Fixed bugs where edit links were appearing for unprivileged users.

This commit is contained in:
Lance Edgar 2013-06-07 08:52:57 -07:00
parent 6440319bb0
commit c7995c5241
7 changed files with 14 additions and 8 deletions

View file

@ -2,7 +2,7 @@
<%def name="context_menu_items()"> <%def name="context_menu_items()">
<li>${h.link_to("Back to Customer Groups", url('customer_groups'))}</li> <li>${h.link_to("Back to Customer Groups", url('customer_groups'))}</li>
% if form.readonly: % if form.readonly and request.has_perm('customer_groups.update'):
<li>${h.link_to("Edit this Customer Group", url('customer_group.update', uuid=form.fieldset.model.uuid))}</li> <li>${h.link_to("Edit this Customer Group", url('customer_group.update', uuid=form.fieldset.model.uuid))}</li>
% elif form.updating: % elif form.updating:
<li>${h.link_to("View this Customer Group", url('customer_group.read', uuid=form.fieldset.model.uuid))}</li> <li>${h.link_to("View this Customer Group", url('customer_group.read', uuid=form.fieldset.model.uuid))}</li>

View file

@ -2,7 +2,7 @@
<%def name="context_menu_items()"> <%def name="context_menu_items()">
<li>${h.link_to("Back to Customers", url('customers'))}</li> <li>${h.link_to("Back to Customers", url('customers'))}</li>
% if form.readonly: % if form.readonly and request.has_perm('customers.update'):
<li>${h.link_to("Edit this Customer", url('customer.update', uuid=form.fieldset.model.uuid))}</li> <li>${h.link_to("Edit this Customer", url('customer.update', uuid=form.fieldset.model.uuid))}</li>
% elif form.updating: % elif form.updating:
<li>${h.link_to("View this Customer", url('customer.read', uuid=form.fieldset.model.uuid))}</li> <li>${h.link_to("View this Customer", url('customer.read', uuid=form.fieldset.model.uuid))}</li>

View file

@ -2,7 +2,7 @@
<%def name="context_menu_items()"> <%def name="context_menu_items()">
<li>${h.link_to("Back to Products", url('products'))}</li> <li>${h.link_to("Back to Products", url('products'))}</li>
% if form.readonly: % if form.readonly and request.has_perm('products.update'):
<li>${h.link_to("Edit this Product", url('product.update', uuid=form.fieldset.model.uuid))}</li> <li>${h.link_to("Edit this Product", url('product.update', uuid=form.fieldset.model.uuid))}</li>
% elif form.updating: % elif form.updating:
<li>${h.link_to("View this Product", url('product.read', uuid=form.fieldset.model.uuid))}</li> <li>${h.link_to("View this Product", url('product.read', uuid=form.fieldset.model.uuid))}</li>

View file

@ -2,7 +2,7 @@
<%def name="context_menu_items()"> <%def name="context_menu_items()">
<li>${h.link_to("Back to Stores", url('stores'))}</li> <li>${h.link_to("Back to Stores", url('stores'))}</li>
% if form.readonly: % if form.readonly and request.has_perm('stores.update'):
<li>${h.link_to("Edit this Store", url('store.update', uuid=form.fieldset.model.uuid))}</li> <li>${h.link_to("Edit this Store", url('store.update', uuid=form.fieldset.model.uuid))}</li>
% elif form.updating: % elif form.updating:
<li>${h.link_to("View this Store", url('store.read', uuid=form.fieldset.model.uuid))}</li> <li>${h.link_to("View this Store", url('store.read', uuid=form.fieldset.model.uuid))}</li>

View file

@ -82,8 +82,12 @@ class CrudView(View):
return self.make_fieldset(model) return self.make_fieldset(model)
def make_form(self, model, **kwargs): def make_form(self, model, **kwargs):
self.creating = model is self.mapped_class if self.readonly:
self.updating = not self.creating self.creating = False
self.updating = False
else:
self.creating = model is self.mapped_class
self.updating = not self.creating
fieldset = self.fieldset(model) fieldset = self.fieldset(model)
kwargs.setdefault('pretty_name', self.pretty_name) kwargs.setdefault('pretty_name', self.pretty_name)

View file

@ -26,9 +26,10 @@
``rattail.pyramid.views.customergroups`` -- CustomerGroup Views ``rattail.pyramid.views.customergroups`` -- CustomerGroup Views
""" """
from edbob.pyramid.views import SearchableAlchemyGridView, CrudView from edbob.pyramid.views import SearchableAlchemyGridView
import rattail import rattail
from rattail.pyramid.views import CrudView
class CustomerGroupsGrid(SearchableAlchemyGridView): class CustomerGroupsGrid(SearchableAlchemyGridView):

View file

@ -28,9 +28,10 @@
from sqlalchemy import and_ from sqlalchemy import and_
from edbob.pyramid.views import SearchableAlchemyGridView, CrudView from edbob.pyramid.views import SearchableAlchemyGridView
import rattail import rattail
from rattail.pyramid.views import CrudView
class StoresGrid(SearchableAlchemyGridView): class StoresGrid(SearchableAlchemyGridView):