Only allow commenting when user has PUT access on the node.
This commit is contained in:
@@ -52,7 +52,8 @@ def view_asset(project, attract_props, asset_id):
|
||||
asset=asset,
|
||||
project=project,
|
||||
asset_node_type=node_type,
|
||||
attract_props=attract_props)
|
||||
attract_props=attract_props,
|
||||
can_edit='PUT' in asset.allowed_methods)
|
||||
|
||||
|
||||
@perproject_blueprint.route('/<asset_id>', methods=['POST'])
|
||||
|
||||
@@ -61,7 +61,8 @@ def view_shot(project, attract_props, shot_id):
|
||||
shot=shot,
|
||||
project=project,
|
||||
shot_node_type=node_type,
|
||||
attract_props=attract_props)
|
||||
attract_props=attract_props,
|
||||
can_edit='PUT' in shot.allowed_methods)
|
||||
|
||||
|
||||
@perproject_blueprint.route('/<shot_id>', methods=['POST'])
|
||||
|
||||
@@ -76,7 +76,8 @@ def view_task(project, attract_props, task_id):
|
||||
task.properties.due_date = parser.parse('%s' % task.properties.due_date)
|
||||
|
||||
# Fetch project users so that we can assign them tasks
|
||||
if 'PUT' in task.allowed_methods:
|
||||
can_edit = 'PUT' in task.allowed_methods
|
||||
if can_edit:
|
||||
users = project.get_users(api=api)
|
||||
project.users = users['_items']
|
||||
else:
|
||||
@@ -94,7 +95,8 @@ def view_task(project, attract_props, task_id):
|
||||
task_node_type=node_type,
|
||||
task_types=task_types,
|
||||
attract_props=attract_props.to_dict(),
|
||||
attract_context=request.args.get('context'))
|
||||
attract_context=request.args.get('context'),
|
||||
can_edit=can_edit)
|
||||
|
||||
|
||||
def task_types_given_context(project, attract_props, page_context, task):
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
title="Copy ID to clipboard")
|
||||
| ID
|
||||
|
||||
| {% if 'PUT' in shot.allowed_methods %}
|
||||
| {% if can_edit %}
|
||||
.input-group
|
||||
textarea#item-description.input-transparent(
|
||||
name="description",
|
||||
@@ -129,7 +129,7 @@ script.
|
||||
|
||||
var activities_url = "{{ url_for('.activities', project_url=project.url, shot_id=shot['_id']) }}";
|
||||
loadActivities(activities_url); // from 10_tasks.js
|
||||
loadComments("{{ url_for('nodes.comments_for_node', node_id=shot['_id']) }}");
|
||||
loadComments("{{ url_for('nodes.comments_for_node', node_id=shot['_id'], can_comment=can_edit) }}");
|
||||
|
||||
$('body').on('pillar:comment-posted', function(e, comment_node_id) {
|
||||
loadActivities(activities_url)
|
||||
@@ -140,7 +140,7 @@ script.
|
||||
|
||||
$('.js-help').openModalUrl('Help', "{{ url_for('attract.help', project_url=project.url) }}");
|
||||
|
||||
{% if 'PUT' in shot.allowed_methods %}
|
||||
{% if can_edit %}
|
||||
/* Resize textareas */
|
||||
var textAreaFields = $('#item-description, #item-notes');
|
||||
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
input(type='hidden',name='_etag',value='{{ task._etag }}')
|
||||
//- NOTE: if you add fields here, also add them read-only below.
|
||||
.input-group
|
||||
| {% if 'PUT' in task.allowed_methods %}
|
||||
| {% if can_edit %}
|
||||
input.item-name(
|
||||
name="name",
|
||||
type="text",
|
||||
@@ -45,7 +45,7 @@
|
||||
| Delete Task
|
||||
| {% endif %}
|
||||
|
||||
| {% if 'PUT' in task.allowed_methods %}
|
||||
| {% if can_edit %}
|
||||
.input-group
|
||||
textarea#item-description(
|
||||
name="description",
|
||||
@@ -160,7 +160,7 @@
|
||||
|
||||
script.
|
||||
|
||||
{% if 'PUT' in task.allowed_methods %}
|
||||
{% if can_edit %}
|
||||
$("#assignees").select2();
|
||||
|
||||
var picker = new Pikaday(
|
||||
@@ -203,6 +203,6 @@ script.
|
||||
});
|
||||
|
||||
loadActivities("{{ url_for('.activities', project_url=project.url, task_id=task['_id']) }}"); // from 10_tasks.js
|
||||
loadComments("{{ url_for('nodes.comments_for_node', node_id=task['_id']) }}");
|
||||
loadComments("{{ url_for('nodes.comments_for_node', node_id=task['_id'], can_comment=can_edit) }}");
|
||||
|
||||
$('.js-help').openModalUrl('Help', "{{ url_for('attract.help', project_url=project.url) }}");
|
||||
|
||||
Reference in New Issue
Block a user