archive/attract
0
0
Fork 0
Code Issues 7 Pull Requests Projects Releases Wiki Activity

Only allow commenting when user has PUT access on the node.

Browse Source
This commit is contained in:
Sybren A. Stüvel
2016-11-11 15:52:33 +01:00
parent d50c4f1cda
commit 97f75a04e5
5 changed files with 15 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
attract/shots_and_assets/routes_assets.py
View File

@@ -52,7 +52,8 @@ def view_asset(project, attract_props, asset_id):
asset=asset, asset=asset,
project=project, project=project,
asset_node_type=node_type, asset_node_type=node_type,
attract_props=attract_props) attract_props=attract_props,
can_edit='PUT' in asset.allowed_methods)
@perproject_blueprint.route('/<asset_id>', methods=['POST']) @perproject_blueprint.route('/<asset_id>', methods=['POST'])

3
attract/shots_and_assets/routes_shots.py
View File

@@ -61,7 +61,8 @@ def view_shot(project, attract_props, shot_id):
shot=shot, shot=shot,
project=project, project=project,
shot_node_type=node_type, shot_node_type=node_type,
attract_props=attract_props) attract_props=attract_props,
can_edit='PUT' in shot.allowed_methods)
@perproject_blueprint.route('/<shot_id>', methods=['POST']) @perproject_blueprint.route('/<shot_id>', methods=['POST'])

6
attract/tasks/routes.py
View File

@@ -76,7 +76,8 @@ def view_task(project, attract_props, task_id):
task.properties.due_date = parser.parse('%s' % task.properties.due_date) task.properties.due_date = parser.parse('%s' % task.properties.due_date)
# Fetch project users so that we can assign them tasks # Fetch project users so that we can assign them tasks
if 'PUT' in task.allowed_methods: can_edit = 'PUT' in task.allowed_methods
if can_edit:
users = project.get_users(api=api) users = project.get_users(api=api)
project.users = users['_items'] project.users = users['_items']
else: else:
@@ -94,7 +95,8 @@ def view_task(project, attract_props, task_id):
task_node_type=node_type, task_node_type=node_type,
task_types=task_types, task_types=task_types,
attract_props=attract_props.to_dict(), attract_props=attract_props.to_dict(),
attract_context=request.args.get('context')) attract_context=request.args.get('context'),
can_edit=can_edit)
def task_types_given_context(project, attract_props, page_context, task): def task_types_given_context(project, attract_props, page_context, task):

6
src/templates/attract/shots/view_shot_embed.jade
View File

@@ -11,7 +11,7 @@
title="Copy ID to clipboard") title="Copy ID to clipboard")
| ID | ID
| {% if 'PUT' in shot.allowed_methods %} | {% if can_edit %}
.input-group .input-group
textarea#item-description.input-transparent( textarea#item-description.input-transparent(
name="description", name="description",
@@ -129,7 +129,7 @@ script.
var activities_url = "{{ url_for('.activities', project_url=project.url, shot_id=shot['_id']) }}"; var activities_url = "{{ url_for('.activities', project_url=project.url, shot_id=shot['_id']) }}";
loadActivities(activities_url); // from 10_tasks.js loadActivities(activities_url); // from 10_tasks.js
loadComments("{{ url_for('nodes.comments_for_node', node_id=shot['_id']) }}"); loadComments("{{ url_for('nodes.comments_for_node', node_id=shot['_id'], can_comment=can_edit) }}");
$('body').on('pillar:comment-posted', function(e, comment_node_id) { $('body').on('pillar:comment-posted', function(e, comment_node_id) {
loadActivities(activities_url) loadActivities(activities_url)
@@ -140,7 +140,7 @@ script.
$('.js-help').openModalUrl('Help', "{{ url_for('attract.help', project_url=project.url) }}"); $('.js-help').openModalUrl('Help', "{{ url_for('attract.help', project_url=project.url) }}");
{% if 'PUT' in shot.allowed_methods %} {% if can_edit %}
/* Resize textareas */ /* Resize textareas */
var textAreaFields = $('#item-description, #item-notes'); var textAreaFields = $('#item-description, #item-notes');

8
src/templates/attract/tasks/view_task_embed.jade
View File

@@ -4,7 +4,7 @@
input(type='hidden',name='_etag',value='{{ task._etag }}') input(type='hidden',name='_etag',value='{{ task._etag }}')
//- NOTE: if you add fields here, also add them read-only below. //- NOTE: if you add fields here, also add them read-only below.
.input-group .input-group
| {% if 'PUT' in task.allowed_methods %} | {% if can_edit %}
input.item-name( input.item-name(
name="name", name="name",
type="text", type="text",
@@ -45,7 +45,7 @@
| Delete Task | Delete Task
| {% endif %} | {% endif %}
| {% if 'PUT' in task.allowed_methods %} | {% if can_edit %}
.input-group .input-group
textarea#item-description( textarea#item-description(
name="description", name="description",
@@ -160,7 +160,7 @@
script. script.
{% if 'PUT' in task.allowed_methods %} {% if can_edit %}
$("#assignees").select2(); $("#assignees").select2();
var picker = new Pikaday( var picker = new Pikaday(
@@ -203,6 +203,6 @@ script.
}); });
loadActivities("{{ url_for('.activities', project_url=project.url, task_id=task['_id']) }}"); // from 10_tasks.js loadActivities("{{ url_for('.activities', project_url=project.url, task_id=task['_id']) }}"); // from 10_tasks.js
loadComments("{{ url_for('nodes.comments_for_node', node_id=task['_id']) }}"); loadComments("{{ url_for('nodes.comments_for_node', node_id=task['_id'], can_comment=can_edit) }}");
$('.js-help').openModalUrl('Help', "{{ url_for('attract.help', project_url=project.url) }}"); $('.js-help').openModalUrl('Help', "{{ url_for('attract.help', project_url=project.url) }}");