mirror of
https://gitlab.crans.org/bde/nk20
synced 2024-11-26 18:37:12 +00:00
Don't display the alias create form if the user can't create anyone
This commit is contained in:
parent
a9258c332a
commit
805ceda249
@ -9,7 +9,9 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
<h3 class="card-header text-center">
|
||||
{% trans "Note aliases" %}
|
||||
</h3>
|
||||
|
||||
<div class="card-body">
|
||||
{% if can_create %}
|
||||
<form class="input-group" method="POST" id="form_alias">
|
||||
{% csrf_token %}
|
||||
<input type="hidden" name="note" value="{{ object.note.pk }}">
|
||||
@ -18,6 +20,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
<input type="submit" class="btn btn-success" value="{% trans "Add" %}">
|
||||
</div>
|
||||
</form>
|
||||
{% endif %}
|
||||
</div>
|
||||
{% render_table aliases %}
|
||||
</div>
|
||||
|
@ -10,6 +10,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
{% trans "Note aliases" %}
|
||||
</h3>
|
||||
<div class="card-body">
|
||||
{% if can_create %}
|
||||
<form class="input-group" method="POST" id="form_alias">
|
||||
{% csrf_token %}
|
||||
<input type="hidden" name="note" value="{{ object.note.pk }}">
|
||||
@ -18,6 +19,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
|
||||
<input type="submit" class="btn btn-success" value="{% trans "Add" %}">
|
||||
</div>
|
||||
</form>
|
||||
{% endif %}
|
||||
</div>
|
||||
{% render_table aliases %}
|
||||
</div>
|
||||
|
@ -218,7 +218,13 @@ class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
|
||||
def get_context_data(self, **kwargs):
|
||||
context = super().get_context_data(**kwargs)
|
||||
note = context['object'].note
|
||||
context["aliases"] = AliasTable(note.alias_set.all())
|
||||
context["aliases"] = AliasTable(note.alias_set.filter(PermissionBackend
|
||||
.filter_queryset(self.request.user, Alias, "view")).all())
|
||||
context["can_create"] = PermissionBackend.check_perm(self.request.user, "note.add_alias", Alias(
|
||||
note=context["object"].note,
|
||||
name="",
|
||||
normalized_name="",
|
||||
))
|
||||
return context
|
||||
|
||||
|
||||
@ -422,7 +428,13 @@ class ClubAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
|
||||
def get_context_data(self, **kwargs):
|
||||
context = super().get_context_data(**kwargs)
|
||||
note = context['object'].note
|
||||
context["aliases"] = AliasTable(note.alias_set.all())
|
||||
context["aliases"] = AliasTable(note.alias_set.filter(PermissionBackend
|
||||
.filter_queryset(self.request.user, Alias, "view")).all())
|
||||
context["can_create"] = PermissionBackend.check_perm(self.request.user, "note.add_alias", Alias(
|
||||
note=context["object"].note,
|
||||
name="",
|
||||
normalized_name="",
|
||||
))
|
||||
return context
|
||||
|
||||
|
||||
|
@ -135,7 +135,15 @@ class AliasTable(tables.Table):
|
||||
|
||||
delete_col = tables.TemplateColumn(template_code=DELETE_TEMPLATE,
|
||||
extra_context={"delete_trans": _('delete')},
|
||||
attrs={'td': {'class': 'col-sm-1'}},
|
||||
attrs=
|
||||
{'td':
|
||||
{'class':
|
||||
lambda record: 'col-sm-1'
|
||||
+ (' d-none' if not PermissionBackend
|
||||
.check_perm(get_current_authenticated_user(),
|
||||
"note.delete_alias", record) else '')
|
||||
}
|
||||
},
|
||||
verbose_name=_("Delete"), )
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user