From 18ae699edc3217cf561054912931273e739be76e Mon Sep 17 00:00:00 2001 From: Carlos Vega <carlos.vega@uni.lu> Date: Wed, 21 Nov 2018 13:50:18 +0100 Subject: [PATCH] consider permissions in the sidebar template --- smash/web/templates/sidebar.html | 21 ++++++++++++++++++--- smash/web/views/__init__.py | 7 ++++++- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/smash/web/templates/sidebar.html b/smash/web/templates/sidebar.html index f4b3c857..29f43c89 100644 --- a/smash/web/templates/sidebar.html +++ b/smash/web/templates/sidebar.html @@ -23,12 +23,14 @@ </a> </li> + {% if "change_worker" in permissions or "add_worker" in permissions or "delete_worker" in permissions %} <li data-desc="workers"> <a href="{% url 'web.views.workers' %}"> <i class="fa fa-user-md"></i> - <span>Workers</span> + <span>Worker</span> </a> </li> + {% endif %} <li data-desc="equipment_and_rooms" class="treeview"> <a href="{% url 'web.views.equipment_and_rooms' %}"> @@ -83,16 +85,29 @@ </span> </a> <ul class="treeview-menu"> + {% if "change_configurationitem" in permissions %} <li><a href="{% url 'web.views.configuration' %}">General</a></li> + {% endif %} + + {% if "change_language" in permissions %} <li><a href="{% url 'web.views.languages' %}">Languages</a></li> - {% if study.has_voucher_types %} + {% endif %} + + {% if study.has_voucher_types and "change_vouchertype" in permissions %} <li><a href="{% url 'web.views.voucher_types' %}">Voucher types</a></li> {% endif %} - {% if study.has_vouchers %} + + {% if study.has_vouchers and "change_voucher" in permissions %} <li><a href="{% url 'web.views.workers' 'VOUCHER_PARTNER' %}">Voucher partners</a></li> {% endif %} + + {% if "change_worker" in permissions %} <li><a href="{% url 'web.views.workers' 'HEALTH_PARTNER' %}">Health partners</a></li> + {% endif %} + + {% if "change_study" in permissions %} <li><a href="{% url 'web.views.edit_study' study_id %}">Study</a></li> + {% endif %} </ul> </li> diff --git a/smash/web/views/__init__.py b/smash/web/views/__init__.py index 78203279..25a2c4a5 100644 --- a/smash/web/views/__init__.py +++ b/smash/web/views/__init__.py @@ -6,6 +6,7 @@ from django.views.generic.base import ContextMixin from web.models.constants import GLOBAL_STUDY_ID from notifications import get_notifications from ..models import Worker, Study +from web.decorators import PermissionDecorator handler404 = 'web.views.e404_page_not_found' handler500 = 'web.views.e500_error' @@ -41,9 +42,12 @@ def wrap_response(request, template, params): def extend_context(params, request): + study = Study.get_by_id(GLOBAL_STUDY_ID) person = Worker.get_by_user(request.user) # None if AnonymousUser or no Worker associated + permissions = [] if person is not None: role = person.role + permissions = person.get_permissions(study) person = unicode(person) else: #use full name if available, username otherwise @@ -54,8 +58,9 @@ def extend_context(params, request): role = '<No worker information>' notifications = get_notifications(request.user) final_params = params.copy() - study = Study.get_by_id(GLOBAL_STUDY_ID) final_params.update({ + 'permissions' : permissions, + 'conf_perms' : permissions & PermissionDecorator.codename_groups['configuration'], 'person': person, 'role': role, 'notifications': notifications, -- GitLab