From e39b9b26ad8a63298b1e2b02828cfcc828d68278 Mon Sep 17 00:00:00 2001
From: Sanjay B <b@pad.ma>
Date: Tue, 28 May 2013 16:23:00 +0530
Subject: [PATCH] implement permissions for add / edit objects (except where
 group permissions apply)

---
 itf/app/models.py                       | 25 +++++++++++++++++++++++--
 itf/insidepages/views.py                |  3 ++-
 itf/itfprofiles/models.py               |  2 +-
 itf/templates/modules/events/event.html |  2 +-
 itf/templates/noel/render_object.html   | 14 +++++++-------
 5 files changed, 34 insertions(+), 12 deletions(-)

diff --git a/itf/app/models.py b/itf/app/models.py
index da06c5d..ae441cf 100755
--- a/itf/app/models.py
+++ b/itf/app/models.py
@@ -60,6 +60,26 @@ class ItfModel(models.Model):
   class Meta:
     abstract = True
 
+
+  #Check if user has permissions on object - if more complex perms required, model should over-ride this method
+  def user_has_perms(self, user):
+    if not user.is_authenticated():
+      return False
+    if user.is_superuser:
+      return True
+    if not hasattr(self, 'added_by'):
+      if self.user.id == user.id:
+        return True
+      else:
+        return False
+    else:
+      if self.added_by.id == user.id:
+        return True
+      else:
+        return False
+    
+  
+
   #Should return the id for the object and the title to display in the left hand list
   def list_dict(self):
     return {
@@ -78,7 +98,7 @@ class ItfModel(models.Model):
     return d
 
  
-  def info_dict(self):
+  def info_dict(self, request):
     '''
         Ideally you should not over-ride this - over-ride .get_dict() to pass custom data.
     '''
@@ -89,6 +109,7 @@ class ItfModel(models.Model):
     try:
       edit_url = self.get_edit_url()
       d['edit_url'] = edit_url
+      d['user_has_perms'] = self.user_has_perms(request.user)
     except:
       pass
     return d
@@ -244,7 +265,7 @@ class ItfModel(models.Model):
   Renders the html for this object by taking .info_dict() and rendering it to .get_template_path() . Subclasses should not over-ride this - over-ride .get_dict() ideally to pass custom data.
   '''
   def insidepage_dict(self, request):
-    context = RequestContext(request, self.info_dict())
+    context = RequestContext(request, self.info_dict(request))
     html = render_to_string(self.get_template_path(), context)
     return {
         'url': self.get_absolute_url(),
diff --git a/itf/insidepages/views.py b/itf/insidepages/views.py
index 48625e3..c4af5b0 100755
--- a/itf/insidepages/views.py
+++ b/itf/insidepages/views.py
@@ -19,7 +19,7 @@ def add_object(request, module_slug, tab_slug):
         #pdb.set_trace()        
         if f.is_valid():
             instance = f.save(commit=False)
-            if instance.__dict__.has_key('added_by_id'):
+            if instance.__dict__.has_key('added_by_id'): #FIXME: add user.is_authenticated() ..
                 instance.added_by = request.user
             instance.save()
             inlines = [inline(request.POST, request.FILES, instance=instance) for inline in f.inlines]
@@ -61,6 +61,7 @@ def edit_object(request, module_slug, tab_slug, object_id):
    
     if request.POST:
         f = form(request.POST, request.FILES, instance=obj)
+        #FIXME: if obj.user_has_perms(request.user): .. else return error .. 
         inlines = [inline(request.POST, request.FILES, instance=obj) for inline in f.inlines]
         if f.is_valid():
             instance = f.save()
diff --git a/itf/itfprofiles/models.py b/itf/itfprofiles/models.py
index 453f7a0..bb4e945 100644
--- a/itf/itfprofiles/models.py
+++ b/itf/itfprofiles/models.py
@@ -393,7 +393,7 @@ from scriptbank.models import Script
   
 class Production(ItfModel):
 #    user = models.ForeignKey(User)
-    fts_fields = ['name', 'synopsis', 'group__name', 'director__firstname', 'director__lastname', 'playwright__firstname', 'playwright__lastname', 'anecdotes']
+    fts_fields = ['name', 'synopsis', 'group__name', 'director__first_name', 'director__last_name', 'playwright__first_name', 'playwright__last_name', 'anecdotes']
     form_names = ['ProductionForm', 'PopupProductionForm']
     main_form = 'ProductionForm'
     added_by = models.ForeignKey(User)
diff --git a/itf/templates/modules/events/event.html b/itf/templates/modules/events/event.html
index ee64b3a..416ef3a 100644
--- a/itf/templates/modules/events/event.html
+++ b/itf/templates/modules/events/event.html
@@ -209,4 +209,4 @@ $(function() {
 </script>
 
 <br />
-<a href="{{ edit_url }}">Edit</a>
+{% if user_has_perms %}<a href="{{ edit_url }}">Edit</a>{% endif %}
diff --git a/itf/templates/noel/render_object.html b/itf/templates/noel/render_object.html
index 9007c10..7538a20 100755
--- a/itf/templates/noel/render_object.html
+++ b/itf/templates/noel/render_object.html
@@ -95,14 +95,14 @@
         <div id="searchInnerDiv">
             <!--<img src="/static/images/noel/search-inner.png" width="22" height="18" alt="search" class="searchInner">-->	
             <img src="/static/images/noel/about.png" width="22" height="22" id="aboutBtn" alt="About" title="About">
-            
-            {% if item.get_add_url %}
-                <a href="{{ item.get_add_url }}">
-                        <img src="/static/images/noel/add.png" width="28" height="20" id="addBtn" alt="About" title="Add">
-                </a>
-            
+            {% if user.is_authenticated %}
+                {% if item.get_add_url %}
+                    <a href="{{ item.get_add_url }}">
+                            <img src="/static/images/noel/add.png" width="28" height="20" id="addBtn" alt="About" title="Add">
+                    </a>
+                
+                {% endif %}
             {% endif %}
-            
             {% ifequal title "Best Practices" %} <!-- FIXME!!! -->
                 <a target="_blank" href="/static/upload/bestpractices_downloads/INDIA_THEATRE_FORUM_BOOK-rev-4-4-11.pdf">
                     <img src="/static/images/noel/Download-Icon.gif" width="29" height="20" id="downloadBtn" alt="Download" title="Download">