diff --git a/src/viralhostrange/viralhostrangedb/static/css/base.css b/src/viralhostrange/viralhostrangedb/static/css/base.css
index 8e8a743c88e7fb0bbc15ce35071755a79cfaf7f1..4f0615772b1f124277a700356e694b2f8069b511 100644
--- a/src/viralhostrange/viralhostrangedb/static/css/base.css
+++ b/src/viralhostrange/viralhostrangedb/static/css/base.css
@@ -170,4 +170,7 @@ a[data-toggle=collapse].card-header {
}
a[data-toggle=collapse].card-header>:not(i) {
color: #212529;
+}
+.not-allowed {
+ cursor: not-allowed !important;
}
\ No newline at end of file
diff --git a/src/viralhostrange/viralhostrangedb/templates/viralhostrangedb/datasource_detail.html b/src/viralhostrange/viralhostrangedb/templates/viralhostrangedb/datasource_detail.html
index b07d447b8d41979abd7f86a0ada969c21d333e29..b6ec080bacb55b7ffaf4d3d9f6673b22fce244fc 100644
--- a/src/viralhostrange/viralhostrangedb/templates/viralhostrangedb/datasource_detail.html
+++ b/src/viralhostrange/viralhostrangedb/templates/viralhostrangedb/datasource_detail.html
@@ -150,19 +150,11 @@
</tbody>
</table>
<div class="btn-group d-flex" role="group" aria-label="Get content">
- {% if request|can_edit:object %}
- <a href="{% url 'viralhostrangedb:data-source-data-update' pk=object.pk%}" role="button"
- class="btn btn-outline-primary"><i class="fa fa-upload"></i> {%trans "Update content" %}</a>
- {%endif%}
{% if has_responses %}
<a href="{% url 'viralhostrangedb:data-source-download' pk=object.pk%}" role="button"
class="float-right btn btn-outline-primary">
<i class="fa fa-download"></i> {%trans "Download it" %}
</a>
- <a href="http://hub.pages.pasteur.fr/viralhostrangedb/compatible_file.html" target="_blank" style="flex-grow:0"
- class="float-right btn btn-outline-primary">
- <i class="fa fa-question-circle"></i>
- </a>
{%else%}
<a href="{% url 'viralhostrangedb:data-source-download' pk=object.pk%}" role="button"
class="float-right btn btn-primary">
@@ -173,6 +165,14 @@
<i class="fa fa-question-circle"></i> {%trans "How to fill it" %}
</a>
{%endif%}
+ {% if request|is_editor_or_owner_of_ds:object %}
+ <a href="{% url 'viralhostrangedb:data-source-data-update' pk=object.pk%}" role="button"
+ class="btn btn-outline-primary"><i class="fa fa-upload"></i> {%trans "Update content" %}</a>
+ <a href="http://hub.pages.pasteur.fr/viralhostrangedb/compatible_file.html" target="_blank" style="flex-grow:0"
+ class="float-right btn btn-outline-primary">
+ <i class="fa fa-question-circle"></i>
+ </a>
+ {%endif%}
</div>
</div>
@@ -221,7 +221,7 @@
<div class="card">
<div class="card-header">
{%trans "Viruses"%}
- {% if request|can_edit:object %}
+ {% if request|is_editor_or_owner_of_ds:object %}
<a class="btn btn-xs btn-outline-secondary float-right"
href="{% url 'viralhostrangedb:data-source-virus-delete' pk=object.pk%}"
role="button"
@@ -229,6 +229,8 @@
>
<i class="fa fa-trash"></i> {%trans "Delete ..." %}
</a>
+ {%endif%}
+ {% if request|can_edit:object %}
<a class="btn btn-xs btn-outline-secondary float-right"
href="{% url 'viralhostrangedb:data-source-virus-update' pk=object.pk%}"
role="button"
@@ -249,7 +251,7 @@
<div class="card">
<div class="card-header">
{%trans "Hosts"%}
- {% if request|can_edit:object %}
+ {% if request|is_editor_or_owner_of_ds:object %}
<a class="btn btn-xs btn-outline-secondary float-right"
href="{% url 'viralhostrangedb:data-source-host-delete' pk=object.pk%}"
role="button"
@@ -257,6 +259,8 @@
>
<i class="fa fa-trash"></i> {%trans "Delete ..." %}
</a>
+ {%endif%}
+ {% if request|can_edit:object %}
<a class="btn btn-xs btn-outline-secondary float-right"
href="{% url 'viralhostrangedb:data-source-host-update' pk=object.pk%}"
role="button"
diff --git a/src/viralhostrange/viralhostrangedb/templates/viralhostrangedb/datasource_history.html b/src/viralhostrange/viralhostrangedb/templates/viralhostrangedb/datasource_history.html
index 9124b45f04744d2b7e237a7d9a9d62634685d716..16b3464549e903741eea4a5d3f60de9c55f0b35a 100644
--- a/src/viralhostrange/viralhostrangedb/templates/viralhostrangedb/datasource_history.html
+++ b/src/viralhostrange/viralhostrangedb/templates/viralhostrangedb/datasource_history.html
@@ -29,20 +29,33 @@
<td>{{o.action_time}}</td>
<td>{{o.user.last_name|upper}} {{o.user.first_name|title}}</td>
<td>{{o|get_change_message_with_action}}</td>
+ {%with request|is_editor_or_owner_of_ds:o.object_id as can_restore %}
<td class="text-center">
{% if o|should_have_backup_file %}
{% if o|has_backup_file %}
{% if forloop.first %}
<i>{%trans 'Current version' %}</i>
{% else %}
+ {%if can_restore or o.user_id is request.user.id%}
<a href="{% url 'viralhostrangedb:data-source-history-download' pk=o.object_id log_pk=o.pk%}"
class="btn btn-xs btn-outline-primary">
<i class="fa fa-download" aria-hidden="true"></i> {%trans 'Download saved data'%}
</a>
+ {%else%}
+ <button disabled="disabled" class="btn btn-xs btn-outline-primary disabled not-allowed">
+ <i class="fa fa-download" aria-hidden="true"></i> {%trans 'Download saved data'%}
+ </button>
+ {%endif%}
+ {%if can_restore%}
<a href="{% url 'viralhostrangedb:data-source-history-restoration' pk=o.object_id log_pk=o.pk%}"
class="btn btn-xs btn-outline-danger">
<i class="fa fa-undo" aria-hidden="true"></i> {%trans 'Restore data at this point' %}
</a>
+ {%else%}
+ <button disabled="disabled" class="btn btn-xs btn-outline-danger disabled not-allowed">
+ <i class="fa fa-undo" aria-hidden="true"></i> {%trans 'Restore data at this point'%}
+ </button>
+ {%endif%}
{%endif%}
{% else %}
<i>{%trans 'Backup missing' %}</i>
@@ -56,6 +69,7 @@
<i>{%trans 'No backup created' %}</i>
{%endif%}
</td>
+ {%endwith %}
</tr>
{%endfor%}
</tbody>
diff --git a/src/viralhostrange/viralhostrangedb/templatetags/viralhostrange_tags.py b/src/viralhostrange/viralhostrangedb/templatetags/viralhostrange_tags.py
index 75c4a6a9267e72bcb3e75e18885e3c4a9306f72a..bbe97295287f1b9546f3c941206c4b633c447630 100644
--- a/src/viralhostrange/viralhostrangedb/templatetags/viralhostrange_tags.py
+++ b/src/viralhostrange/viralhostrangedb/templatetags/viralhostrange_tags.py
@@ -68,6 +68,28 @@ def can_edit(user, obj):
return False
+@register.filter
+def is_editor_or_owner_of_ds(user, obj_pk):
+ # used to access datasource history, should follow get_log_entry_with_permission_check_or_404
+ # if user is a WSGIRequest, get the attr user
+ if hasattr(obj_pk,'pk'):
+ obj_pk=obj_pk.pk
+ user = getattr(user, "user", user)
+ if not user.is_authenticated:
+ return False
+ try:
+ return mixins.only_editor_or_owned_queryset_filter(
+ self=None,
+ request=None,
+ queryset=models.DataSource.objects.filter(pk=obj_pk),
+ user=user,
+ ).exists()
+ except Exception as e:
+ if settings.DEBUG:
+ raise e
+ return False
+
+
@register.filter
def get_curators_list(_):
return business_process.get_curators().order_by("last_name", "first_name")