FIX: Prevent basic users seeing individual asset version history

I prevented them from seeing the change stream, didn't prevent them seeing individual histories. This has to be done as otherwise it leaks financial information. If I can be arsed I'll come back to this and allow basic users to see a filtered version.
2026-01-16 21:12:13 +00:00 · 2020-01-11 21:09:15 +00:00
parent 13205770f1
commit 4ad12ab40a
3 changed files with 7 additions and 7 deletions
--- a/templates/base_assets.html
+++ b/templates/base_assets.html
@@ -10,7 +10,7 @@
 {% endblock %}

 {% block titleelements %}
-    {% if perms.assets.view_asset %}
+    {# % if perms.assets.view_asset % #}
        <li class="dropdown">
            <a href="#" class="dropdown-toggle" data-toggle="dropdown">Assets<b class="caret"></b></a>
            <ul class="dropdown-menu">
@@ -20,19 +20,19 @@
                {% endif %}
            </ul>
        </li>
-    {% endif %}
-    {% if perms.assets.view_supplier %}
+    {# % endif % #}
+    {# % if perms.assets.view_supplier % #}
        <li class="dropdown">
            <a href="#" class="dropdown-toggle" data-toggle="dropdown"> Suppliers<b class="caret"></b></a>
            <ul class="dropdown-menu">
                <li><a href="{% url 'supplier_list' %}"><span class="glyphicon glyphicon-list"></span>
                    List Suppliers</a></li>
-                {% if perms.assets.add_asset %}
+                {% if perms.assets.add_supplier %}
                    <li><a href="{% url 'supplier_create' %}"><span class="glyphicon glyphicon-plus"></span> Create Supplier</a></li>
                {% endif %}
            </ul>
        </li>
-    {% endif %}
+    {# % endif % #}
    {% if perms.assets.view_asset %}
        <li><a href="{% url 'asset_activity_table' %}">Recent Changes</a></li>
    {% endif %}