Ignore:
Timestamp:
14 Apr 2013, 15:33:09 (12 years ago)
Author:
Henrik Bettermann
Message:

Change permissions for PaymentsManageFormPage?. The view permission is sufficient to view the manage page but no payment can be removed.

Location:
main/waeup.kofa/trunk/src/waeup/kofa/students
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • main/waeup.kofa/trunk/src/waeup/kofa/students/browser.py

    r10060 r10080  
    2828from zope.schema.interfaces import ConstraintNotSatisfied, RequiredMissing
    2929from zope.formlib.textwidgets import BytesDisplayWidget
     30from zope.security import checkPermission
    3031from hurry.workflow.interfaces import IWorkflowInfo, IWorkflowState
    3132from waeup.kofa.accesscodes import (
     
    14421443    grok.context(IStudentPaymentsContainer)
    14431444    grok.name('index')
    1444     grok.require('waeup.payStudent')
     1445    grok.require('waeup.viewStudent')
    14451446    form_fields = grok.AutoFields(IStudentPaymentsContainer)
    14461447    grok.template('paymentsmanagepage')
    14471448    pnav = 4
     1449
     1450    @property
     1451    def manage_payments_allowed(self):
     1452        return checkPermission('waeup.payStudent', self.context)
    14481453
    14491454    def unremovable(self, ticket):
     
    14511456        if not usertype:
    14521457            return False
     1458        if not self.manage_payments_allowed:
     1459            return True
    14531460        return (self.request.principal.user_type == 'student' and ticket.r_code)
    14541461
  • main/waeup.kofa/trunk/src/waeup/kofa/students/browser_templates/paymentsmanagepage.pt

    r9984 r10080  
    3737  </table>
    3838
    39   <div tal:condition="view/availableActions">
     39  <div tal:condition="python: view.availableActions and view.manage_payments_allowed">
    4040    <span tal:repeat="action view/actions"
    4141          tal:omit-tag="">
  • main/waeup.kofa/trunk/src/waeup/kofa/students/viewlets.py

    r10060 r10080  
    121121class StudentManagePaymentsLink(StudentManageLink):
    122122    grok.order(6)
    123     grok.require('waeup.payStudent')
     123    grok.require('waeup.viewStudent')
    124124    link = 'payments'
    125125    text = _(u'Payments')
Note: See TracChangeset for help on using the changeset viewer.