Correct administrator permissions (closes #162)

5 files changed, 24 insertions, 8 deletions

diff --git a/ishtar/furnitures/backend.py b/ishtar/furnitures/backend.py
index ae77d8610..baeaac27e 100644
--- a/ishtar/furnitures/backend.py
+++ b/ishtar/furnitures/backend.py
@@ -41,7 +41,6 @@ class ObjectOwnPermBackend(object):
         if not model:
             # let it manage by the default backend
             return False
-
         try:
             ishtar_user = models.IshtarUser.objects.get(user_ptr=user_obj)
         except ObjectDoesNotExist:
diff --git a/ishtar/furnitures/forms.py b/ishtar/furnitures/forms.py
index 41fd58edd..fa1844d60 100644
--- a/ishtar/furnitures/forms.py
+++ b/ishtar/furnitures/forms.py
@@ -524,7 +524,7 @@ class AccountWizard(Wizard):
                               })
             t = loader.get_template('account_activation_email.txt')
             msg = t.render(context)
-            subject = u"[%(app_name)s] Account creation/modification" % {
+            subject = _(u"[%(app_name)s] Account creation/modification") % {
                                                            "app_name":app_name}
             send_mail(subject, msg, settings.ADMINS[0][1],
                       [dct['email']], fail_silently=True)
diff --git a/ishtar/furnitures/models.py b/ishtar/furnitures/models.py
index c45f18c08..412245b41 100644
--- a/ishtar/furnitures/models.py
+++ b/ishtar/furnitures/models.py
@@ -76,7 +76,6 @@ class OwnPerms:
         query = query & Q(pk=self.pk)
         return cls.objects.filter(query).count()
 
-
     @classmethod
     def has_item_of(cls, user):
         """
diff --git a/ishtar/furnitures/views.py b/ishtar/furnitures/views.py
index ec61ad339..5848eea64 100644
--- a/ishtar/furnitures/views.py
+++ b/ishtar/furnitures/views.py
@@ -61,7 +61,8 @@ def check_permission(request, action_slug, obj_id=None):
     return menu.items[action_slug].can_be_available(request.user)
 
 def autocomplete_person(request, person_type=None):
-    if not request.user.has_perm('furnitures.view_person'):
+    if not request.user.has_perm('furnitures.view_person', models.Person) and \
+       not request.user.has_perm('furnitures.view_own_person', models.Person) :
         return HttpResponse(mimetype='text/plain')
     if not request.GET.get('term'):
         return HttpResponse(mimetype='text/plain')
@@ -106,6 +107,9 @@ def autocomplete_town(request):
     return HttpResponse(data, mimetype='text/plain')
 
 def autocomplete_file(request):
+    if not request.user.has_perm('furnitures.view_file', models.File) and \
+       not request.user.has_perm('furnitures.view_own_file', models.File) :
+        return HttpResponse(mimetype='text/plain')
     if not request.GET.get('term'):
         return HttpResponse(mimetype='text/plain')
     q = request.GET.get('term')
@@ -133,7 +137,7 @@ def get_item(model, func_name, default_name):
         if not type:
             type = 'json'
         request_keys = dict([(field.name,
-                              field.name + (hasattr(field, 'rel') and '__pk' or ''))
+                          field.name + (hasattr(field, 'rel') and '__pk' or ''))
                                     for field in model._meta.fields])
         dct = {}
         for k in request_keys:
@@ -185,8 +189,9 @@ def get_item(model, func_name, default_name):
         elif type == "csv":
             response = HttpResponse(mimetype='text/csv')
             n = datetime.datetime.now()
-            filename = u'%s_%s.csv' % (default_name, n.strftime('%Y%m%d-%H%M%S'))
-            response['Content-Disposition'] = 'attachment; filename=%s' % filename
+            filename = u'%s_%s.csv' % (default_name,
+                                       n.strftime('%Y%m%d-%H%M%S'))
+            response['Content-Disposition'] = 'attachment; filename=%s'%filename
             writer = csv.writer(response, **CSV_OPTIONS)
             col_names = []
             for field_name in model.TABLE_COLS:
@@ -207,6 +212,10 @@ def get_item(model, func_name, default_name):
 get_file = get_item(models.File, 'get_file', 'file')
 
 def autocomplete_operation(request, non_closed=True):
+    if not request.user.has_perm('furnitures.view_operation', models.Operation)\
+       and not request.user.has_perm('furnitures.view_own_operation',
+                                                              models.Operation):
+        return HttpResponse(mimetype='text/plain')
     if not request.GET.get('term'):
         return HttpResponse(mimetype='text/plain')
     q = request.GET.get('term')
@@ -230,6 +239,11 @@ def autocomplete_operation(request, non_closed=True):
 get_operation = get_item(models.Operation, 'get_operation', 'operation')
 
 def autocomplete_organization(request, orga_type=None):
+    if not request.user.has_perm('furnitures.view_organization',
+                                 models.Organization) and \
+       not request.user.has_perm('furnitures.view_own_organization',
+                                 models.Organization):
+        return HttpResponse(mimetype='text/plain')
     if not request.GET.get('term'):
         return HttpResponse(mimetype='text/plain')
     q = request.GET.get('term')
diff --git a/ishtar/locale/fr/LC_MESSAGES/django.po b/ishtar/locale/fr/LC_MESSAGES/django.po
index 1a1de8905..13d3e58ba 100644
--- a/ishtar/locale/fr/LC_MESSAGES/django.po
+++ b/ishtar/locale/fr/LC_MESSAGES/django.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: alpha\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2011-02-02 17:12+0100\n"
+"POT-Creation-Date: 2011-02-02 17:27+0100\n"
 "PO-Revision-Date: 2010-12-09\n"
 "Last-Translator: Étienne Loks <etienne.loks at peacefrogs net>\n"
 "Language-Team: \n"
@@ -94,6 +94,10 @@ msgstr "Est responsable d'un dépôt ?"
 msgid "New password"
 msgstr "Nouveau mot de passe"
 
+#: furnitures/forms.py:527
+msgid "[%(app_name)s] Account creation/modification"
+msgstr "[%(app_name)s] Création - modification du compte"
+
 #: furnitures/forms.py:550 furnitures/forms.py:554
 msgid "Account"
 msgstr "Compte"