diff options
| author | Étienne Loks <etienne.loks@iggdrasil.net> | 2025-01-24 13:02:00 +0100 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@iggdrasil.net> | 2025-02-19 14:45:56 +0100 |
| commit | 60f04b63c44a8f9daebef713321decaf90944db3 (patch) | |
| tree | fa421125900feca0c9ceb5d37de5ce3419c75ed5 /ishtar_common | |
| parent | 281d7ac3f4dafbeb324d493ee54c0fa812304933 (diff) | |
| download | Ishtar-60f04b63c44a8f9daebef713321decaf90944db3.tar.bz2 Ishtar-60f04b63c44a8f9daebef713321decaf90944db3.zip | |
🐛 fix view person permissions (refs #6146)
Diffstat (limited to 'ishtar_common')
| -rw-r--r-- | ishtar_common/ishtar_menu.py | 6 | ||||
| -rw-r--r-- | ishtar_common/templates/ishtar/sheet_ishtaruser.html | 11 | ||||
| -rw-r--r-- | ishtar_common/urls.py | 6 | ||||
| -rw-r--r-- | ishtar_common/views.py | 16 |
4 files changed, 26 insertions, 13 deletions
diff --git a/ishtar_common/ishtar_menu.py b/ishtar_common/ishtar_menu.py index 9b18c9fd4..a58fa1790 100644 --- a/ishtar_common/ishtar_menu.py +++ b/ishtar_common/ishtar_menu.py @@ -41,7 +41,8 @@ MENU_SECTIONS = [ "person_search", _("Search"), model=models.Person, - access_controls=["ishtar_common.add_person"], + access_controls=["ishtar_common.view_person", + "ishtar_common.view_own_person"], ), MenuItem( "person_creation", @@ -108,7 +109,8 @@ MENU_SECTIONS = [ _("Search"), model=models.Organization, access_controls=[ - "ishtar_common.add_organization", + "ishtar_common.view_organization", + "ishtar_common.view_own_organization", ], ), MenuItem( diff --git a/ishtar_common/templates/ishtar/sheet_ishtaruser.html b/ishtar_common/templates/ishtar/sheet_ishtaruser.html index d1d98997c..19c55ee0e 100644 --- a/ishtar_common/templates/ishtar/sheet_ishtaruser.html +++ b/ishtar_common/templates/ishtar/sheet_ishtaruser.html @@ -65,7 +65,16 @@ {% endif %} </dd> </dl> - {% field_flex _("Profile(s)") item.person.profiles_list %} + <dl class="col-12 col-md-6 col-lg-3 flex-wrap"> + <dt>{% trans "Profile(s)" %}</dt> + <dd> + {% for profile in item.person.profiles.all %} + {% if forloop.counter0 %}; {% endif %}{{profile}} <a target="_blank" href="{{ profile.profile_type.admin_url }}{{profile.profile_type.id}}" title="Modifier"> + <i class="fa fa-pencil"></i> + </a> + {% endfor %} + </dd> + </dl> </div> {% if item.is_ishtaradmin %} <div class="alert alert-warning" role="alert"> diff --git a/ishtar_common/urls.py b/ishtar_common/urls.py index 09790dda6..cbf31abc3 100644 --- a/ishtar_common/urls.py +++ b/ishtar_common/urls.py @@ -69,7 +69,9 @@ urlpatterns = [ ), url( r"person_search/(?P<step>.+)?$", - check_permissions(["ishtar_common.add_person"])(views.person_search_wizard), + check_permissions( + ["ishtar_common.view_person", "ishtar_common.view_own_person"] + )(views.person_search_wizard), name="person_search", ), url( @@ -123,7 +125,7 @@ urlpatterns = [ url( r"organization_search/(?P<step>.+)?$", check_permissions( - ["ishtar_common.add_organization"] + ["ishtar_common.view_organization", "ishtar_common.view_own_organization"] )(views.organization_search_wizard), name="organization_search", ), diff --git a/ishtar_common/views.py b/ishtar_common/views.py index 1a9eab72f..56cf97aa6 100644 --- a/ishtar_common/views.py +++ b/ishtar_common/views.py @@ -867,7 +867,7 @@ def autocomplete_person_permissive( def autocomplete_user(request): - query = get_autocomplete_query(request, "ishtar_common", "view_person") + query = get_autocomplete_query(request, "ishtar_common", "person") if query: return HttpResponse("[]", content_type="text/plain") q = request.GET.get("term") @@ -897,7 +897,7 @@ def autocomplete_user(request): def autocomplete_ishtaruser(request): - query = get_autocomplete_query(request, "ishtar_common", "view_person") + query = get_autocomplete_query(request, "ishtar_common", "person") if query is None: return HttpResponse("[]", content_type="text/plain") q = request.GET.get("term", "") @@ -921,7 +921,7 @@ def autocomplete_ishtaruser(request): def autocomplete_person( request, person_types=None, attached_to=None, is_ishtar_user=None, permissive=False ): - query = get_autocomplete_query(request, "ishtar_common", "view_person") + query = get_autocomplete_query(request, "ishtar_common", "person") if query is None: return HttpResponse("[]", content_type="text/plain") q = request.GET.get("term") @@ -960,7 +960,7 @@ def autocomplete_person( def autocomplete_import(request): - query = get_autocomplete_query(request, "ishtar_common", "view_import") + query = get_autocomplete_query(request, "ishtar_common", "import") if query is None: return HttpResponse("[]", content_type="text/plain") q = request.GET.get("term") @@ -1058,7 +1058,7 @@ def autocomplete_advanced_town(request, department_id=None, state_id=None): def autocomplete_document(request): - query = get_autocomplete_query(request, "ishtar_common", "view_document") + query = get_autocomplete_query(request, "ishtar_common", "document") if query is None: return HttpResponse(content_type="text/plain") q = request.GET.get("term") @@ -1101,7 +1101,7 @@ def department_by_state(request, state_id=""): def autocomplete_organization(request, orga_type=None): - query = get_autocomplete_query(request, "ishtar_common", "view_organization") + query = get_autocomplete_query(request, "ishtar_common", "organization") if query is None: return HttpResponse("[]", content_type="text/plain") q = request.GET.get("term") @@ -1122,7 +1122,7 @@ def autocomplete_organization(request, orga_type=None): def autocomplete_author(request): - query = get_autocomplete_query(request, "ishtar_common", "view_author") + query = get_autocomplete_query(request, "ishtar_common", "author") if query is None: return HttpResponse("[]", content_type="text/plain") q = request.GET.get("term") @@ -1141,7 +1141,7 @@ def autocomplete_author(request): def autocomplete_biographical_note(request): - query = get_autocomplete_query(request, "ishtar_common", "view_person") + query = get_autocomplete_query(request, "ishtar_common", "person") if query is None: return HttpResponse("[]", content_type="text/plain") q = request.GET.get("term", "") |