Add dedicated perm for replacing poser report module

2022-03-02 18:52:28 -06:00 · 2022-03-02 18:52:28 -06:00 · d99f2541df
parent 72177aef0a
commit d99f2541df
3 changed files with 16 additions and 10 deletions
--- a/tailbone/templates/poser/reports/view.mako
+++ b/tailbone/templates/poser/reports/view.mako
@ -3,10 +3,12 @@

 <%def name="render_form_buttons()">
  <div v-if="!showUploadForm" class="buttons">
+    % if master.has_perm('replace'):
    <b-button type="is-primary"
-              @click="heckYeah()">
+              @click="showUploadForm = true">
      Upload Replacement Module
    </b-button>
+    % endif
    <once-button type="is-primary"
                 tag="a"
                 % if instance.get('error'):
@ -17,6 +19,7 @@
                 text="Generate this Report">
    </once-button>
  </div>
+  % if master.has_perm('replace'):
  <div v-if="showUploadForm">
    ${h.form(master.get_action_url('replace', instance), enctype='multipart/form-data', **{'@submit': 'uploadSubmitting = true'})}
    ${h.csrf_token(request)}
@ -55,10 +58,12 @@
    </b-field>
    ${h.end_form()}
  </div>
+  % endif
 </%def>

 <%def name="modify_this_page_vars()">
  ${parent.modify_this_page_vars()}
+  % if master.has_perm('replace'):
  <script type="text/javascript">

    ${form.component_studly}Data.showUploadForm = false
@ -67,11 +72,8 @@

    ${form.component_studly}Data.uploadSubmitting = false

-    ${form.component_studly}.methods.heckYeah = function() {
-        this.showUploadForm = true
-    }
-
  </script>
+  % endif
 </%def>

 ${parent.body()}
--- a/tailbone/views/auth.py
+++ b/tailbone/views/auth.py
@ -2,7 +2,7 @@
 ################################################################################
 #
 #  Rattail -- Retail Software Framework
-#  Copyright © 2010-2021 Lance Edgar
+#  Copyright © 2010-2022 Lance Edgar
 #
 #  This file is part of Rattail.
 #
@ -87,7 +87,7 @@ class AuthenticationView(View):
            # Store current URL in session, for smarter redirect after login.
            self.request.session['next_url'] = self.request.current_route_url()
            next_url = self.request.route_url('login')
-        self.request.session.flash(msg, allow_duplicate=False)
+        self.request.session.flash(msg, 'warning', allow_duplicate=False)
        return self.redirect(next_url)

    def login(self, **kwargs):
--- a/tailbone/views/poser/reports.py
+++ b/tailbone/views/poser/reports.py
@ -252,22 +252,26 @@ class PoserReportView(MasterView):

    @classmethod
    def defaults(cls, config):
-        cls._poser_report_defaults(config)
        cls._defaults(config)
+        cls._poser_report_defaults(config)

    @classmethod
    def _poser_report_defaults(cls, config):
        route_prefix = cls.get_route_prefix()
+        permission_prefix = cls.get_permission_prefix()
        instance_url_prefix = cls.get_instance_url_prefix()
+        model_title = cls.get_model_title()

        # replace module
+        config.add_tailbone_permission(permission_prefix,
+                                       '{}.replace'.format(permission_prefix),
+                                       "Upload replacement module for {}".format(model_title))
        config.add_route('{}.replace'.format(route_prefix),
                         '{}/replace'.format(instance_url_prefix),
                         request_method='POST')
        config.add_view(cls, attr='replace',
                        route_name='{}.replace'.format(route_prefix),
-                         # TODO: requires root, should add custom permission?
-                        permission='admin')
+                        permission='{}.replace'.format(permission_prefix))


 class PoserReportSchema(colander.MappingSchema):