1 files changed, 68 insertions, 32 deletions

diff --git a/ishtar_common/views.py b/ishtar_common/views.py
index 22591164f..e8a2c9e12 100644
--- a/ishtar_common/views.py
+++ b/ishtar_common/views.py
@@ -208,6 +208,16 @@ def get_autocomplete_generic(model, extra={'available': True}):
     return func
 
 
+def hide_shortcut_menu(request):
+    request.session['SHORTCUT_SHOW'] = 'off'
+    return HttpResponse('OK', mimetype='text/plain')
+
+
+def show_shortcut_menu(request):
+    request.session['SHORTCUT_SHOW'] = 'on'
+    return HttpResponse('OK', mimetype='text/plain')
+
+
 def activate_all_search(request):
     request.session['SHORTCUT_SEARCH'] = 'all'
     return HttpResponse('OK', mimetype='text/plain')
@@ -249,9 +259,13 @@ def shortcut_menu(request):
         CURRENT_ITEMS.append((_(u"Treatment"), Treatment))
     if hasattr(request.user, 'ishtaruser') and \
             request.user.ishtaruser.advanced_shortcut_menu:
-        dct = {'current_menu': [], 'menu': [],
-               'SHORTCUT_SEARCH': request.session['SHORTCUT_SEARCH']
-               if 'SHORTCUT_SEARCH' in request.session else 'own'}
+        dct = {
+            'current_menu': [], 'menu': [],
+            'SHORTCUT_SEARCH': request.session['SHORTCUT_SEARCH']
+            if 'SHORTCUT_SEARCH' in request.session else 'own',
+            'SHORTCUT_SHOW': request.session['SHORTCUT_SHOW']
+            if 'SHORTCUT_SHOW' in request.session else 'on'
+        }
 
         for lbl, model in CURRENT_ITEMS:
             model_name = model.SLUG
@@ -267,7 +281,11 @@ def shortcut_menu(request):
         return render_to_response(
             'ishtar/blocks/advanced_shortcut_menu.html',
             dct, context_instance=RequestContext(request))
-    dct = {'current_menu': []}
+    dct = {
+        'current_menu': [],
+        'SHORTCUT_SHOW': request.session['SHORTCUT_SHOW']
+        if 'SHORTCUT_SHOW' in request.session else 'off'
+    }
     current_selected_item = {}
     for lbl, model in CURRENT_ITEMS:
         new_selected_item = None
@@ -427,14 +445,13 @@ def autocomplete_person_permissive(request, person_types=None,
 
 def autocomplete_person(request, person_types=None, attached_to=None,
                         is_ishtar_user=None, permissive=False):
-    if not request.user.has_perm('ishtar_common.view_person',
-                                 models.Person) and \
-       not request.user.has_perm('ishtar_common.view_own_person',
-                                 models.Person) \
-       and not request.user.ishtaruser.has_right('person_search',
-                                                 session=request.session):
-        return HttpResponse(mimetype='text/plain')
-    if not request.GET.get('term'):
+    all_items = request.user.has_perm('ishtar_common.view_person',
+                                      models.Person)
+    own_items = False
+    if not all_items:
+        own_items = request.user.has_perm('ishtar_common.view_own_person',
+                                          models.Person)
+    if not all_items and not own_items or not request.GET.get('term'):
         return HttpResponse(mimetype='text/plain')
     q = request.GET.get('term')
     limit = request.GET.get('limit', 20)
@@ -461,6 +478,8 @@ def autocomplete_person(request, person_types=None, attached_to=None,
             pass
     if is_ishtar_user:
         query = query & Q(ishtaruser__isnull=False)
+    if own_items:
+        query &= models.Person.get_query_owns(request.user)
     persons = models.Person.objects.filter(query)[:limit]
     data = json.dumps([{'id': person.pk, 'value': unicode(person)}
                        for person in persons if person])
@@ -568,22 +587,33 @@ def get_item(model, func_name, default_name, extra_request_keys=[],
         # check rights
         own = True  # more restrictive by default
         allowed = False
-        if request.user.is_authenticated() and \
-                request.user.ishtaruser.has_right('administrator',
-                                                  session=request.session):
+        if specific_perms:
+            available_perms = specific_perms[:]
+        else:
+            available_perms = ['view_' + model.__name__.lower(),
+                               'view_own_' + model.__name__.lower()]
+        EMPTY = ''
+        if 'type' in dct:
+            data_type = dct.pop('type')
+        if not data_type:
+            EMPTY = '[]'
+            data_type = 'json'
+        if not request.user.is_authenticated():
+            return HttpResponse(EMPTY, mimetype='text/plain')
+
+        if request.user.ishtaruser.has_right('administrator',
+                                             session=request.session):
             allowed = True
             own = False
         else:
             for perm, lbl in model._meta.permissions:
-                # if not specific any perm is relevant (read right)
-                if specific_perms and perm not in specific_perms:
+                if perm not in available_perms:
                     continue
                 cperm = model._meta.app_label + '.' + perm
-                if request.user.has_perm(cperm)\
+                if request.user.has_perm(cperm) \
                         or cperm in request.user.get_all_permissions() \
-                        or (request.user.is_authenticated()
-                            and request.user.ishtaruser.has_right(
-                                perm, session=request.session)):
+                        or request.user.ishtaruser.has_right(
+                            perm, session=request.session):
                     allowed = True
                     if "_own_" not in perm:
                         own = False
@@ -593,12 +623,6 @@ def get_item(model, func_name, default_name, extra_request_keys=[],
         if full == 'shortcut' and 'SHORTCUT_SEARCH' in request.session and \
                 request.session['SHORTCUT_SEARCH'] == 'own':
             own = True
-        EMPTY = ''
-        if 'type' in dct:
-            data_type = dct.pop('type')
-        if not data_type:
-            EMPTY = '[]'
-            data_type = 'json'
         if not allowed:
             return HttpResponse(EMPTY, mimetype='text/plain')
 
@@ -880,7 +904,6 @@ def get_item(model, func_name, default_name, extra_request_keys=[],
                     table_cols += model.EXTRA_FULL_FIELDS
             else:
                 table_cols = model.TABLE_COLS
-
         query_table_cols = []
         for cols in table_cols:
             if type(cols) not in (list, tuple):
@@ -898,6 +921,7 @@ def get_item(model, func_name, default_name, extra_request_keys=[],
                         model.CONTEXTUAL_TABLE_COLS[contxt][col]
         if full == 'shortcut':
             query_table_cols = ['cached_label']
+            table_cols = ['cached_label']
 
         # manage sort tables
         manual_sort_key = None
@@ -1085,7 +1109,7 @@ def get_item(model, func_name, default_name, extra_request_keys=[],
                         if hasattr(model, 'COL_LINK') and k in model.COL_LINK:
                             value = link_ext_template.format(value, value)
                         res[k] = value
-                if full == 'shortcut':
+                if full == 'shortcut' and 'cached_label' in res:
                     res['value'] = res.pop('cached_label')
                 rows.append(res)
             if full == 'shortcut':
@@ -1427,6 +1451,9 @@ def dashboard_main(request, dct, obj_id=None, *args, **kwargs):
         app_list.append((_(u"Context records"), 'contextrecords'))
     if profile.find:
         app_list.append((_(u"Finds"), 'finds'))
+    if profile.warehouse:
+        app_list.append((_(u"Treatment requests"), 'treatmentfiles'))
+        app_list.append((_(u"Treatments"), 'treatments'))
     dct = {'app_list': app_list}
     return render_to_response('ishtar/dashboards/dashboard_main.html', dct,
                               context_instance=RequestContext(request))
@@ -1473,18 +1500,27 @@ def dashboard_main_detail(request, item_name):
     if item_name == 'files' and profile.files:
         lbl, dashboard = (_(u"Archaeological files"),
                           models.Dashboard(File, **dashboard_kwargs))
-    if item_name == 'operations':
+    elif item_name == 'operations':
         from archaeological_operations.models import Operation
         lbl, dashboard = (_(u"Operations"),
                           models.Dashboard(Operation, **dashboard_kwargs))
-    if item_name == 'contextrecords' and profile.context_record:
+    elif item_name == 'contextrecords' and profile.context_record:
         lbl, dashboard = (
             _(u"Context records"),
             models.Dashboard(ContextRecord, slice=slicing, fltr=fltr))
-    if item_name == 'finds' and profile.find:
+    elif item_name == 'finds' and profile.find:
         lbl, dashboard = (_(u"Finds"), models.Dashboard(Find,
                                                         slice=slicing,
                                                         fltr=fltr))
+    elif item_name == 'treatmentfiles' and profile.warehouse:
+        lbl, dashboard = (
+            _(u"Treatment requests"),
+            models.Dashboard(TreatmentFile, slice=slicing, fltr=fltr))
+    elif item_name == 'treatments' and profile.warehouse:
+        lbl, dashboard = (
+            _(u"Treatments"),
+            models.Dashboard(Treatment, slice=slicing, fltr=fltr,
+                             date_source='start'))
     if not lbl:
         raise Http404
     dct = {'lbl': lbl, 'dashboard': dashboard,