From 85dcc46d391a27f130df249a68aa258f88933d04 Mon Sep 17 00:00:00 2001 From: Doug Blank Date: Sat, 19 May 2012 12:24:40 +0000 Subject: [PATCH] Only superusers can edit/add; registered users can see all data svn: r19589 --- src/data/templates/view_people.html | 6 ++---- src/data/templates/view_person_detail.html | 2 +- src/webapp/grampsdb/views.py | 19 ++++++++++++----- src/webapp/utils.py | 24 +++++++++++----------- 4 files changed, 29 insertions(+), 22 deletions(-) diff --git a/src/data/templates/view_people.html b/src/data/templates/view_people.html index acac5234d..ff70ae308 100644 --- a/src/data/templates/view_people.html +++ b/src/data/templates/view_people.html @@ -32,10 +32,8 @@ -{% if user.is_authenticated %} - -{% make_button "Add Person" "/person/add" %} - +{% if user.is_superuser %} + {% make_button "Add Person" "/person/add" %} {% endif %} {% endblock %} diff --git a/src/data/templates/view_person_detail.html b/src/data/templates/view_person_detail.html index 727bf21cf..349b14034 100644 --- a/src/data/templates/view_person_detail.html +++ b/src/data/templates/view_person_detail.html @@ -132,7 +132,7 @@ {% make_button "Back to People" "/person" %} -{% if user.is_authenticated %} +{% if user.is_superuser %} {% ifequal action "edit" %} {% make_button "Back to Person" "/person/%s" person.handle %} diff --git a/src/webapp/grampsdb/views.py b/src/webapp/grampsdb/views.py index 5caf4dcee..603b6239b 100644 --- a/src/webapp/grampsdb/views.py +++ b/src/webapp/grampsdb/views.py @@ -555,7 +555,6 @@ def view_person_detail(request, view, handle, action="view"): surname.primary = True # FIXME: why is this False? surname.save() # FIXME: last_saved, last_changed, last_changed_by - # FIXME: update cache: raw = dji.get_person(person) person.cache = base64.encodestring(cPickle.dumps(raw)) person.save() @@ -872,11 +871,21 @@ def view(request, view): context["tviews"] = _("Reports") if request.GET.has_key("search"): search = request.GET.get("search") - object_list = Report.objects \ - .filter(Q(name__icontains=search)) \ - .order_by("name") + if request.user.is_superuser: + object_list = Report.objects \ + .filter(Q(name__icontains=search)) \ + .order_by("name") + else: + object_list = Report.objects \ + .filter(Q(name__icontains=search) & ~Q(report_type="import")) \ + .order_by("name") else: - object_list = Report.objects.all().order_by("name") + if request.user.is_superuser: + object_list = Report.objects.all().order_by("name") + else: + object_list = Report.objects \ + .filter(~Q(report_type="import")) \ + .order_by("name") view_template = 'view_report.html' total = Report.objects.all().count() else: diff --git a/src/webapp/utils.py b/src/webapp/utils.py index 56a11d694..86631c210 100644 --- a/src/webapp/utils.py +++ b/src/webapp/utils.py @@ -241,7 +241,7 @@ def event_table(obj, user, action, url=None, *args): get_title(djevent.place), str(event_ref.role_type)) retval += table.get_html() - if user.is_authenticated() and url and action == "view": + if user.is_superuser and url and action == "view": retval += make_button(_("Add event"), (url + "/add") % args) else: retval += nbsp("") # to keep tabs same height @@ -279,7 +279,7 @@ def name_table(obj, user, action, url=None, *args): (url % name.person.handle) + ("/%s" % name.order))) table.links(links) retval += table.get_html() - if user.is_authenticated() and url and action == "view": + if user.is_superuser and url and action == "view": retval += make_button(_("Add name"), (url + "/add") % args) else: retval += nbsp("") # to keep tabs same height @@ -303,7 +303,7 @@ def surname_table(obj, user, action, url=None, *args): count += 1 table.links(links) retval += table.get_html() - if user.is_authenticated() and url and action == "view": + if user.is_superuser and url and action == "view": retval += make_button(_("Add surname"), (url + "/add") % args) else: retval += nbsp("") # to keep tabs same height @@ -330,7 +330,7 @@ def source_table(obj, user, action, url=None, *args): citation_ref.citation.page, ) retval += table.get_html() - if user.is_authenticated() and url and action == "view": + if user.is_superuser and url and action == "view": retval += make_button(_("Add source"), (url + "/add") % args) else: retval += nbsp("") # to keep tabs same height @@ -355,7 +355,7 @@ def citation_table(obj, user, action, url=None, *args): str(citation.page), ) retval += table.get_html() - if user.is_authenticated() and url and action == "view": + if user.is_superuser and url and action == "view": retval += make_button(_("Add citation"), (url + "/add") % args) else: retval += nbsp("") # to keep tabs same height @@ -379,7 +379,7 @@ def note_table(obj, user, action, url=None, *args): str(note_ref.ref_object.note_type), note_ref.ref_object.text[:50]) retval += table.get_html() - if user.is_authenticated() and url and action == "view": + if user.is_superuser and url and action == "view": retval += make_button(_("Add note"), (url + "/add") % args) else: retval += nbsp("") # to keep tabs same height @@ -399,7 +399,7 @@ def attribute_table(obj, user, action, url=None, *args): table.row(attribute.attribute_type.name, attribute.value) retval += table.get_html() - if user.is_authenticated() and url and action == "view": + if user.is_superuser and url and action == "view": retval += make_button(_("Add attribute"), (url + "/add") % args) else: retval += nbsp("") # to keep tabs same height @@ -423,7 +423,7 @@ def address_table(obj, user, action, url=None, *args): location.state, location.country) retval += table.get_html() - if user.is_authenticated() and url and action == "view": + if user.is_superuser and url and action == "view": retval += make_button(_("Add address"), (url + "/add") % args) else: retval += nbsp("") # to keep tabs same height @@ -436,7 +436,7 @@ def gallery_table(obj, user, action, url=None, *args): _("Type"), ) retval += table.get_html() - if user.is_authenticated() and url and action == "view": + if user.is_superuser and url and action == "view": retval += make_button(_("Add gallery"), (url + "/add") % args) else: retval += nbsp("") # to keep tabs same height @@ -455,7 +455,7 @@ def internet_table(obj, user, action, url=None, *args): url_obj.path, url_obj.desc) retval += table.get_html() - if user.is_authenticated() and url and action == "view": + if user.is_superuser and url and action == "view": retval += make_button(_("Add internet"), ((str(url) % args) + "/add")) else: retval += nbsp("") # to keep tabs same height @@ -474,7 +474,7 @@ def association_table(obj, user, action, url=None, *args): for association in associations: table.row() retval += table.get_html() - if user.is_authenticated() and url and action == "view": + if user.is_superuser and url and action == "view": retval += make_button(_("Add association"), (url + "/add") % args) else: retval += nbsp("") # to keep tabs same height @@ -498,7 +498,7 @@ def lds_table(obj, user, action, url=None, *args): lds.temple, get_title(lds.place)) retval += table.get_html() - if user.is_authenticated() and url and action == "view": + if user.is_superuser and url and action == "view": retval += make_button(_("Add LDS"), (url + "/add") % args) else: retval += nbsp("") # to keep tabs same height