form receiver is now a role; users with that roles are allowed access to form
status page.
This commit is contained in:
parent
ef71dac827
commit
40c5eb4753
|
@ -78,8 +78,8 @@ class FormDefUI:
|
|||
form.add(WidgetList, 'fields', title = _('Fields'), element_type = FieldWidget,
|
||||
value = self.formdef.fields, add_element_label = _('Add Field'),
|
||||
element_kwargs = {'render_br': False})
|
||||
form.add(TextWidget, "receiver", title = _('Recipient'), required = True,
|
||||
value = self.formdef.receiver, rows = 3, cols = 40)
|
||||
form.add(SingleSelectWidget, 'receiver', title = _('Recipient'), required = True,
|
||||
value = self.formdef.receiver, options = get_user_roles())
|
||||
form.add(StringWidget, "emailrcpt", title = _('Recipient Email'), size=30,
|
||||
value = self.formdef.emailrcpt)
|
||||
form.add(WidgetList, 'roles', title = _('Roles'), element_type = SingleSelectWidget,
|
||||
|
|
|
@ -25,6 +25,8 @@ class RoleUI:
|
|||
value = self.role.id)
|
||||
form.add(StringWidget, "name", title = _('Role Name'), required = True, size=30,
|
||||
value = self.role.name)
|
||||
form.add(TextWidget, "details", title = _('Role Details'), required = False,
|
||||
cols = 40, rows = 5, value = self.role.details)
|
||||
form.add_submit("submit", _("Submit"))
|
||||
form.add_submit("cancel", _("Cancel"))
|
||||
return form
|
||||
|
@ -35,12 +37,14 @@ class RoleUI:
|
|||
value = self.role.id, readonly = 'readonly')
|
||||
form.add(StringWidget, "name", title = _('Role Name'), required = True, size=30,
|
||||
value = self.role.name)
|
||||
form.add(TextWidget, "details", title = _('Role Details'), required = False,
|
||||
cols = 40, rows = 5, value = self.role.details)
|
||||
form.add_submit("submit", _("Submit"))
|
||||
form.add_submit("cancel", _("Cancel"))
|
||||
return form
|
||||
|
||||
def submit_form(self, form):
|
||||
for f in ('id', 'name'):
|
||||
for f in ('id', 'name', 'details'):
|
||||
setattr(self.role, f, form.get_widget(f).parse())
|
||||
|
||||
|
||||
|
|
|
@ -52,11 +52,16 @@ class FormStatusPage(Directory):
|
|||
_('The form has been recorded on %s with the number %s.') % (tm, self.filled.id)
|
||||
"</p>"
|
||||
if self.formdef.receiver:
|
||||
try:
|
||||
receiver = storage.get_storage().retrieve('roles', self.formdef.receiver)
|
||||
details = receiver.details
|
||||
except KeyError:
|
||||
details = receiver # was done like that before
|
||||
"<p>"
|
||||
_('Your case is handled by:')
|
||||
"</p>"
|
||||
'<p id="receiver">'
|
||||
htmltext(self.formdef.receiver.replace(str('\n'), str('<br />')))
|
||||
htmltext(details.replace(str('\n'), str('<br />')))
|
||||
"</p>"
|
||||
"""<dl id="receipt">"""
|
||||
for f in self.formdef.fields:
|
||||
|
@ -69,10 +74,14 @@ class FormStatusPage(Directory):
|
|||
|
||||
def status [html] (self):
|
||||
session = get_session()
|
||||
if not session or self.filled.user_id != session.user:
|
||||
# XXX: allows only for the persons responsible for that type of
|
||||
# form
|
||||
raise wcs.errors.AccessError()
|
||||
if not session or not session.user:
|
||||
raise wcs.errors.AccessUnauthorizedError()
|
||||
try:
|
||||
user = storage.get_storage().retrieve('users', session.user)
|
||||
except KeyError:
|
||||
raise wcs.errors.AccessUnauthorizedError()
|
||||
if not self.formdef.receiver in user.roles:
|
||||
raise wcs.errors.AccessForbiddenError()
|
||||
html_top(self.formdef.name + ' - ' + self.filled.id)
|
||||
tm = time.strftime(str("%Y-%m-%d %H:%M"), self.filled.receipt_time)
|
||||
"<p>"
|
||||
|
@ -107,9 +116,9 @@ class FormPage(Directory):
|
|||
pass
|
||||
if self.formdef.roles:
|
||||
if not user:
|
||||
raise wcs.errors.AccessForbiddenError()
|
||||
raise wcs.errors.AccessUnauthorizedError()
|
||||
for q in user.roles or []:
|
||||
if q in self.formdef.roles:
|
||||
if q in self.formdef.roles or q == self.formdef.receiver:
|
||||
break
|
||||
else:
|
||||
raise wcs.errors.AccessForbiddenError()
|
||||
|
@ -182,11 +191,16 @@ class FormPage(Directory):
|
|||
_('The form has been recorded on %s with the number %s.') % (tm, filled.id)
|
||||
"</p>"
|
||||
if self.formdef.receiver:
|
||||
try:
|
||||
receiver = storage.get_storage().retrieve('roles', self.formdef.receiver)
|
||||
details = receiver.details
|
||||
except KeyError:
|
||||
details = receiver # was done like that before
|
||||
"<p>"
|
||||
_('Your case will be handled by:')
|
||||
"</p>"
|
||||
'<p id="receiver">'
|
||||
htmltext(self.formdef.receiver.replace(str('\n'), str('<br />')))
|
||||
htmltext(details.replace(str('\n'), str('<br />')))
|
||||
"</p>"
|
||||
|
||||
|
||||
|
|
|
@ -6,7 +6,12 @@ class Role(storage.Storable):
|
|||
key = 'id'
|
||||
names = 'roles'
|
||||
|
||||
id = None
|
||||
name = None
|
||||
details = None
|
||||
|
||||
def __init__(self):
|
||||
self.id = ''
|
||||
self.name = ''
|
||||
self.details = ''
|
||||
|
||||
|
|
Loading…
Reference in New Issue