Commit eb85c9aa authored by Bryan  BRANCOTTE's avatar Bryan BRANCOTTE
Browse files

Hide action that curators cannot do if they are not editor

parent 274742d8
......@@ -170,4 +170,7 @@ a[data-toggle=collapse].card-header {
}
a[data-toggle=collapse].card-header>:not(i) {
color: #212529;
}
.not-allowed {
cursor: not-allowed !important;
}
\ No newline at end of file
......@@ -150,19 +150,11 @@
</tbody>
</table>
<div class="btn-group d-flex" role="group" aria-label="Get content">
{% if request|can_edit:object %}
<a href="{% url 'viralhostrangedb:data-source-data-update' pk=object.pk%}" role="button"
class="btn btn-outline-primary"><i class="fa fa-upload"></i> {%trans "Update content" %}</a>
{%endif%}
{% if has_responses %}
<a href="{% url 'viralhostrangedb:data-source-download' pk=object.pk%}" role="button"
class="float-right btn btn-outline-primary">
<i class="fa fa-download"></i> {%trans "Download it" %}
</a>
<a href="http://hub.pages.pasteur.fr/viralhostrangedb/compatible_file.html" target="_blank" style="flex-grow:0"
class="float-right btn btn-outline-primary">
<i class="fa fa-question-circle"></i>
</a>
{%else%}
<a href="{% url 'viralhostrangedb:data-source-download' pk=object.pk%}" role="button"
class="float-right btn btn-primary">
......@@ -173,6 +165,14 @@
<i class="fa fa-question-circle"></i> {%trans "How to fill it" %}
</a>
{%endif%}
{% if request|is_editor_or_owner_of_ds:object %}
<a href="{% url 'viralhostrangedb:data-source-data-update' pk=object.pk%}" role="button"
class="btn btn-outline-primary"><i class="fa fa-upload"></i> {%trans "Update content" %}</a>
<a href="http://hub.pages.pasteur.fr/viralhostrangedb/compatible_file.html" target="_blank" style="flex-grow:0"
class="float-right btn btn-outline-primary">
<i class="fa fa-question-circle"></i>
</a>
{%endif%}
</div>
</div>
......@@ -221,7 +221,7 @@
<div class="card">
<div class="card-header">
{%trans "Viruses"%}
{% if request|can_edit:object %}
{% if request|is_editor_or_owner_of_ds:object %}
<a class="btn btn-xs btn-outline-secondary float-right"
href="{% url 'viralhostrangedb:data-source-virus-delete' pk=object.pk%}"
role="button"
......@@ -229,6 +229,8 @@
>
<i class="fa fa-trash"></i> {%trans "Delete ..." %}
</a>
{%endif%}
{% if request|can_edit:object %}
<a class="btn btn-xs btn-outline-secondary float-right"
href="{% url 'viralhostrangedb:data-source-virus-update' pk=object.pk%}"
role="button"
......@@ -249,7 +251,7 @@
<div class="card">
<div class="card-header">
{%trans "Hosts"%}
{% if request|can_edit:object %}
{% if request|is_editor_or_owner_of_ds:object %}
<a class="btn btn-xs btn-outline-secondary float-right"
href="{% url 'viralhostrangedb:data-source-host-delete' pk=object.pk%}"
role="button"
......@@ -257,6 +259,8 @@
>
<i class="fa fa-trash"></i> {%trans "Delete ..." %}
</a>
{%endif%}
{% if request|can_edit:object %}
<a class="btn btn-xs btn-outline-secondary float-right"
href="{% url 'viralhostrangedb:data-source-host-update' pk=object.pk%}"
role="button"
......
......@@ -29,20 +29,33 @@
<td>{{o.action_time}}</td>
<td>{{o.user.last_name|upper}} {{o.user.first_name|title}}</td>
<td>{{o|get_change_message_with_action}}</td>
{%with request|is_editor_or_owner_of_ds:o.object_id as can_restore %}
<td class="text-center">
{% if o|should_have_backup_file %}
{% if o|has_backup_file %}
{% if forloop.first %}
<i>{%trans 'Current version' %}</i>
{% else %}
{%if can_restore or o.user_id is request.user.id%}
<a href="{% url 'viralhostrangedb:data-source-history-download' pk=o.object_id log_pk=o.pk%}"
class="btn btn-xs btn-outline-primary">
<i class="fa fa-download" aria-hidden="true"></i> {%trans 'Download saved data'%}
</a>
{%else%}
<button disabled="disabled" class="btn btn-xs btn-outline-primary disabled not-allowed">
<i class="fa fa-download" aria-hidden="true"></i> {%trans 'Download saved data'%}
</button>
{%endif%}
{%if can_restore%}
<a href="{% url 'viralhostrangedb:data-source-history-restoration' pk=o.object_id log_pk=o.pk%}"
class="btn btn-xs btn-outline-danger">
<i class="fa fa-undo" aria-hidden="true"></i> {%trans 'Restore data at this point' %}
</a>
{%else%}
<button disabled="disabled" class="btn btn-xs btn-outline-danger disabled not-allowed">
<i class="fa fa-undo" aria-hidden="true"></i> {%trans 'Restore data at this point'%}
</button>
{%endif%}
{%endif%}
{% else %}
<i>{%trans 'Backup missing' %}</i>
......@@ -56,6 +69,7 @@
<i>{%trans 'No backup created' %}</i>
{%endif%}
</td>
{%endwith %}
</tr>
{%endfor%}
</tbody>
......
......@@ -68,6 +68,28 @@ def can_edit(user, obj):
return False
@register.filter
def is_editor_or_owner_of_ds(user, obj_pk):
# used to access datasource history, should follow get_log_entry_with_permission_check_or_404
# if user is a WSGIRequest, get the attr user
if hasattr(obj_pk,'pk'):
obj_pk=obj_pk.pk
user = getattr(user, "user", user)
if not user.is_authenticated:
return False
try:
return mixins.only_editor_or_owned_queryset_filter(
self=None,
request=None,
queryset=models.DataSource.objects.filter(pk=obj_pk),
user=user,
).exists()
except Exception as e:
if settings.DEBUG:
raise e
return False
@register.filter
def get_curators_list(_):
return business_process.get_curators().order_by("last_name", "first_name")
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment