Commits

Rafał Kos committed 0748fbb

don't allow to edit freight of transport order, it is possible only to admin user

  • Participants
  • Parent commits b5ca225

Comments (0)

Files changed (3)

File pytis/controllers/orders.py

         c.form = OrderForm(request.POST, obj=c.order, prefix='order')
         c.places_form = OrderPlaceForm(request.POST)             
         c.transport_form = TransportOrderForm(request.POST, obj=c.order.transport_order, prefix='transport-order')
+        
         c.place_form = PlaceForm(request.POST, idCompany=c.order.idCompany)
         if c.order.delegation is None:
             #c.drivers = [(driver.id, driver.full_name) for driver in Driver.query.filter(Driver.is_active == True).all()]

File pytis/model/form.py

             raise ValidationError(u'Hasła muszą się zgadzać')
 
 class UserEditForm(UserForm):
-    groups = QuerySelectMultipleField(query_factory=get_groups, pk_attr='id', label_attr='name')
+    groups = QuerySelectMultipleField(query_factory=get_groups, get_label='name')
 
 class ChangePasswordForm(PytisForm):
     old_password = PasswordField(u'Stare hasło', [validators.required(message=u'Pole jest wymagane')])

File pytis/templates/base/macros.xhtml

 				{{ render_field(form.tractorName, class_="vMediumTextField") }}            		                    
 	        </div>
 	    </div>
+        
 	    <div class="form-row">
 	        <div>
 	            {{ form.freight.label }}
-	    		{{ form.freight() }}					
+
+                {% if not form.id.data %}
+                    {{ form.freight() }}
+                {% else %}
+                    {% if 'administratorzy' in session['user']['groups'] %}
+	    		        {{ form.freight() }}
+                    {% else %}
+                        {{ form.freight(readonly=True) }}
+                    {% endif %}
+                {% endif %}
+                
 				{{ form.currency() }}
 				
 				{{ with_errors(form.freight) }}
 				{{ h.link_print('Drukuj', url(controller="orders", action="print_transport_order", id=order.id)) }}                
 	        {% endif %}
 			
-			{% if order.transport_order is not none %}
+			{% if order.transport_order is not none and 'administratorzy' in session['user']['groups'] %}
 				{{ h.link_delete('Usuń', "#", id='delete-transport-order') }}                    
 	        {% endif %}		
 		</div>