restrict access to the generic class edit form

author richard <richard@57a73879-2fb5-44c3-a270-3262357dd7e2>

Wed, 11 Sep 2002 01:20:41 +0000 (01:20 +0000)

committer richard <richard@57a73879-2fb5-44c3-a270-3262357dd7e2>

Wed, 11 Sep 2002 01:20:41 +0000 (01:20 +0000)
author richard <richard@57a73879-2fb5-44c3-a270-3262357dd7e2>
Wed, 11 Sep 2002 01:20:41 +0000 (01:20 +0000)
committer richard <richard@57a73879-2fb5-44c3-a270-3262357dd7e2>
Wed, 11 Sep 2002 01:20:41 +0000 (01:20 +0000)
diff --git a/roundup/templates/classic/html/_generic.index b/roundup/templates/classic/html/_generic.index

index 951dafdcd1140ddde491ddba27af0b2da0018a49..69d3d9926f080d7a6e0380542370397816d58236 100644 (file)
--- a/roundup/templates/classic/html/_generic.index
+++ b/roundup/templates/classic/html/_generic.index
@@ -1,5 +1,14 @@
  <!-- dollarId: issue.index,v 1.2 2001/07/29 04:07:37 richard Exp dollar-->
+<tal:block tal:define="
+    editok python:request.user.hasPermission('Edit') or
+           context.id == request.user.id;
+    viewok python:request.user.hasPermission('View')">
  
+<span tal:condition="python:not (viewok or editok)">
+You are not allowed to view this page.
+</span>
+
+<tal:block tal:condition="editok">
  <p class="form-help">
   You may edit the contents of the <span tal:replace="request/classname" />
   class using this form. Commas, newlines and double quotes (") must be
@@ -24,4 +33,10 @@
  <input type="hidden" name=":action" value="editCSV">
  <input type="submit" value="Edit Items">
  </form>
+</tal:block>
+
+<tal:block tal:condition="python:viewok and not editok">
+view ok
+</tal:block>
  
+</tal:block>
author	richard <richard@57a73879-2fb5-44c3-a270-3262357dd7e2>
	Wed, 11 Sep 2002 01:20:41 +0000 (01:20 +0000)
committer	richard <richard@57a73879-2fb5-44c3-a270-3262357dd7e2>
	Wed, 11 Sep 2002 01:20:41 +0000 (01:20 +0000)