Changeset a484cbf for asadb


Ignore:
Timestamp:
Aug 7, 2011, 9:05:54 PM (14 years ago)
Author:
Alex Dehnert <adehnert@…>
Branches:
master, space-access, stable, stage, test-hooks
Children:
0abb44b
Parents:
2dd6045
git-author:
Alex Dehnert <adehnert@…> (08/07/11 21:05:54)
git-committer:
Alex Dehnert <adehnert@…> (08/07/11 21:05:54)
Message:

Limit which fields non-Exec can update

Location:
asadb
Files:
1 added
1 edited

Legend:

Unmodified
Added
Removed

  • asadb/groups/views.py

    r2dd6045 ra484cbf  
    2222import reversion.models
    2323
     24from util.forms import StaticWidget
     25
    2426class GroupChangeMainForm(form_utils.forms.BetterModelForm):
     27    def __init__(self, *args, **kwargs):
     28        change_restricted = False
     29        if 'change_restricted' in kwargs:
     30            change_restricted = kwargs['change_restricted']
     31            del kwargs['change_restricted']
     32        super(GroupChangeMainForm, self).__init__(*args, **kwargs)
     33        if change_restricted:
     34            for field_name in self.exec_only_fields:
     35                value = getattr(self.instance, field_name)
     36                formfield = self.fields[field_name]
     37                formfield.widget = StaticWidget(value=value)
     38
     39    exec_only_fields = [
     40        'name', 'abbreviation',
     41        'athena_locker',
     42    ]
     43
    2544    class Meta:
    2645        fieldsets = [
     
    4968    if not request.user.has_perm('groups.admin_group', group):
    5069        raise PermissionDenied
     70    change_restricted = True
     71    if request.user.has_perm('groups.change_group', group):
     72        change_restricted = False
    5173
    5274    msg = None
     
    5476    initial = {}
    5577    if request.method == 'POST': # If the form has been submitted...
    56         form = GroupChangeMainForm(request.POST, request.FILES, instance=group, ) # A form bound to the POST data
     78        # A form bound to the POST data
     79        form = GroupChangeMainForm(
     80            request.POST, request.FILES,
     81            change_restricted=change_restricted,
     82            instance=group,
     83        )
    5784
    5885        if form.is_valid(): # All validation rules pass
     
    84111
    85112    else:
    86         form = GroupChangeMainForm(instance=group, initial=initial, ) # An unbound form
     113        form = GroupChangeMainForm(change_restricted=change_restricted, instance=group, initial=initial, ) # An unbound form
    87114
    88115    context = {
Note: See TracChangeset for help on using the changeset viewer.