Context navigation

customers

Timestamp:

7 Dec 2014, 22:24:03 (10 years ago)

Author:

Henrik Bettermann

Message:

We need to protect also the manage form page of documents. Officers are only allowed to edit documents in state created.

Location:

main/waeup.ikoba/trunk/src/waeup/ikoba/customers

Files:

-                      r12151
+                      r12166
     pnav = 4
-    #@property
-    #def label(self):
-    #    return _('${a}: Document ${b}', mapping = {
-    #        'a':self.context.customer.display_fullname,
-    #        'b':self.context.document_id})
     @property
     def label(self):
 …
     deletion_warning = _('Are you sure?')
     #@property
     #def label(self):
     #    return _('${a}: Document ${b}', mapping = {
     #        'a':self.context.customer.display_fullname,
     #        'b':self.context.document_id})
+    def update(self):
+        if not self.context.is_editable_by_manager:
+            emit_lock_message(self)
+            return
+        return super(DocumentManageFormPage, self).update()
     @property
 …
     def update(self):
         if not self.context.is_editable:
+        if not self.context.is_editable_by_customer:
             emit_lock_message(self)
             return

-                      r12165
+                      r12166
     @property
     def is_editable(self):
+    def is_editable_by_customer(self):
         try:
             # Customer must be approved
 …
     @property
+    def is_editable_by_manager(self):
+        try:
+            # Document must be in state created
+            cond = self.state in getUtility(
+                ICustomersUtils).DOCMANAGE_DOCUMENT_STATES
+            if not cond:
+                return False
+        except AttributeError:
+            pass
+        return True
+    @property
     def translated_class_name(self):
         try:

-                      r12161
+                      r12166
             ICustomerDocument,
             exclude_attribs=False,
+            omit=['is_editable',
+            omit=['is_editable_by_customer',
+                  'is_editable_by_manager',
                   'translated_state',
                   'formatted_transition_date',

-                      r12144
+                      r12166
     """
+    is_editable = Attribute('Document editable by customer')
+    is_editable_by_customer = Attribute('Document editable by customer')
+    is_editable_by_manager = Attribute('Document editable by manager')
     translated_class_name = Attribute('Translatable class name')

-                      r12162
+                      r12166
         self.assertEqual(document.state, 'verified')
+        # Manage button and form is no longer available
+        self.browser.open(self.documents_path + '/d102/index')
+        self.assertFalse(
+            'href="http://localhost/app/customers/K1000000/documents/d102/manage"'
+            in self.browser.contents)
+        self.browser.open(self.documents_path + '/d102/manage')
+        self.assertTrue(
+            'The requested form is locked (read-only)'
+            in self.browser.contents)
         # Documents can be removed
         self.browser.getLink("Documents").click()

-                      r12097
+                      r12166
     target = 'manage'
+    @property
+    def target_url(self):
+        if not self.context.is_editable_by_manager:
+            return ''
+        return self.view.url(self.view.context, self.target)
 class DocumentEditActionButton(ManageActionButton):
 …
     @property
     def target_url(self):
         if not self.context.is_editable:
+        if not self.context.is_editable_by_customer:
             return ''
         return self.view.url(self.view.context, self.target)

Note: See TracChangeset for help on using the changeset viewer.