From 0992fa33df8a52fcb459165cd54e41440eb55711 Mon Sep 17 00:00:00 2001
From: Piotr Gawron <piotr.gawron@uni.lu>
Date: Mon, 6 Apr 2020 14:12:34 +0200
Subject: [PATCH] privilege for adding new subject implemented

---
 .../0154_add_permission_to_existing_workers.py | 18 ++++++++++++++++++
 smash/web/templates/subjects/index.html        |  8 ++++++--
 smash/web/views/subject.py                     |  2 ++
 3 files changed, 26 insertions(+), 2 deletions(-)
 create mode 100644 smash/web/migrations/0154_add_permission_to_existing_workers.py

diff --git a/smash/web/migrations/0154_add_permission_to_existing_workers.py b/smash/web/migrations/0154_add_permission_to_existing_workers.py
new file mode 100644
index 00000000..76d2ca30
--- /dev/null
+++ b/smash/web/migrations/0154_add_permission_to_existing_workers.py
@@ -0,0 +1,18 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11.5 on 2020-03-19 13:01
+from __future__ import unicode_literals
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ('web', '0153_auto_20200320_0932'),
+    ]
+
+    operations = [
+        migrations.RunSQL("insert into web_workerstudyrole_permissions(workerstudyrole_id, permission_id) "
+                          "select web_workerstudyrole.id, auth_permission.id from web_workerstudyrole,auth_permission "
+                          "where codename='add_subject';"),
+
+    ]
diff --git a/smash/web/templates/subjects/index.html b/smash/web/templates/subjects/index.html
index cfe954bc..29a4d230 100644
--- a/smash/web/templates/subjects/index.html
+++ b/smash/web/templates/subjects/index.html
@@ -31,7 +31,7 @@
             padding-left: 2px;
         }
         .visit_row > span > a{
-            color: inherit; 
+            color: inherit;
         }
         .appointment_type_list{
             margin-top: 10px;
@@ -57,7 +57,11 @@
 {% block maincontent %}
 
     <div>
-        <a href="{% url 'web.views.subject_add' %}" class="btn btn-app">
+        <a href="{% url 'web.views.subject_add' %}" class="btn btn-app"
+                {% if not "add_subject" in permissions %}
+           disabled
+                {% endif %}
+        >
             <i class="fa fa-plus"></i>
             Add new subject
         </a>
diff --git a/smash/web/views/subject.py b/smash/web/views/subject.py
index cb8cf69d..ef65d5f4 100644
--- a/smash/web/views/subject.py
+++ b/smash/web/views/subject.py
@@ -4,6 +4,7 @@ import logging
 from django.contrib import messages
 from django.shortcuts import redirect, get_object_or_404
 
+from web.decorators import PermissionDecorator
 from . import wrap_response
 from ..forms import VisitDetailForm, SubjectAddForm, SubjectEditForm, StudySubjectAddForm, StudySubjectEditForm
 from ..models import StudySubject, MailTemplate, Worker, Study, Provenance, Subject
@@ -27,6 +28,7 @@ def subjects(request):
     return subject_list(request, SUBJECT_LIST_GENERIC)
 
 
+@PermissionDecorator('add_subject', 'subject')
 def subject_add(request):
     study = Study.objects.filter(id=GLOBAL_STUDY_ID)[0]
     if request.method == 'POST':
-- 
GitLab