From 18ae699edc3217cf561054912931273e739be76e Mon Sep 17 00:00:00 2001
From: Carlos Vega <carlos.vega@uni.lu>
Date: Wed, 21 Nov 2018 13:50:18 +0100
Subject: [PATCH] consider permissions in the sidebar template
---
smash/web/templates/sidebar.html | 21 ++++++++++++++++++---
smash/web/views/__init__.py | 7 ++++++-
2 files changed, 24 insertions(+), 4 deletions(-)
diff --git a/smash/web/templates/sidebar.html b/smash/web/templates/sidebar.html
index f4b3c857..29f43c89 100644
--- a/smash/web/templates/sidebar.html
+++ b/smash/web/templates/sidebar.html
@@ -23,12 +23,14 @@
</a>
</li>
+ {% if "change_worker" in permissions or "add_worker" in permissions or "delete_worker" in permissions %}
<li data-desc="workers">
<a href="{% url 'web.views.workers' %}">
<i class="fa fa-user-md"></i>
- <span>Workers</span>
+ <span>Worker</span>
</a>
</li>
+ {% endif %}
<li data-desc="equipment_and_rooms" class="treeview">
<a href="{% url 'web.views.equipment_and_rooms' %}">
@@ -83,16 +85,29 @@
</span>
</a>
<ul class="treeview-menu">
+ {% if "change_configurationitem" in permissions %}
<li><a href="{% url 'web.views.configuration' %}">General</a></li>
+ {% endif %}
+
+ {% if "change_language" in permissions %}
<li><a href="{% url 'web.views.languages' %}">Languages</a></li>
- {% if study.has_voucher_types %}
+ {% endif %}
+
+ {% if study.has_voucher_types and "change_vouchertype" in permissions %}
<li><a href="{% url 'web.views.voucher_types' %}">Voucher types</a></li>
{% endif %}
- {% if study.has_vouchers %}
+
+ {% if study.has_vouchers and "change_voucher" in permissions %}
<li><a href="{% url 'web.views.workers' 'VOUCHER_PARTNER' %}">Voucher partners</a></li>
{% endif %}
+
+ {% if "change_worker" in permissions %}
<li><a href="{% url 'web.views.workers' 'HEALTH_PARTNER' %}">Health partners</a></li>
+ {% endif %}
+
+ {% if "change_study" in permissions %}
<li><a href="{% url 'web.views.edit_study' study_id %}">Study</a></li>
+ {% endif %}
</ul>
</li>
diff --git a/smash/web/views/__init__.py b/smash/web/views/__init__.py
index 78203279..25a2c4a5 100644
--- a/smash/web/views/__init__.py
+++ b/smash/web/views/__init__.py
@@ -6,6 +6,7 @@ from django.views.generic.base import ContextMixin
from web.models.constants import GLOBAL_STUDY_ID
from notifications import get_notifications
from ..models import Worker, Study
+from web.decorators import PermissionDecorator
handler404 = 'web.views.e404_page_not_found'
handler500 = 'web.views.e500_error'
@@ -41,9 +42,12 @@ def wrap_response(request, template, params):
def extend_context(params, request):
+ study = Study.get_by_id(GLOBAL_STUDY_ID)
person = Worker.get_by_user(request.user) # None if AnonymousUser or no Worker associated
+ permissions = []
if person is not None:
role = person.role
+ permissions = person.get_permissions(study)
person = unicode(person)
else:
#use full name if available, username otherwise
@@ -54,8 +58,9 @@ def extend_context(params, request):
role = '<No worker information>'
notifications = get_notifications(request.user)
final_params = params.copy()
- study = Study.get_by_id(GLOBAL_STUDY_ID)
final_params.update({
+ 'permissions' : permissions,
+ 'conf_perms' : permissions & PermissionDecorator.codename_groups['configuration'],
'person': person,
'role': role,
'notifications': notifications,
--
GitLab