form receiver is now a role; users with that roles are allowed access to form

status page.

wcs/admin/forms.ptl

@@ -78,8 +78,8 @@ class FormDefUI:
         form.add(WidgetList, 'fields', title = _('Fields'), element_type = FieldWidget,
                 value = self.formdef.fields, add_element_label = _('Add Field'),
                 element_kwargs = {'render_br': False})
-        form.add(TextWidget, "receiver", title = _('Recipient'), required = True,
-                value = self.formdef.receiver, rows = 3, cols = 40)
+        form.add(SingleSelectWidget, 'receiver', title = _('Recipient'), required = True,
+                value = self.formdef.receiver, options = get_user_roles())
         form.add(StringWidget, "emailrcpt", title = _('Recipient Email'), size=30,
                 value = self.formdef.emailrcpt)
         form.add(WidgetList, 'roles', title = _('Roles'), element_type = SingleSelectWidget,

wcs/admin/roles.ptl

@@ -25,6 +25,8 @@ class RoleUI:
                 value = self.role.id)
         form.add(StringWidget, "name", title = _('Role Name'), required = True, size=30,
                 value = self.role.name)
+        form.add(TextWidget, "details", title = _('Role Details'), required = False,
+                cols = 40, rows = 5, value = self.role.details)
         form.add_submit("submit", _("Submit"))
         form.add_submit("cancel", _("Cancel"))
         return form
@@ -35,12 +37,14 @@ class RoleUI:
                 value = self.role.id, readonly = 'readonly')
         form.add(StringWidget, "name", title = _('Role Name'), required = True, size=30,
                 value = self.role.name)
+        form.add(TextWidget, "details", title = _('Role Details'), required = False,
+                cols = 40, rows = 5, value = self.role.details)
         form.add_submit("submit", _("Submit"))
         form.add_submit("cancel", _("Cancel"))
         return form
 
     def submit_form(self, form):
-        for f in ('id', 'name'):
+        for f in ('id', 'name', 'details'):
             setattr(self.role, f, form.get_widget(f).parse())
 
 

wcs/forms/root.ptl

@@ -52,11 +52,16 @@ class FormStatusPage(Directory):
         _('The form has been recorded on %s with the number %s.') % (tm, self.filled.id)
         "</p>"
         if self.formdef.receiver:
+            try:
+                receiver = storage.get_storage().retrieve('roles', self.formdef.receiver)
+                details = receiver.details
+            except KeyError:
+                details = receiver # was done like that before
             "<p>"
             _('Your case is handled by:')
             "</p>"
             '<p id="receiver">'
-            htmltext(self.formdef.receiver.replace(str('\n'), str('<br />')))
+            htmltext(details.replace(str('\n'), str('<br />')))
             "</p>"
         """<dl id="receipt">"""
         for f in self.formdef.fields:
@@ -69,10 +74,14 @@ class FormStatusPage(Directory):
 
     def status [html] (self):
         session = get_session()
-        if not session or self.filled.user_id != session.user:
-            # XXX: allows only for the persons responsible for that type of
-            # form
-            raise wcs.errors.AccessError()
+        if not session or not session.user:
+            raise wcs.errors.AccessUnauthorizedError()
+        try:
+            user = storage.get_storage().retrieve('users', session.user)
+        except KeyError:
+            raise wcs.errors.AccessUnauthorizedError()
+        if not self.formdef.receiver in user.roles:
+            raise wcs.errors.AccessForbiddenError()
         html_top(self.formdef.name + ' - ' + self.filled.id)
         tm = time.strftime(str("%Y-%m-%d %H:%M"), self.filled.receipt_time)
         "<p>"
@@ -107,9 +116,9 @@ class FormPage(Directory):
                 pass
         if self.formdef.roles:
             if not user:
-                raise wcs.errors.AccessForbiddenError()
+                raise wcs.errors.AccessUnauthorizedError()
             for q in user.roles or []:
-                if q in self.formdef.roles:
+                if q in self.formdef.roles or q == self.formdef.receiver:
                     break
             else:
                 raise wcs.errors.AccessForbiddenError()
@@ -182,11 +191,16 @@ class FormPage(Directory):
         _('The form has been recorded on %s with the number %s.') % (tm, filled.id)
         "</p>"
         if self.formdef.receiver:
+            try:
+                receiver = storage.get_storage().retrieve('roles', self.formdef.receiver)
+                details = receiver.details
+            except KeyError:
+                details = receiver # was done like that before
             "<p>"
             _('Your case will be handled by:')
             "</p>"
             '<p id="receiver">'
-            htmltext(self.formdef.receiver.replace(str('\n'), str('<br />')))
+            htmltext(details.replace(str('\n'), str('<br />')))
             "</p>"
 
 

wcs/roles.py

@@ -6,7 +6,12 @@ class Role(storage.Storable):
     key = 'id'
     names = 'roles'
 
+    id = None
+    name = None
+    details = None
+
     def __init__(self):
         self.id = ''
         self.name = ''
+        self.details = ''