Only superusers can edit/add; registered users can see all data

svn: r19589
This commit is contained in:
Doug Blank 2012-05-19 12:24:40 +00:00
parent 62df43f815
commit 85dcc46d39
4 changed files with 29 additions and 22 deletions

View File

@ -32,10 +32,8 @@
</tbody>
</table>
{% if user.is_authenticated %}
{% if user.is_superuser %}
{% make_button "Add Person" "/person/add" %}
{% endif %}
{% endblock %}

View File

@ -132,7 +132,7 @@
</div>
{% make_button "Back to People" "/person" %}
{% if user.is_authenticated %}
{% if user.is_superuser %}
{% ifequal action "edit" %}
{% make_button "Back to Person" "/person/%s" person.handle %}
<input type="hidden" name="action" value="save"/>

View File

@ -555,7 +555,6 @@ def view_person_detail(request, view, handle, action="view"):
surname.primary = True # FIXME: why is this False?
surname.save()
# FIXME: last_saved, last_changed, last_changed_by
# FIXME: update cache:
raw = dji.get_person(person)
person.cache = base64.encodestring(cPickle.dumps(raw))
person.save()
@ -872,11 +871,21 @@ def view(request, view):
context["tviews"] = _("Reports")
if request.GET.has_key("search"):
search = request.GET.get("search")
if request.user.is_superuser:
object_list = Report.objects \
.filter(Q(name__icontains=search)) \
.order_by("name")
else:
object_list = Report.objects \
.filter(Q(name__icontains=search) & ~Q(report_type="import")) \
.order_by("name")
else:
if request.user.is_superuser:
object_list = Report.objects.all().order_by("name")
else:
object_list = Report.objects \
.filter(~Q(report_type="import")) \
.order_by("name")
view_template = 'view_report.html'
total = Report.objects.all().count()
else:

View File

@ -241,7 +241,7 @@ def event_table(obj, user, action, url=None, *args):
get_title(djevent.place),
str(event_ref.role_type))
retval += table.get_html()
if user.is_authenticated() and url and action == "view":
if user.is_superuser and url and action == "view":
retval += make_button(_("Add event"), (url + "/add") % args)
else:
retval += nbsp("") # to keep tabs same height
@ -279,7 +279,7 @@ def name_table(obj, user, action, url=None, *args):
(url % name.person.handle) + ("/%s" % name.order)))
table.links(links)
retval += table.get_html()
if user.is_authenticated() and url and action == "view":
if user.is_superuser and url and action == "view":
retval += make_button(_("Add name"), (url + "/add") % args)
else:
retval += nbsp("") # to keep tabs same height
@ -303,7 +303,7 @@ def surname_table(obj, user, action, url=None, *args):
count += 1
table.links(links)
retval += table.get_html()
if user.is_authenticated() and url and action == "view":
if user.is_superuser and url and action == "view":
retval += make_button(_("Add surname"), (url + "/add") % args)
else:
retval += nbsp("") # to keep tabs same height
@ -330,7 +330,7 @@ def source_table(obj, user, action, url=None, *args):
citation_ref.citation.page,
)
retval += table.get_html()
if user.is_authenticated() and url and action == "view":
if user.is_superuser and url and action == "view":
retval += make_button(_("Add source"), (url + "/add") % args)
else:
retval += nbsp("") # to keep tabs same height
@ -355,7 +355,7 @@ def citation_table(obj, user, action, url=None, *args):
str(citation.page),
)
retval += table.get_html()
if user.is_authenticated() and url and action == "view":
if user.is_superuser and url and action == "view":
retval += make_button(_("Add citation"), (url + "/add") % args)
else:
retval += nbsp("") # to keep tabs same height
@ -379,7 +379,7 @@ def note_table(obj, user, action, url=None, *args):
str(note_ref.ref_object.note_type),
note_ref.ref_object.text[:50])
retval += table.get_html()
if user.is_authenticated() and url and action == "view":
if user.is_superuser and url and action == "view":
retval += make_button(_("Add note"), (url + "/add") % args)
else:
retval += nbsp("") # to keep tabs same height
@ -399,7 +399,7 @@ def attribute_table(obj, user, action, url=None, *args):
table.row(attribute.attribute_type.name,
attribute.value)
retval += table.get_html()
if user.is_authenticated() and url and action == "view":
if user.is_superuser and url and action == "view":
retval += make_button(_("Add attribute"), (url + "/add") % args)
else:
retval += nbsp("") # to keep tabs same height
@ -423,7 +423,7 @@ def address_table(obj, user, action, url=None, *args):
location.state,
location.country)
retval += table.get_html()
if user.is_authenticated() and url and action == "view":
if user.is_superuser and url and action == "view":
retval += make_button(_("Add address"), (url + "/add") % args)
else:
retval += nbsp("") # to keep tabs same height
@ -436,7 +436,7 @@ def gallery_table(obj, user, action, url=None, *args):
_("Type"),
)
retval += table.get_html()
if user.is_authenticated() and url and action == "view":
if user.is_superuser and url and action == "view":
retval += make_button(_("Add gallery"), (url + "/add") % args)
else:
retval += nbsp("") # to keep tabs same height
@ -455,7 +455,7 @@ def internet_table(obj, user, action, url=None, *args):
url_obj.path,
url_obj.desc)
retval += table.get_html()
if user.is_authenticated() and url and action == "view":
if user.is_superuser and url and action == "view":
retval += make_button(_("Add internet"), ((str(url) % args) + "/add"))
else:
retval += nbsp("") # to keep tabs same height
@ -474,7 +474,7 @@ def association_table(obj, user, action, url=None, *args):
for association in associations:
table.row()
retval += table.get_html()
if user.is_authenticated() and url and action == "view":
if user.is_superuser and url and action == "view":
retval += make_button(_("Add association"), (url + "/add") % args)
else:
retval += nbsp("") # to keep tabs same height
@ -498,7 +498,7 @@ def lds_table(obj, user, action, url=None, *args):
lds.temple,
get_title(lds.place))
retval += table.get_html()
if user.is_authenticated() and url and action == "view":
if user.is_superuser and url and action == "view":
retval += make_button(_("Add LDS"), (url + "/add") % args)
else:
retval += nbsp("") # to keep tabs same height