arona/PyRIGS
1
0
Fork 0
mirror of https://github.com/nottinghamtec/PyRIGS.git synced 2026-01-17 05:22:16 +00:00
Code Issues Projects Releases Wiki Activity

FIX: Re-prevent basic seeing reversion

Browse Source 
This is to prevent financials/client data leaking when changed. Hopefully can show them a filtered version in future.
This commit is contained in:
FreneticScribbler
2020-01-23 16:29:10 +00:00
parent 20a6cca9d3
commit 4dd89c0b73
4 changed files with 10 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
RIGS/templates/RIGS/event_detail.html
View File

@@ -74,7 +74,7 @@
{% endif %}
</div>
{% endif %}
<div class="col-sm-12 {% if event.is_rig %}col-md-6 col-lg-7{% endif %}">
<div class="col-sm-12 {% if event.is_rig and perms.RIGS.view_event %}col-md-6 col-lg-7{% endif %}">
<div class="panel panel-info">
<div class="panel-heading">Event Info</div>
<div class="panel-body">
@@ -240,7 +240,7 @@
</div>
{% endif %}
{% endif %}
{% if not request.is_ajax %}
{% if not request.is_ajax and perms.RIGS.view_event %}
<div class="col-sm-12 text-right">
<div>
<a href="{% url 'event_history' object.pk %}" title="View Revision History">
@@ -252,7 +252,7 @@
</div>
{% endblock %}
{% if request.is_ajax %}
{% if request.is_ajax and perms.RIGS.view_event %}
{% block footer %}
<div class="row">
<div class="col-sm-10 align-left">

2
RIGS/templates/RIGS/item_row.html
View File

@@ -8,7 +8,9 @@
</td>
{% if perms.RIGS.view_event %}
<td>£&nbsp;<span class="cost">{{item.cost|floatformat:2}}</span></td>
{% endif %}
<td class="quantity">{{item.quantity}}</td>
{% if perms.RIGS.view_event %}
<td>£&nbsp;<span class="sub-total" data-subtotal="{{item.total_cost}}">{{item.total_cost|floatformat:2}}</span></td>
{% endif %}
{% if edit %}

2
RIGS/templates/RIGS/item_table.html
View File

@@ -5,7 +5,9 @@
<td>Item</td>
{% if perms.RIGS.view_event %}
<td>Price</td>
{% endif %}
<td>Quantity</td>
{% if perms.RIGS.view_event %}
<td>Sub-total</td>
{% endif %}
{% if edit %}

6
RIGS/urls.py
View File

@@ -81,10 +81,10 @@ urlpatterns = [
login_required()(rigboard.WebCalendar.as_view()), name='web_calendar'),
url(r'^rigboard/archive/$', RedirectView.as_view(permanent=True, pattern_name='event_archive')),
url(r'^rigboard/activity/$',
login_required()(versioning.ActivityTable.as_view()),
permission_required_with_403('perms.RIGS.view_event')(versioning.ActivityTable.as_view()),
name='activity_table'),
url(r'^rigboard/activity/feed/$',
login_required()(versioning.ActivityFeed.as_view()),
permission_required_with_403('perms.RIGS.view_event')(versioning.ActivityFeed.as_view()),
name='activity_feed'),
url(r'^event/(?P<pk>\d+)/$', has_oembed(oembed_view="event_oembed")(
@@ -116,7 +116,7 @@ urlpatterns = [
name='event_archive'),
url(r'^event/(?P<pk>\d+)/history/$',
login_required()(versioning.VersionHistory.as_view()),
permission_required_with_403('RIGS.view_event')(versioning.VersionHistory.as_view()),
name='event_history', kwargs={'model': models.Event}),
# Finance