Commits

Kai Diefenbach committed e532991

User needs permission 'manage_content' in order to change creator; fixed issue #43

Comments (0)

Files changed (3)

lfc/fields/readonly.py

+# django imports
+from django import forms
+from django.contrib.auth.models import User
+
+class ReadOnlyInput(forms.HiddenInput):
+    """Widget to only display fields value.
+    """
+    def render(self, name, value, attrs=None):
+        try:
+            user = User.objects.get(pk=value)
+        except User.DoesNotExist:
+            return ""
+        if user.first_name and user.last_name:
+            username = user.first_name + " " + user.last_name
+        else:
+            username = user.username
+
+        html = """<input type="hidden" name="%s" value="%s">%s""" % (name, user.id, username)
+        return html

lfc/manage/forms.py

 
 # lfc imports
 from lfc.fields.autocomplete import AutoCompleteTagInput
+from lfc.fields.readonly import ReadOnlyInput
 from lfc.models import Page
 from lfc.models import BaseContent
 from lfc.models import Portal
         fields = ( "meta_keywords", "meta_description")
 
 class MetaDataForm(forms.ModelForm):
+    """Form to display object metadata form.
     """
-    """
-    def __init__(self, *args, **kwargs):
+    def __init__(self, request, *args, **kwargs):
         super(MetaDataForm, self).__init__(*args, **kwargs)
 
         self.fields["publication_date"].widget = widgets.AdminSplitDateTime()
         self.fields["end_date"].widget = widgets.AdminSplitDateTime(attrs={"required" : False})
 
         instance = kwargs.get("instance").get_content_object()
+
+        if not instance.has_permission(request.user, "manage_content"):
+            self.fields["creator"].widget = ReadOnlyInput()
+
         language = instance.language
         ctr = get_info(instance)
 
         # Position
         if not ctr.display_position:
             del self.fields["position"]
-    
+
     def clean(self):
         """Workaround for AdminSplitDateTime, which displays an required message
         even if the fields are not required by the model.
-        """        
+        """
         if (self.data.get("publication_date_0") == "") and (self.data.get("publication_date_1") == ""):
             del self._errors["publication_date"]
 
         if (self.data.get("start_date_0") == "") and (self.data.get("start_date_1") == ""):
             del self._errors["start_date"]
 
-        if (self.data.get("end_date_0") == "") and (self.data.get("end_date_1") == ""):        
+        if (self.data.get("end_date_0") == "") and (self.data.get("end_date_1") == ""):
             del self._errors["end_date"]
-            
+
         return self.cleaned_data
-        
+
     class Meta:
         model = Page
         fields = ("template", "standard", "language", "canonical",
-            "exclude_from_navigation", "exclude_from_search", "creator", 
+            "exclude_from_navigation", "exclude_from_search", "creator",
             "publication_date", "start_date", "end_date")
 
 class PortalCoreForm(forms.ModelForm):

lfc/manage/views.py

 
     if request.method == "POST":
         obj.check_permission(request.user, "edit")
-        form = MetaDataForm(instance=obj, data=request.POST)
+        form = MetaDataForm(request=request, instance=obj, data=request.POST)
         if form.is_valid():
 
             if request.POST.get("start_date_0", "") == "" and request.POST.get("start_date_1", "") == "":
                 obj.publication_date = None
             message = _(u"Meta data has been saved.")
             form.save()
-            form = MetaDataForm(instance=_update_positions(obj, True))
+            form = MetaDataForm(request=request, instance=_update_positions(obj, True))
         else:
             message = _(u"An error has been occured.")
 
 
     else:
         obj.check_permission(request.user, "view")
-        form = MetaDataForm(instance=obj)
+        form = MetaDataForm(request=request, instance=obj)
 
         result = render_to_string(template_name, RequestContext(request, {
             "form" : form,