type="submit" class="btn btn-success" value="{% trans "Add" %}">
</form> </div>
</form>
{% endif %}
</div> </div>
{% render_table aliases %} {% render_table aliases %}
</div> </div>

16
apps/member/views.py
View File

@ -218,7 +218,13 @@ class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs) context = super().get_context_data(**kwargs)
note = context['object'].note note = context['object'].note
context["aliases"] = AliasTable(note.alias_set.all()) context["aliases"] = AliasTable(note.alias_set.filter(PermissionBackend
.filter_queryset(self.request.user, Alias, "view")).all())
context["can_create"] = PermissionBackend.check_perm(self.request.user, "note.add_alias", Alias(
note=context["object"].note,
name="",
normalized_name="",
))
return context return context
@ -422,7 +428,13 @@ class ClubAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs) context = super().get_context_data(**kwargs)
note = context['object'].note note = context['object'].note
context["aliases"] = AliasTable(note.alias_set.all()) context["aliases"] = AliasTable(note.alias_set.filter(PermissionBackend
.filter_queryset(self.request.user, Alias, "view")).all())
context["can_create"] = PermissionBackend.check_perm(self.request.user, "note.add_alias", Alias(
note=context["object"].note,
name="",
normalized_name="",
))
return context return context

16
apps/note/tables.py
View File

@ -97,7 +97,7 @@ class HistoryTable(tables.Table):
""" """
When the validation status is hovered, an input field is displayed to let the user specify an invalidity reason When the validation status is hovered, an input field is displayed to let the user specify an invalidity reason
""" """
has_perm = PermissionBackend\ has_perm = PermissionBackend \
.check_perm(get_current_authenticated_user(), "note.change_transaction_invalidity_reason", record) .check_perm(get_current_authenticated_user(), "note.change_transaction_invalidity_reason", record)
val = "" if value else "" val = "" if value else ""
@ -135,8 +135,16 @@ class AliasTable(tables.Table):
delete_col = tables.TemplateColumn(template_code=DELETE_TEMPLATE, delete_col = tables.TemplateColumn(template_code=DELETE_TEMPLATE,
extra_context={"delete_trans": _('delete')}, extra_context={"delete_trans": _('delete')},
attrs={'td': {'class': 'col-sm-1'}}, attrs=
verbose_name=_("Delete"),) {'td':
{'class':
lambda record: 'col-sm-1'
+ (' d-none' if not PermissionBackend
.check_perm(get_current_authenticated_user(),
"note.delete_alias", record) else '')
}
},
verbose_name=_("Delete"), )
class ButtonTable(tables.Table): class ButtonTable(tables.Table):
@ -170,7 +178,7 @@ class ButtonTable(tables.Table):
delete_col = tables.TemplateColumn(template_code=DELETE_TEMPLATE, delete_col = tables.TemplateColumn(template_code=DELETE_TEMPLATE,
extra_context={"delete_trans": _('delete')}, extra_context={"delete_trans": _('delete')},
attrs={'td': {'class': 'col-sm-1'}}, attrs={'td': {'class': 'col-sm-1'}},
verbose_name=_("Delete"),) verbose_name=_("Delete"), )
def render_amount(self, value): def render_amount(self, value):
return pretty_money(value) return pretty_money(value)