Commits

Kai Diefenbach  committed 677c3e0

Don't display paste button, if the user hasn't the add permission

  • Participants
  • Parent commits bc9b795

Comments (0)

Files changed (1)

File lfc/manage/views.py

 
     return render_to_response(template_name, RequestContext(request, {
         "menu" : portal_menu(request),
-        "display_paste" : _display_paste(request),
+        "display_paste" : _display_paste(request, portal),
         "core_data" : portal_core(request),
         "children" : portal_children(request),
         "portlets" : portlets_inline(request, get_portal()),
     """
     content_types = get_allowed_subtypes()
     return render_to_string(template_name, RequestContext(request, {
-        "display_paste" : _display_paste(request),
+        "display_paste" : _display_paste(request, get_portal()),
         "display_content_menu" : len(get_allowed_subtypes()) > 1,
         "content_types" : get_allowed_subtypes(),
     }))
     children = lfc.utils.get_content_objects(parent = None, language__in=("0", language))
     return render_to_string(template_name, RequestContext(request, {
         "children" : children,
-        "display_paste" : _display_paste(request),
+        "display_paste" : _display_paste(request, get_portal()),
     }))
 
 def portal_images(request, as_string=False, template_name="lfc/manage/portal_images.html"):
         "children" : object_children(request, obj),
         "permissions" : permissions,
         "content_type_name" : get_info(obj).name,
-        "display_paste" : _display_paste(request),
+        "display_paste" : _display_paste(request, obj),
         "obj" : obj,
     }))
 
         "languages" : languages,
         "canonical" : canonical,
         "obj" : obj,
-        "display_paste" : _display_paste(request),
+        "display_paste" : _display_paste(request, obj),
         "transitions" : transitions,
         "state" : state,
     }))
     return render_to_string(template_name, RequestContext(request, {
         "children" : obj.get_children(request),
         "obj" : obj,
-        "display_paste" : _display_paste(request),
+        "display_paste" : _display_paste(request, obj),
     }))
 
 def object_images(request, id, as_string=False, template_name="lfc/manage/object_images.html"):
         except BaseContent.DoesNotExist:
             error_msg = _(u"Some cut/copied objects has been deleted in the meanwhile.")
             continue
-
+        
+            
         # Copy only allowed sub types to target
         allowed_subtypes = get_allowed_subtypes(target)
         ctr_source = get_info(source_obj)
             message = _(u"Objects have been put to the clipboard.")
 
     elif action == "paste":
-        message = _paste(request, obj)
+        if not obj.has_permission(request.user, "add"):
+            message = _("You are not allowed to paste to this object.")
+        else:
+            message = _paste(request, obj)
     else:
         message = _(u"Objects has been updated.")
         for key in request.POST.keys():
 
     return message
 
-def _display_paste(request):
+def _display_paste(request, obj):
     """Returns true if the paste button should be displayed.
     """
-    return request.session.has_key("clipboard")
+    return obj.has_permission(request.user, "add") and \
+        request.session.has_key("clipboard")
 
 def _display_action_menu(request, obj):
     """Returns true if the action menu should be displayed.