From 277ebc5db6548c63e2fdeb29863b7f90044013da Mon Sep 17 00:00:00 2001 From: Étienne Loks Date: Wed, 10 Oct 2018 18:46:31 +0200 Subject: Fix QA basket form validation. Basket: fix rights for basket management. --- archaeological_finds/forms.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'archaeological_finds/forms.py') diff --git a/archaeological_finds/forms.py b/archaeological_finds/forms.py index b77560ac9..cf08e1a19 100644 --- a/archaeological_finds/forms.py +++ b/archaeological_finds/forms.py @@ -448,7 +448,7 @@ class QAFindBasketForm(IshtarForm): choices=(('create', _(u"Create")), ('update', _(u"Update"))), initial='create') label = forms.CharField(label="", max_length=None, required=False) - basket = forms.ChoiceField(label=_(u"Basket"), required=True, choices=[]) + basket = forms.ChoiceField(label=_(u"Basket"), required=False, choices=[]) def __init__(self, *args, **kwargs): self.user = None @@ -468,6 +468,9 @@ class QAFindBasketForm(IshtarForm): def clean(self): if self.cleaned_data['create_or_update'] == 'update': + if not self.cleaned_data['basket']: + raise forms.ValidationError( + _(u"On update, you have to select a basket.")) return self.cleaned_data label = self.cleaned_data['label'].strip() if not label: @@ -986,8 +989,8 @@ class FindBasketAddItemForm(forms.Form): raise PermissionDenied # check rights if not user.user_ptr.is_superuser and \ - not user.has_right('change_find') and \ - not (user.has_right('change_own_find') + not user.has_right('view_find') and \ + not (user.has_right('view_own_find') and item.is_own(user)): raise PermissionDenied basket.items.add(item) -- cgit v1.2.3