From 6e33653ce50e4c8837b25ff53063b51fd38fcd06 Mon Sep 17 00:00:00 2001 From: gfawcett Date: Sun, 11 Jan 2009 23:44:27 +0000 Subject: [PATCH] basic access-controls on adding/editing items; added phys-item icon. Only instructors and proxy-instructors can add items. We hide edit-links if user isn't an editor. The physical item icon could be improved. git-svn-id: svn://svn.open-ils.org/ILS-Contrib/servres/trunk@108 6d9bc8c9-1ec2-4278-b937-99fde70a366f --- conifer/static/main.css | 6 ++++++ conifer/static/tango/x-office-address-book.png | Bin 0 -> 753 bytes conifer/syrup/models.py | 8 ++++++++ conifer/syrup/views.py | 13 ++++++++++--- conifer/templates/components/item.xhtml | 2 +- conifer/templates/item_heading_detail.xhtml | 5 +++-- 6 files changed, 28 insertions(+), 6 deletions(-) create mode 100644 conifer/static/tango/x-office-address-book.png diff --git a/conifer/static/main.css b/conifer/static/main.css index e1b4697..3e9d2a1 100644 --- a/conifer/static/main.css +++ b/conifer/static/main.css @@ -127,6 +127,12 @@ a:hover { text-decoration: underline; } margin-top: 4; } +.itemtree li.item_PHYS { + /* fixme: need a better icon */ + list-style-image: url(tango/x-office-address-book.png); + margin-top: 4; +} + .instructors { border: 1px solid #ccc; diff --git a/conifer/static/tango/x-office-address-book.png b/conifer/static/tango/x-office-address-book.png new file mode 100644 index 0000000000000000000000000000000000000000..f3b5d9d98cb0ba5a7dfdcc80a0762896f8426b88 GIT binary patch literal 753 zcmVMh53JODVWnpw>WFU8GbZ8({Xk{Qr zNlj3Y*^6%g00KQpL_t(I%axN&Pg6k@hM$?w0X#5SDVBDAx z;=+Z0!K4caEKK|#ggud;VB*4r4GIP@RT1# zz*KQz4w&KJV}9|~^eljwDlW{8NImo7`9nNk zsqExS3z&KQ=s_5UMs|Y^*;I^;@;;5q0Yl|IRI5#>B6y=2TA392kvMfAm7S!vxAfWq za2!V(;NZ|B8grrEBweadyE00Uh++9{Ql$!A6@igBF(>GIu>f3G0fv^}JCI*0)W@g|hZ5PJ#MD5NXz;b-6&lG{J2 zU(WaVBnB;7%3n>6hHch>)Nq*l& zHCl9SMfK*yxf9h>U_dF0bUK0G(d38YB%=;oAM5K%4QTue;5AyjS$>Np4Wa2Rtqnp7 zY!yKWfdIPQkgw%xm~S4*&+F>|Pc48Ct6SW^5$})fc_F2wDbj502XcG-7I%-uSOAA! zgNfV_g~FvXiQ-fN*EV;~t-<{J&FYM9HN%~1AYE6XJ9@zIAB66POy0?urIo5U-8VT^ jT$ugO@66(>X#wyXbGzHwYQAj$00000NkvXXu0mjf74}1O literal 0 HcmV?d00001 diff --git a/conifer/syrup/models.py b/conifer/syrup/models.py index c38efbe..e80f280 100644 --- a/conifer/syrup/models.py +++ b/conifer/syrup/models.py @@ -165,6 +165,14 @@ class Course(m.Model): walk(subtree, out) return out + def can_edit(self, user): + if user.is_anonymous(): + return False + try: + mbr = Member.objects.get(course=self, user=user) + except Member.DoesNotExist: + return False + return mbr.role in (u'INSTR', u'PROXY') class Member(m.Model): course = m.ForeignKey(Course) diff --git a/conifer/syrup/views.py b/conifer/syrup/views.py index cc93366..49a45fd 100644 --- a/conifer/syrup/views.py +++ b/conifer/syrup/views.py @@ -1,4 +1,5 @@ from django.http import HttpResponse, HttpResponseRedirect +from django.http import HttpResponseForbidden from django.core.paginator import Paginator from django.shortcuts import get_object_or_404 from django.contrib.auth.decorators import login_required @@ -138,6 +139,7 @@ def item_metadata(request, course_id, item_id): return g.render('item_metadata.xhtml', course=item.course, item=item) +@login_required def item_edit(request, course_id, item_id): """Edit an item.""" # For now, just pop to the Admin interface. @@ -152,7 +154,7 @@ def _heading_detail(request, item): return g.render('item_heading_detail.xhtml', item=item) - +@login_required def item_add(request, course_id, item_id): # The item-id is the id for the parent-heading item. Zero represents # 'top-level', i.e. the new item should have no heading. For any other @@ -164,6 +166,10 @@ def item_add(request, course_id, item_id): parent_item = get_object_or_404(models.Item, pk=item_id, course__id=course_id) assert parent_item.item_type == 'HEADING', 'Can only add items to headings!' course = parent_item.course + + if not course.can_edit(user): + return HttpResponseForbidden('not an editor') # fixme, prettier msg? + item_type = request.GET.get('item_type') assert item_type, 'No item_type parameter was provided.' @@ -175,6 +181,7 @@ def item_add(request, course_id, item_id): **locals()) else: # fixme, this will need refactoring. But not yet. + author = request.user.get_full_name() or request.user.username if item_type == 'HEADING': title = request.POST.get('title', '').strip() if not title: @@ -186,7 +193,7 @@ def item_add(request, course_id, item_id): item_type='HEADING', parent_heading=parent_item, title=title, - author=request.user.get_full_name() or request.user.username, + author=author, activation_date=datetime.now(), last_modified=datetime.now()) item.save() @@ -203,7 +210,7 @@ def item_add(request, course_id, item_id): item_type='URL', parent_heading=parent_item, title=title, - author=request.user.get_full_name() or request.user.username, + author=author, activation_date=datetime.now(), last_modified=datetime.now(), url = url) diff --git a/conifer/templates/components/item.xhtml b/conifer/templates/components/item.xhtml index e7e9068..5eed7af 100644 --- a/conifer/templates/components/item.xhtml +++ b/conifer/templates/components/item.xhtml @@ -10,7 +10,7 @@ [about] - + [edit] ${show_tree(subs)} diff --git a/conifer/templates/item_heading_detail.xhtml b/conifer/templates/item_heading_detail.xhtml index d2312e4..38d0a61 100644 --- a/conifer/templates/item_heading_detail.xhtml +++ b/conifer/templates/item_heading_detail.xhtml @@ -2,6 +2,7 @@ course = item.course title = item.title course_title = '%s: %s (%s)' % (course.code, course.title, course.term) +is_editor = course.can_edit(request.user) item_tree = course.item_tree(subtree=item) ?> --> - ${show_tree(item_tree)} - ${add_subs(item)} + ${show_tree(item_tree, edit=is_editor)} +
${add_subs(item)}
-- 2.11.0