diff --git a/tailbone/templates/newbatch/view.mako b/tailbone/templates/newbatch/view.mako index f2b6ff2b..898580dd 100644 --- a/tailbone/templates/newbatch/view.mako +++ b/tailbone/templates/newbatch/view.mako @@ -46,7 +46,7 @@ <%def name="leading_buttons()"> <%def name="refresh_button()"> - % if master.viewing and master.batch_refreshable(batch): + % if master.viewing and master.batch_refreshable(batch) and request.has_perm('{}.refresh'.format(permission_prefix)): % endif diff --git a/tailbone/views/batch.py b/tailbone/views/batch.py index 8e3253ee..2e6b8529 100644 --- a/tailbone/views/batch.py +++ b/tailbone/views/batch.py @@ -237,12 +237,13 @@ class BatchMasterView(MasterView): def save_create_form(self, form): self.before_create(form) + # current user is batch creator + creator = self.request.user or self.late_login_user() + # transfer form data to batch instance form.fieldset.sync() batch = form.fieldset.model - - # current user is batch creator - batch.created_by = self.request.user or self.late_login_user() + batch.created_by = creator # destroy initial batch and re-make using handler kwargs = self.get_batch_kwargs(batch) @@ -358,7 +359,7 @@ class BatchMasterView(MasterView): return HTML.tag('p', c=link) def make_batch_row_grid_tools(self, batch): - if not batch.executed: + if not batch.executed and self.request.has_perm('{}.edit'.format(self.get_permission_prefix())): url = self.request.route_url('{}.delete_rows'.format(self.get_route_prefix()), uuid=batch.uuid) return HTML.tag('p', c=tags.link_to("Delete all rows matching current search", url)) @@ -831,10 +832,12 @@ class BatchMasterView(MasterView): config.add_view(cls, attr='prefill', route_name='{}.prefill'.format(route_prefix), permission='{}.create'.format(permission_prefix)) - # refresh rows data + # refresh batch data config.add_route('{}.refresh'.format(route_prefix), '{}/{{uuid}}/refresh'.format(url_prefix)) config.add_view(cls, attr='refresh', route_name='{}.refresh'.format(route_prefix), - permission='{}.create'.format(permission_prefix)) + permission='{}.refresh'.format(permission_prefix)) + config.add_tailbone_permission(permission_prefix, '{}.refresh'.format(permission_prefix), + "Refresh data for {}".format(model_title)) # bulk delete rows config.add_route('{}.delete_rows'.format(route_prefix), '{}/{{uuid}}/rows/delete'.format(url_prefix)) @@ -927,7 +930,11 @@ class FileBatchMasterView(BatchMasterView): Return a kwargs dict for use with ``self.handler.make_batch()``, using the given batch as a template. """ - kwargs = {'created_by': batch.created_by} + kwargs = {} + if batch.created_by: + kwargs['created_by'] = batch.created_by + elif batch.created_by_uuid: + kwargs['created_by_uuid'] = batch.created_by_uuid if hasattr(batch, 'filename'): kwargs['filename'] = batch.filename return kwargs diff --git a/tailbone/views/master.py b/tailbone/views/master.py index 4e8c286d..3b3b3c99 100644 --- a/tailbone/views/master.py +++ b/tailbone/views/master.py @@ -284,7 +284,7 @@ class MasterView(View): actions.append(grids.GridAction('edit', icon='pencil', url=self.row_edit_action_url)) # delete action - if self.rows_deletable: + if self.rows_deletable and self.request.has_perm('{}.delete_row'.format(permission_prefix)): actions.append(grids.GridAction('delete', icon='trash', url=self.row_delete_action_url)) defaults['main_actions'] = actions