Sheet: put view perm in response in order to prevent display of non relevant tables

1 files changed, 20 insertions, 0 deletions

diff --git a/ishtar_common/views_item.py b/ishtar_common/views_item.py
index 517c34ec9..f6332e7e1 100644
--- a/ishtar_common/views_item.py
+++ b/ishtar_common/views_item.py
@@ -14,6 +14,7 @@ from tempfile import NamedTemporaryFile
 from django.conf import settings
 from django.contrib.gis.geos import GEOSException
 from django.contrib.staticfiles.templatetags.staticfiles import static
+from django.core.cache import cache
 from django.core.exceptions import ObjectDoesNotExist
 from django.core.urlresolvers import reverse, NoReverseMatch
 from django.db.models import Q, ImageField
@@ -161,6 +162,25 @@ def show_item(model, name, extra_dct=None):
         dct['sheet_id'] = "%s-%d" % (name, item.pk)
         dct['window_id'] = "%s-%d-%s" % (
             name, item.pk, datetime.datetime.now().strftime('%M%s'))
+
+        # list current perms
+        if hasattr(request.user, 'ishtaruser') and request.user.ishtaruser:
+            cache_key = u"{}-{}-{}".format(
+                settings.PROJECT_SLUG, "current-perms",
+                request.session.session_key,
+            )
+            permissions = cache.get(cache_key)
+            if permissions is None:
+                permissions = []
+                profile = request.user.ishtaruser.person.current_profile
+                for group in profile.profile_type.groups.all():
+                    for permission in group.permissions.all():
+                        permissions.append(permission.codename)
+                cache.set(cache_key, permissions, settings.CACHE_TIMEOUT)
+
+            for perm in permissions:
+                dct["permission_" + perm] = True
+
         if hasattr(item, 'history'):
             if date:
                 try: