Only users with attract-user role can use Attract
Subscribers without that role still have read-only access to Attract, assuming they have access to the project at all. NOTE: this only handles the web interface. API calls are still governed by the nodes permission system, which doesn't currently allow these kinds of role-based user checks.
This commit is contained in:
@@ -6,7 +6,9 @@
|
||||
.col_header.item-list-header
|
||||
a.item-project(href="{{url_for('projects.view', project_url=project.url)}}") {{ project.name }}
|
||||
span.item-extra Assets ({{ assets | count }})
|
||||
| {% if can_create_asset %}
|
||||
a#item-add(href="javascript:asset_create('{{ project.url }}');") + Create Asset
|
||||
| {% endif %}
|
||||
|
||||
.item-list.asset.col-scrollable
|
||||
.table
|
||||
@@ -61,8 +63,7 @@
|
||||
span {{ task.properties.status[0] }}
|
||||
| #}
|
||||
| {% endfor %}
|
||||
//- Dirty hack, assume a user can create a task for a asset if they can edit the asset.
|
||||
| {% if 'PUT' in asset.allowed_methods %}
|
||||
| {% if can_create_task %}
|
||||
button.task-add(
|
||||
title="Add a new '{{ task_type }}' task",
|
||||
class="task-add-link {% if tasks_for_assets[asset._id][task_type] %}hidden{% endif %}",
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
form#item_form(onsubmit="return asset_save('{{asset._id}}', '{{ url_for('attract.assets.perproject.save', project_url=project['url'], asset_id=asset._id) }}')")
|
||||
input(type='hidden',name='_etag',value='{{ asset._etag }}')
|
||||
.input-group
|
||||
| {% if 'PUT' in asset.allowed_methods %}
|
||||
| {% if can_edit %}
|
||||
input.item-name(
|
||||
name="name",
|
||||
type="text",
|
||||
@@ -19,7 +19,7 @@
|
||||
title="Copy ID to clipboard")
|
||||
| ID
|
||||
|
||||
| {% if 'PUT' in asset.allowed_methods %}
|
||||
| {% if can_edit %}
|
||||
.input-group
|
||||
textarea#item-description.input-transparent(
|
||||
name="description",
|
||||
@@ -108,7 +108,7 @@ script.
|
||||
|
||||
$('.js-help').openModalUrl('Help', "{{ url_for('attract.help', project_url=project.url) }}");
|
||||
|
||||
{% if 'PUT' in asset.allowed_methods %}
|
||||
{% if can_edit %}
|
||||
/* Resize textareas */
|
||||
var textAreaFields = $('#item-description, #item-notes');
|
||||
|
||||
|
||||
@@ -60,8 +60,7 @@
|
||||
span {{ task.properties.status[0] }}
|
||||
| #}
|
||||
| {% endfor %}
|
||||
//- Dirty hack, assume a user can create a task for a shot if they can edit the shot.
|
||||
| {% if 'PUT' in shot.allowed_methods %}
|
||||
| {% if can_create_task %}
|
||||
button.task-add(
|
||||
title="Add a new '{{ task_type }}' task",
|
||||
class="task-add-link {% if tasks_for_shots[shot._id][task_type] %}hidden{% endif %}"
|
||||
|
||||
@@ -6,8 +6,7 @@
|
||||
.col_header.item-list-header
|
||||
a.item-project(href="{{url_for('projects.view', project_url=project.url)}}") {{ project.name }}
|
||||
span.item-extra Tasks ({{ tasks | count }})
|
||||
//- Dirty hack, assume a user can create a task if they can edit the project.
|
||||
| {% if 'PUT' in project.allowed_methods %}
|
||||
| {% if can_create_task %}
|
||||
a#item-add(href="javascript:task_create(undefined, 'generic');") + Create Task
|
||||
| {% endif %}
|
||||
.item-list.task.col-list.col-scrollable
|
||||
|
||||
Reference in New Issue
Block a user