forked from 0x2620/pandora
add canEditRightsLevel flag
This commit is contained in:
parent
e62c7d30f2
commit
e28542578d
5 changed files with 9 additions and 2 deletions
|
@ -32,6 +32,7 @@
|
||||||
"canEditMedia": {"staff": true, "admin": true},
|
"canEditMedia": {"staff": true, "admin": true},
|
||||||
"canEditMetadata": {"staff": true, "admin": true},
|
"canEditMetadata": {"staff": true, "admin": true},
|
||||||
"canEditPlaces": {"staff": true, "admin": true},
|
"canEditPlaces": {"staff": true, "admin": true},
|
||||||
|
"canEditRightsLevel": {"staff": true, "admin": true},
|
||||||
"canEditSitePages": {"staff": true, "admin": true},
|
"canEditSitePages": {"staff": true, "admin": true},
|
||||||
"canEditUsers": {"admin": true},
|
"canEditUsers": {"admin": true},
|
||||||
"canImportAnnotations": {},
|
"canImportAnnotations": {},
|
||||||
|
|
|
@ -33,6 +33,7 @@
|
||||||
"canEditMedia": {"researcher": true, "staff": true, "admin": true},
|
"canEditMedia": {"researcher": true, "staff": true, "admin": true},
|
||||||
"canEditMetadata": {"researcher": true, "staff": true, "admin": true},
|
"canEditMetadata": {"researcher": true, "staff": true, "admin": true},
|
||||||
"canEditPlaces": {"researcher": true, "staff": true, "admin": true},
|
"canEditPlaces": {"researcher": true, "staff": true, "admin": true},
|
||||||
|
"canEditRightsLevel": {"researcher": true, "staff": true, "admin": true},
|
||||||
"canEditSitePages": {"staff": true, "admin": true},
|
"canEditSitePages": {"staff": true, "admin": true},
|
||||||
"canEditUsers": {"staff": true, "admin": true},
|
"canEditUsers": {"staff": true, "admin": true},
|
||||||
"canImportAnnotations": {"researcher": true, "staff": true, "admin": true},
|
"canImportAnnotations": {"researcher": true, "staff": true, "admin": true},
|
||||||
|
|
|
@ -32,6 +32,7 @@
|
||||||
"canEditMedia": {"staff": true, "admin": true},
|
"canEditMedia": {"staff": true, "admin": true},
|
||||||
"canEditMetadata": {"staff": true, "admin": true},
|
"canEditMetadata": {"staff": true, "admin": true},
|
||||||
"canEditPlaces": {"staff": true, "admin": true},
|
"canEditPlaces": {"staff": true, "admin": true},
|
||||||
|
"canEditRightsLevel": {"member": true, "staff": true, "admin": true},
|
||||||
"canEditSitePages": {"staff": true, "admin": true},
|
"canEditSitePages": {"staff": true, "admin": true},
|
||||||
"canEditUsers": {"admin": true},
|
"canEditUsers": {"admin": true},
|
||||||
"canImportAnnotations": {"member": true, "staff": true, "admin": true},
|
"canImportAnnotations": {"member": true, "staff": true, "admin": true},
|
||||||
|
|
|
@ -32,6 +32,7 @@
|
||||||
"canEditMedia": {"staff": true, "admin": true},
|
"canEditMedia": {"staff": true, "admin": true},
|
||||||
"canEditMetadata": {"staff": true, "admin": true},
|
"canEditMetadata": {"staff": true, "admin": true},
|
||||||
"canEditPlaces": {"staff": true, "admin": true},
|
"canEditPlaces": {"staff": true, "admin": true},
|
||||||
|
"canEditRightsLevel": {"member": true, "staff": true, "admin": true},
|
||||||
"canEditSitePages": {"staff": true, "admin": true},
|
"canEditSitePages": {"staff": true, "admin": true},
|
||||||
"canEditUsers": {"admin": true},
|
"canEditUsers": {"admin": true},
|
||||||
"canImportAnnotations": {"member": true, "staff": true, "admin": true},
|
"canImportAnnotations": {"member": true, "staff": true, "admin": true},
|
||||||
|
|
|
@ -555,7 +555,10 @@ def edit(request):
|
||||||
item.log()
|
item.log()
|
||||||
response = json_response(status=200, text='ok')
|
response = json_response(status=200, text='ok')
|
||||||
if 'rightslevel' in data:
|
if 'rightslevel' in data:
|
||||||
item.level = int(data['rightslevel'])
|
if request.user.get_profile().capability('canEditRightsLevel') == True:
|
||||||
|
item.level = int(data['rightslevel'])
|
||||||
|
else:
|
||||||
|
response = json_response(status=403, text='permission denied')
|
||||||
del data['rightslevel']
|
del data['rightslevel']
|
||||||
if 'user' in data:
|
if 'user' in data:
|
||||||
if request.user.get_profile().get_level() in ('admin', 'staff') and \
|
if request.user.get_profile().get_level() in ('admin', 'staff') and \
|
||||||
|
@ -572,7 +575,7 @@ def edit(request):
|
||||||
tasks.update_clips.delay(item.itemId)
|
tasks.update_clips.delay(item.itemId)
|
||||||
response['data'] = item.get_json()
|
response['data'] = item.get_json()
|
||||||
else:
|
else:
|
||||||
response = json_response(status=403, text='permissino denied')
|
response = json_response(status=403, text='permission denied')
|
||||||
return render_to_json_response(response)
|
return render_to_json_response(response)
|
||||||
actions.register(edit, cache=False)
|
actions.register(edit, cache=False)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue