Basket: manage basket share (ro and edit) - manage alt query own

1 files changed, 13 insertions, 5 deletions

diff --git a/ishtar_common/wizards.py b/ishtar_common/wizards.py
index b3fc4b55a..19eb312e1 100644
--- a/ishtar_common/wizards.py
+++ b/ishtar_common/wizards.py
@@ -23,6 +23,7 @@ import os
 # from functools import wraps
 
 from django.conf import settings
+from django.contrib import messages
 from formtools.wizard.views import NamedUrlWizardView, normalize_name, \
     get_storage, StepsHelper
 
@@ -115,6 +116,7 @@ class Wizard(IshtarWizard):
     )
     main_item_select_keys = ('selec-',)
     formset_pop_deleted = True
+    alt_is_own_method = None  # alternate method name for "is_own" check
 
     saved_args = {}  # argument to pass on object save
 
@@ -164,11 +166,17 @@ class Wizard(IshtarWizard):
             ishtaruser = request.user.ishtaruser \
                 if hasattr(request.user, 'ishtaruser') else None
 
-            # not the fisrt step and current object is not owned
-            if self.steps and self.steps.first != step and\
-                    current_object and not current_object.is_own(ishtaruser):
-                self.session_reset(request, self.url_name)
-                return HttpResponseRedirect('/')
+            # not the first step and current object is not owned
+            if self.steps and self.steps.first != step and current_object:
+                is_own = current_object.is_own(
+                    ishtaruser, alt_query_own=self.alt_is_own_method)
+                if not is_own:
+                    messages.add_message(
+                        request, messages.WARNING,
+                        _(u"Permission error: you cannot do this action.")
+                    )
+                    self.session_reset(request, self.url_name)
+                    return HttpResponseRedirect('/')
             # extra filter on forms
             self.filter_owns_items = True
         else: