1 files changed, 29 insertions, 2 deletions

diff --git a/archaeological_finds/forms.py b/archaeological_finds/forms.py
index 3c06af375..95af01719 100644
--- a/archaeological_finds/forms.py
+++ b/archaeological_finds/forms.py
@@ -24,6 +24,7 @@ Finds forms definitions
 from django import forms
 from django.conf import settings
 from django.core import validators
+from django.core.exceptions import PermissionDenied
 from django.forms.formsets import formset_factory
 from django.utils.safestring import mark_safe
 from django.utils.translation import ugettext_lazy as _
@@ -412,16 +413,18 @@ class NewFindBasketForm(forms.ModelForm):
         return super(NewFindBasketForm, self).save(commit)
 
 
-class DeleteFindBasketForm(forms.Form):
+class SelectFindBasketForm(forms.Form):
     basket = forms.ChoiceField(label=_(u"Basket"), required=True, choices=[])
 
     def __init__(self, *args, **kwargs):
         self.user = kwargs.pop('user')
-        super(DeleteFindBasketForm, self).__init__(*args, **kwargs)
+        super(SelectFindBasketForm, self).__init__(*args, **kwargs)
         self.fields['basket'].choices = [('', '--')] + [
             (b.pk, unicode(b))
             for b in models.FindBasket.objects.filter(user=self.user)]
 
+
+class DeleteFindBasketForm(SelectFindBasketForm):
     def save(self):
         try:
             models.FindBasket.objects.get(pk=self.cleaned_data['basket'],
@@ -431,6 +434,30 @@ class DeleteFindBasketForm(forms.Form):
             pass
         return
 
+
+class FindBasketAddItemForm(forms.Form):
+    basket_id = forms.IntegerField(required=True)
+    item_id = forms.IntegerField(required=True)
+
+    def save(self, user):
+        try:
+            basket = models.FindBasket.objects.get(
+                pk=self.cleaned_data['basket_id'], user=user.ishtaruser)
+            item = models.Find.objects.get(
+                pk=self.cleaned_data['item_id'])
+        except models.FindBasket.DoesNotExist or\
+                models.Find.DoesNotExist:
+            # something strange... TODO: log it
+            raise PermissionDenied
+        # check rights
+        if not user.is_superuser and \
+                not user.ishtaruser.has_right('change_find') and \
+                not (user.ishtaruser.has_right('change_own_find')
+                     and item.is_own(user)):
+            raise PermissionDenied
+        basket.items.add(item)
+        return basket
+
 """
 ####################################
 # Source management for treatments #