Only superusers can edit/add; registered users can see all data

svn: r19589
This commit is contained in:
Doug Blank 2012-05-19 12:24:40 +00:00
parent 62df43f815
commit 85dcc46d39
4 changed files with 29 additions and 22 deletions

View File

@ -32,10 +32,8 @@
</tbody> </tbody>
</table> </table>
{% if user.is_authenticated %} {% if user.is_superuser %}
{% make_button "Add Person" "/person/add" %} {% make_button "Add Person" "/person/add" %}
{% endif %} {% endif %}
{% endblock %} {% endblock %}

View File

@ -132,7 +132,7 @@
</div> </div>
{% make_button "Back to People" "/person" %} {% make_button "Back to People" "/person" %}
{% if user.is_authenticated %} {% if user.is_superuser %}
{% ifequal action "edit" %} {% ifequal action "edit" %}
{% make_button "Back to Person" "/person/%s" person.handle %} {% make_button "Back to Person" "/person/%s" person.handle %}
<input type="hidden" name="action" value="save"/> <input type="hidden" name="action" value="save"/>

View File

@ -555,7 +555,6 @@ def view_person_detail(request, view, handle, action="view"):
surname.primary = True # FIXME: why is this False? surname.primary = True # FIXME: why is this False?
surname.save() surname.save()
# FIXME: last_saved, last_changed, last_changed_by # FIXME: last_saved, last_changed, last_changed_by
# FIXME: update cache:
raw = dji.get_person(person) raw = dji.get_person(person)
person.cache = base64.encodestring(cPickle.dumps(raw)) person.cache = base64.encodestring(cPickle.dumps(raw))
person.save() person.save()
@ -872,11 +871,21 @@ def view(request, view):
context["tviews"] = _("Reports") context["tviews"] = _("Reports")
if request.GET.has_key("search"): if request.GET.has_key("search"):
search = request.GET.get("search") search = request.GET.get("search")
if request.user.is_superuser:
object_list = Report.objects \ object_list = Report.objects \
.filter(Q(name__icontains=search)) \ .filter(Q(name__icontains=search)) \
.order_by("name") .order_by("name")
else: else:
object_list = Report.objects \
.filter(Q(name__icontains=search) & ~Q(report_type="import")) \
.order_by("name")
else:
if request.user.is_superuser:
object_list = Report.objects.all().order_by("name") object_list = Report.objects.all().order_by("name")
else:
object_list = Report.objects \
.filter(~Q(report_type="import")) \
.order_by("name")
view_template = 'view_report.html' view_template = 'view_report.html'
total = Report.objects.all().count() total = Report.objects.all().count()
else: else:

View File

@ -241,7 +241,7 @@ def event_table(obj, user, action, url=None, *args):
get_title(djevent.place), get_title(djevent.place),
str(event_ref.role_type)) str(event_ref.role_type))
retval += table.get_html() retval += table.get_html()
if user.is_authenticated() and url and action == "view": if user.is_superuser and url and action == "view":
retval += make_button(_("Add event"), (url + "/add") % args) retval += make_button(_("Add event"), (url + "/add") % args)
else: else:
retval += nbsp("") # to keep tabs same height retval += nbsp("") # to keep tabs same height
@ -279,7 +279,7 @@ def name_table(obj, user, action, url=None, *args):
(url % name.person.handle) + ("/%s" % name.order))) (url % name.person.handle) + ("/%s" % name.order)))
table.links(links) table.links(links)
retval += table.get_html() retval += table.get_html()
if user.is_authenticated() and url and action == "view": if user.is_superuser and url and action == "view":
retval += make_button(_("Add name"), (url + "/add") % args) retval += make_button(_("Add name"), (url + "/add") % args)
else: else:
retval += nbsp("") # to keep tabs same height retval += nbsp("") # to keep tabs same height
@ -303,7 +303,7 @@ def surname_table(obj, user, action, url=None, *args):
count += 1 count += 1
table.links(links) table.links(links)
retval += table.get_html() retval += table.get_html()
if user.is_authenticated() and url and action == "view": if user.is_superuser and url and action == "view":
retval += make_button(_("Add surname"), (url + "/add") % args) retval += make_button(_("Add surname"), (url + "/add") % args)
else: else:
retval += nbsp("") # to keep tabs same height retval += nbsp("") # to keep tabs same height
@ -330,7 +330,7 @@ def source_table(obj, user, action, url=None, *args):
citation_ref.citation.page, citation_ref.citation.page,
) )
retval += table.get_html() retval += table.get_html()
if user.is_authenticated() and url and action == "view": if user.is_superuser and url and action == "view":
retval += make_button(_("Add source"), (url + "/add") % args) retval += make_button(_("Add source"), (url + "/add") % args)
else: else:
retval += nbsp("") # to keep tabs same height retval += nbsp("") # to keep tabs same height
@ -355,7 +355,7 @@ def citation_table(obj, user, action, url=None, *args):
str(citation.page), str(citation.page),
) )
retval += table.get_html() retval += table.get_html()
if user.is_authenticated() and url and action == "view": if user.is_superuser and url and action == "view":
retval += make_button(_("Add citation"), (url + "/add") % args) retval += make_button(_("Add citation"), (url + "/add") % args)
else: else:
retval += nbsp("") # to keep tabs same height retval += nbsp("") # to keep tabs same height
@ -379,7 +379,7 @@ def note_table(obj, user, action, url=None, *args):
str(note_ref.ref_object.note_type), str(note_ref.ref_object.note_type),
note_ref.ref_object.text[:50]) note_ref.ref_object.text[:50])
retval += table.get_html() retval += table.get_html()
if user.is_authenticated() and url and action == "view": if user.is_superuser and url and action == "view":
retval += make_button(_("Add note"), (url + "/add") % args) retval += make_button(_("Add note"), (url + "/add") % args)
else: else:
retval += nbsp("") # to keep tabs same height retval += nbsp("") # to keep tabs same height
@ -399,7 +399,7 @@ def attribute_table(obj, user, action, url=None, *args):
table.row(attribute.attribute_type.name, table.row(attribute.attribute_type.name,
attribute.value) attribute.value)
retval += table.get_html() retval += table.get_html()
if user.is_authenticated() and url and action == "view": if user.is_superuser and url and action == "view":
retval += make_button(_("Add attribute"), (url + "/add") % args) retval += make_button(_("Add attribute"), (url + "/add") % args)
else: else:
retval += nbsp("") # to keep tabs same height retval += nbsp("") # to keep tabs same height
@ -423,7 +423,7 @@ def address_table(obj, user, action, url=None, *args):
location.state, location.state,
location.country) location.country)
retval += table.get_html() retval += table.get_html()
if user.is_authenticated() and url and action == "view": if user.is_superuser and url and action == "view":
retval += make_button(_("Add address"), (url + "/add") % args) retval += make_button(_("Add address"), (url + "/add") % args)
else: else:
retval += nbsp("") # to keep tabs same height retval += nbsp("") # to keep tabs same height
@ -436,7 +436,7 @@ def gallery_table(obj, user, action, url=None, *args):
_("Type"), _("Type"),
) )
retval += table.get_html() retval += table.get_html()
if user.is_authenticated() and url and action == "view": if user.is_superuser and url and action == "view":
retval += make_button(_("Add gallery"), (url + "/add") % args) retval += make_button(_("Add gallery"), (url + "/add") % args)
else: else:
retval += nbsp("") # to keep tabs same height retval += nbsp("") # to keep tabs same height
@ -455,7 +455,7 @@ def internet_table(obj, user, action, url=None, *args):
url_obj.path, url_obj.path,
url_obj.desc) url_obj.desc)
retval += table.get_html() retval += table.get_html()
if user.is_authenticated() and url and action == "view": if user.is_superuser and url and action == "view":
retval += make_button(_("Add internet"), ((str(url) % args) + "/add")) retval += make_button(_("Add internet"), ((str(url) % args) + "/add"))
else: else:
retval += nbsp("") # to keep tabs same height retval += nbsp("") # to keep tabs same height
@ -474,7 +474,7 @@ def association_table(obj, user, action, url=None, *args):
for association in associations: for association in associations:
table.row() table.row()
retval += table.get_html() retval += table.get_html()
if user.is_authenticated() and url and action == "view": if user.is_superuser and url and action == "view":
retval += make_button(_("Add association"), (url + "/add") % args) retval += make_button(_("Add association"), (url + "/add") % args)
else: else:
retval += nbsp("") # to keep tabs same height retval += nbsp("") # to keep tabs same height
@ -498,7 +498,7 @@ def lds_table(obj, user, action, url=None, *args):
lds.temple, lds.temple,
get_title(lds.place)) get_title(lds.place))
retval += table.get_html() retval += table.get_html()
if user.is_authenticated() and url and action == "view": if user.is_superuser and url and action == "view":
retval += make_button(_("Add LDS"), (url + "/add") % args) retval += make_button(_("Add LDS"), (url + "/add") % args)
else: else:
retval += nbsp("") # to keep tabs same height retval += nbsp("") # to keep tabs same height