diff --git a/tailbone/views/employees.py b/tailbone/views/employees.py index dac93e67..d7cad068 100644 --- a/tailbone/views/employees.py +++ b/tailbone/views/employees.py @@ -164,15 +164,21 @@ class EmployeesView(MasterView): if employee.status == self.enum.EMPLOYEE_STATUS_FORMER: return 'warning' + def is_employee_protected(self, employee): + for user in employee.person.users: + if self.user_is_protected(user): + return True + return False + def editable_instance(self, employee): - if self.rattail_config.demo(): - return not bool(employee.user and employee.user.username == 'chuck') - return True + if self.request.is_root: + return True + return not self.is_employee_protected(employee) def deletable_instance(self, employee): - if self.rattail_config.demo(): - return not bool(employee.user and employee.user.username == 'chuck') - return True + if self.request.is_root: + return True + return not self.is_employee_protected(employee) def configure_form(self, f): super(EmployeesView, self).configure_form(f) diff --git a/tailbone/views/people.py b/tailbone/views/people.py index f21a88b6..17f7fb67 100644 --- a/tailbone/views/people.py +++ b/tailbone/views/people.py @@ -145,15 +145,21 @@ class PeopleView(MasterView): return instance.person raise HTTPNotFound + def is_person_protected(self, person): + for user in person.users: + if self.user_is_protected(user): + return True + return False + def editable_instance(self, person): - if self.rattail_config.demo(): - return not bool(person.user and person.user.username == 'chuck') - return True + if self.request.is_root: + return True + return not self.is_person_protected(person) def deletable_instance(self, person): - if self.rattail_config.demo(): - return not bool(person.user and person.user.username == 'chuck') - return True + if self.request.is_root: + return True + return not self.is_person_protected(person) def delete_instance(self, person): """