Only allow commenting when user has PUT access on the node.
This commit is contained in:
@@ -52,7 +52,8 @@ def view_asset(project, attract_props, asset_id):
|
||||
asset=asset,
|
||||
project=project,
|
||||
asset_node_type=node_type,
|
||||
attract_props=attract_props)
|
||||
attract_props=attract_props,
|
||||
can_edit='PUT' in asset.allowed_methods)
|
||||
|
||||
|
||||
@perproject_blueprint.route('/<asset_id>', methods=['POST'])
|
||||
|
||||
@@ -61,7 +61,8 @@ def view_shot(project, attract_props, shot_id):
|
||||
shot=shot,
|
||||
project=project,
|
||||
shot_node_type=node_type,
|
||||
attract_props=attract_props)
|
||||
attract_props=attract_props,
|
||||
can_edit='PUT' in shot.allowed_methods)
|
||||
|
||||
|
||||
@perproject_blueprint.route('/<shot_id>', methods=['POST'])
|
||||
|
||||
@@ -76,7 +76,8 @@ def view_task(project, attract_props, task_id):
|
||||
task.properties.due_date = parser.parse('%s' % task.properties.due_date)
|
||||
|
||||
# Fetch project users so that we can assign them tasks
|
||||
if 'PUT' in task.allowed_methods:
|
||||
can_edit = 'PUT' in task.allowed_methods
|
||||
if can_edit:
|
||||
users = project.get_users(api=api)
|
||||
project.users = users['_items']
|
||||
else:
|
||||
@@ -94,7 +95,8 @@ def view_task(project, attract_props, task_id):
|
||||
task_node_type=node_type,
|
||||
task_types=task_types,
|
||||
attract_props=attract_props.to_dict(),
|
||||
attract_context=request.args.get('context'))
|
||||
attract_context=request.args.get('context'),
|
||||
can_edit=can_edit)
|
||||
|
||||
|
||||
def task_types_given_context(project, attract_props, page_context, task):
|
||||
|
||||
Reference in New Issue
Block a user