don't display forms for which user has no rights
This commit is contained in:
parent
30d3e61441
commit
c1b8f5f361
|
@ -9,6 +9,7 @@ import wcs.root
|
|||
from wcs import template
|
||||
from wcs import errors
|
||||
from wcs.form import *
|
||||
from wcs.roles import logged_users_role
|
||||
|
||||
from wcs.categories import Category
|
||||
from wcs.formdef import FormDef
|
||||
|
@ -138,20 +139,45 @@ class AlternateRootDirectory(OldRootDirectory):
|
|||
'<div id="services">'
|
||||
'<h3>%s</h3>' % _('Services')
|
||||
|
||||
if get_request().user and get_request().user.roles:
|
||||
accepted_roles = get_request().user.roles
|
||||
else:
|
||||
accepted_roles = []
|
||||
|
||||
self.consultations_category = None
|
||||
'<ul>'
|
||||
for category in Category.select(order_by = 'name'):
|
||||
if category.url_name == 'consultations':
|
||||
self.consultations_category = category
|
||||
continue
|
||||
formdefs = FormDef.select(lambda x: (
|
||||
x.category_id == category.id and not x.disabled),
|
||||
order_by = 'name')
|
||||
|
||||
for formdef in formdefs[:]:
|
||||
if not formdef.roles:
|
||||
continue
|
||||
if not get_request().user:
|
||||
formdefs.remove(formdef)
|
||||
continue
|
||||
if logged_users_role().id in formdef.roles:
|
||||
continue
|
||||
for q in accepted_roles:
|
||||
if q in formdef.roles:
|
||||
break
|
||||
else:
|
||||
formdefs.remove(formdef)
|
||||
continue
|
||||
|
||||
if not formdefs:
|
||||
continue
|
||||
|
||||
'<li>'
|
||||
'<strong>'
|
||||
'<a href="%s/">' % category.url_name
|
||||
category.name
|
||||
'</a></strong> : '
|
||||
formdefs = FormDef.select(lambda x: (
|
||||
x.category_id == category.id and not x.disabled),
|
||||
order_by = 'name')
|
||||
|
||||
for formdef in formdefs[:3]:
|
||||
'<a href="%s/%s/">%s</a>' % (category.url_name, formdef.url_name, formdef.name)
|
||||
if formdef != formdefs[-1]:
|
||||
|
|
Reference in New Issue