Default group required
* adds access checks depending on the current group confgiguration of a user * removes buttons for adding/editing or removing data if default group is not set for a user * removes buttons for adding/removing related data in unshared interventions * removes shared-user setting from share menu of an intervention if user is not zb or ets * renames has_access() from intervention Model into is_shared_with() for more clarity * fixes bug in group check in_group() from utils.py
This commit is contained in:
mipel
@@ -11,6 +11,7 @@ from konova.contexts import BaseContext
|
||||
from konova.decorators import *
|
||||
from konova.forms import SimpleGeomForm, NewDocumentForm, RemoveModalForm
|
||||
from konova.utils.message_templates import FORM_INVALID
|
||||
from konova.utils.user_checks import in_group
|
||||
|
||||
|
||||
@login_required
|
||||
@@ -45,6 +46,7 @@ def index_view(request: HttpRequest):
|
||||
|
||||
|
||||
@login_required
|
||||
@default_group_required
|
||||
def new_view(request: HttpRequest):
|
||||
"""
|
||||
Renders a view for a new intervention creation
|
||||
@@ -130,7 +132,8 @@ def open_view(request: HttpRequest, id: str):
|
||||
compensations = intervention.compensations.filter(
|
||||
deleted=None,
|
||||
)
|
||||
has_access = intervention.has_access(user=request.user)
|
||||
_user = request.user
|
||||
is_data_shared = intervention.is_shared_with(user=_user)
|
||||
|
||||
geom_form = SimpleGeomForm(
|
||||
instance=intervention
|
||||
@@ -139,11 +142,14 @@ def open_view(request: HttpRequest, id: str):
|
||||
context = {
|
||||
"intervention": intervention,
|
||||
"compensations": compensations,
|
||||
"has_access": has_access,
|
||||
"has_access": is_data_shared,
|
||||
"geom_form": geom_form,
|
||||
"is_default_member": in_group(_user, _(DEFAULT_GROUP)),
|
||||
"is_zb_member": in_group(_user, _(ZB_GROUP)),
|
||||
"is_ets_member": in_group(_user, _(ETS_GROUP)),
|
||||
}
|
||||
|
||||
if not has_access:
|
||||
if not is_data_shared:
|
||||
messages.info(request, _("Remember: This data has not been shared with you, yet. This means you can only read but can not edit or perform any actions like running a check or recording."))
|
||||
|
||||
context = BaseContext(request, context).context
|
||||
@@ -180,6 +186,7 @@ def edit_view(request: HttpRequest, id: str):
|
||||
|
||||
|
||||
@login_required
|
||||
@default_group_required
|
||||
def remove_view(request: HttpRequest, id: str):
|
||||
""" Renders a remove view for this intervention
|
||||
|
||||
@@ -219,7 +226,7 @@ def share_view(request: HttpRequest, id: str, token: str):
|
||||
# Check tokens
|
||||
if intervention.access_token == token:
|
||||
# Send different messages in case user has already been added to list of sharing users
|
||||
if intervention.has_access(user):
|
||||
if intervention.is_shared_with(user):
|
||||
messages.info(
|
||||
request,
|
||||
_("{} has already been shared with you").format(intervention.identifier)
|
||||
@@ -251,7 +258,6 @@ def create_share_view(request: HttpRequest, id: str):
|
||||
Returns:
|
||||
|
||||
"""
|
||||
user = request.user
|
||||
intervention = get_object_or_404(Intervention, id=id)
|
||||
form = ShareInterventionForm(request.POST or None, instance=intervention, request=request)
|
||||
if request.method == "POST":
|
||||
|
||||
Reference in New Issue
Block a user