add canEditRightsLevel flag
This commit is contained in:
parent
e62c7d30f2
commit
e28542578d
5 changed files with 9 additions and 2 deletions
|
@ -32,6 +32,7 @@
|
|||
"canEditMedia": {"staff": true, "admin": true},
|
||||
"canEditMetadata": {"staff": true, "admin": true},
|
||||
"canEditPlaces": {"staff": true, "admin": true},
|
||||
"canEditRightsLevel": {"staff": true, "admin": true},
|
||||
"canEditSitePages": {"staff": true, "admin": true},
|
||||
"canEditUsers": {"admin": true},
|
||||
"canImportAnnotations": {},
|
||||
|
|
|
@ -33,6 +33,7 @@
|
|||
"canEditMedia": {"researcher": true, "staff": true, "admin": true},
|
||||
"canEditMetadata": {"researcher": true, "staff": true, "admin": true},
|
||||
"canEditPlaces": {"researcher": true, "staff": true, "admin": true},
|
||||
"canEditRightsLevel": {"researcher": true, "staff": true, "admin": true},
|
||||
"canEditSitePages": {"staff": true, "admin": true},
|
||||
"canEditUsers": {"staff": true, "admin": true},
|
||||
"canImportAnnotations": {"researcher": true, "staff": true, "admin": true},
|
||||
|
|
|
@ -32,6 +32,7 @@
|
|||
"canEditMedia": {"staff": true, "admin": true},
|
||||
"canEditMetadata": {"staff": true, "admin": true},
|
||||
"canEditPlaces": {"staff": true, "admin": true},
|
||||
"canEditRightsLevel": {"member": true, "staff": true, "admin": true},
|
||||
"canEditSitePages": {"staff": true, "admin": true},
|
||||
"canEditUsers": {"admin": true},
|
||||
"canImportAnnotations": {"member": true, "staff": true, "admin": true},
|
||||
|
|
|
@ -32,6 +32,7 @@
|
|||
"canEditMedia": {"staff": true, "admin": true},
|
||||
"canEditMetadata": {"staff": true, "admin": true},
|
||||
"canEditPlaces": {"staff": true, "admin": true},
|
||||
"canEditRightsLevel": {"member": true, "staff": true, "admin": true},
|
||||
"canEditSitePages": {"staff": true, "admin": true},
|
||||
"canEditUsers": {"admin": true},
|
||||
"canImportAnnotations": {"member": true, "staff": true, "admin": true},
|
||||
|
|
|
@ -555,7 +555,10 @@ def edit(request):
|
|||
item.log()
|
||||
response = json_response(status=200, text='ok')
|
||||
if 'rightslevel' in data:
|
||||
item.level = int(data['rightslevel'])
|
||||
if request.user.get_profile().capability('canEditRightsLevel') == True:
|
||||
item.level = int(data['rightslevel'])
|
||||
else:
|
||||
response = json_response(status=403, text='permission denied')
|
||||
del data['rightslevel']
|
||||
if 'user' in data:
|
||||
if request.user.get_profile().get_level() in ('admin', 'staff') and \
|
||||
|
@ -572,7 +575,7 @@ def edit(request):
|
|||
tasks.update_clips.delay(item.itemId)
|
||||
response['data'] = item.get_json()
|
||||
else:
|
||||
response = json_response(status=403, text='permissino denied')
|
||||
response = json_response(status=403, text='permission denied')
|
||||
return render_to_json_response(response)
|
||||
actions.register(edit, cache=False)
|
||||
|
||||
|
|
Loading…
Reference in a new issue