diff --git a/tailbone/views/purchases/batch.py b/tailbone/views/purchases/batch.py index 66843a0d..51660be8 100644 --- a/tailbone/views/purchases/batch.py +++ b/tailbone/views/purchases/batch.py @@ -216,8 +216,14 @@ class PurchaseBatchView(BatchMasterView): fs.model.date_ordered = today fs.model.date_received = today - # TODO: restrict via permission per batch mode? + # available batch modes are restricted via permission modes = dict(self.enum.PURCHASE_BATCH_MODE) + if not self.request.has_perm('purchases.batch.create.ordering'): + del modes[self.enum.PURCHASE_BATCH_MODE_ORDERING] + if not self.request.has_perm('purchases.batch.create.receiving'): + del modes[self.enum.PURCHASE_BATCH_MODE_RECEIVING] + if not self.request.has_perm('purchases.batch.create.invoicing'): + del modes[self.enum.PURCHASE_BATCH_MODE_COSTING] fs.mode.set(renderer=forms.renderers.EnumFieldRenderer(modes)) elif self.editing: @@ -881,6 +887,14 @@ class PurchaseBatchView(BatchMasterView): cls._batch_defaults(config) cls._defaults(config) + # extra perms for creating batches per "mode" + config.add_tailbone_permission(permission_prefix, '{}.create.ordering'.format(permission_prefix), + "Create new {} of mode 'ordering'".format(model_title)) + config.add_tailbone_permission(permission_prefix, '{}.create.receiving'.format(permission_prefix), + "Create new {} of mode 'receiving'".format(model_title)) + config.add_tailbone_permission(permission_prefix, '{}.create.invoicing'.format(permission_prefix), + "Create new {} of mode 'invoicing'".format(model_title)) + # ordering form config.add_tailbone_permission(permission_prefix, '{}.order_form'.format(permission_prefix), "Edit new {} in Order Form mode".format(model_title))