diff options
| author | Étienne Loks <etienne.loks@peacefrogs.net> | 2013-08-19 00:09:01 +0200 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@peacefrogs.net> | 2013-08-19 00:09:01 +0200 |
| commit | a8877b1a1241b4232498461017d038b205efb786 (patch) | |
| tree | df0d36724081069f3fbc33abe7e15e1f41e04652 | |
| parent | 00a806255a1f0f1185a883b60ed75701fc3ffcf0 (diff) | |
| download | Chimère-a8877b1a1241b4232498461017d038b205efb786.tar.bz2 Chimère-a8877b1a1241b4232498461017d038b205efb786.zip | |
Fix modification right for non superuser user with right permissions
| -rw-r--r-- | chimere/templates/chimere/edit.html | 2 | ||||
| -rw-r--r-- | chimere/views.py | 8 |
2 files changed, 4 insertions, 6 deletions
diff --git a/chimere/templates/chimere/edit.html b/chimere/templates/chimere/edit.html index 172dc6d..f16577c 100644 --- a/chimere/templates/chimere/edit.html +++ b/chimere/templates/chimere/edit.html @@ -22,7 +22,7 @@ <legend>{% trans "Error" %}</legend> <p>{{ error_message }}</p> </fieldset>{% endif %} - {% if is_modification and is_superuser %}<div class='warning'><p>{% trans "You are logged as an administrator. Your modifications will be taking into account immediately." %}</p></div>{% endif %} + {% if is_modification and can_write %}<div class='warning'><p>{% trans "You have write rigths for this map. Your modifications will be taking into account immediately." %}</p></div>{% endif %} <fieldset class='edit'> <legend>{% if is_modification %}{% trans "Modify a point of interest" %}{% else %}{% trans "Add a point of interest" %}{% endif %}</legend> <form enctype="multipart/form-data" method='post' action='.'> diff --git a/chimere/views.py b/chimere/views.py index 599b72e..b718be7 100644 --- a/chimere/views.py +++ b/chimere/views.py @@ -250,18 +250,17 @@ def get_edit_page(redirect_url, item_cls, item_form, init_multi = init_item.get_init_multi() if init_item else None init_picture = init_item.get_init_picture() if init_item else None - if init_item and not request.user.is_superuser and \ + if init_item and not response_dct['can_write'] and \ not init_item.submiter_session_key == \ request.session.session_key: # hide personal information for k in ('submiter_name', 'submiter_email', 'submiter_comment'): setattr(init_item, k, '') - response_dct['is_superuser'] = request.user.is_superuser # If the form has been submited if request.method == 'POST': inst = None - # allow to directly modify only if owner or superuser - if init_item and (request.user.is_superuser or \ + # allow to directly modify only if owner or has can_write permission + if init_item and (response_dct['can_write'] or \ init_item.submiter_session_key == \ request.session.session_key): inst = init_item @@ -292,7 +291,6 @@ def get_edit_page(redirect_url, item_cls, item_form, # just submited if not item.status: - print "plouf9" item.status = 'A' if response_dct.get('can_write') else 'S' item.save() |