diff options
| author | Dave Arter <davea@mysociety.org> | 2016-07-13 13:58:50 +0100 |
|---|---|---|
| committer | Dave Arter <davea@mysociety.org> | 2016-07-19 18:10:04 +0100 |
| commit | a001715332d9423dd4c68542f7eceac4c2e3900c (patch) | |
| tree | 6f62183f9e5efb736b8bdf4524cf6275e5b7832c /templates/web | |
| parent | 7792c5328962a58ab60c6975a1fdba7ebb2786e9 (diff) | |
Restrict add/editing of bodies in admin to superusers
Diffstat (limited to 'templates/web')
| -rw-r--r-- | templates/web/base/admin/bodies.html | 2 | ||||
| -rw-r--r-- | templates/web/base/admin/body.html | 2 | ||||
| -rw-r--r-- | templates/web/base/admin/index.html | 26 |
3 files changed, 16 insertions, 14 deletions
diff --git a/templates/web/base/admin/bodies.html b/templates/web/base/admin/bodies.html index 4c95423c0..4b4fc83ef 100644 --- a/templates/web/base/admin/bodies.html +++ b/templates/web/base/admin/bodies.html @@ -69,7 +69,7 @@ </table> [% END %] -[% IF c.cobrand.moniker != 'zurich' OR admin_type == 'super' %] +[% IF (c.cobrand.moniker == 'zurich' AND admin_type == 'super') OR c.user.is_superuser %] <div class="admin-box"> <h2>[% loc('Add body') %]</h2> [% INCLUDE 'admin/body-form.html', body='' %] diff --git a/templates/web/base/admin/body.html b/templates/web/base/admin/body.html index 15802fc44..99b7249ce 100644 --- a/templates/web/base/admin/body.html +++ b/templates/web/base/admin/body.html @@ -213,7 +213,7 @@ </form> </div> -[% IF NOT errors %] +[% IF NOT errors and c.user.is_superuser %] <div class="admin-box"> <h2>[% loc('Edit body details') %]</h2> [% INCLUDE 'admin/body-form.html' %] diff --git a/templates/web/base/admin/index.html b/templates/web/base/admin/index.html index 3c510471e..beb4dad7f 100644 --- a/templates/web/base/admin/index.html +++ b/templates/web/base/admin/index.html @@ -30,19 +30,21 @@ and to receive notices of updates. <input type="text" name="search" size="30" id="search_users" value="[% searched | html %]"> </form> -<form method="get" action="[% c.uri_for('bodies') %]"> -<label for="search_body">[% loc('Edit body details') %]</label> -<select id="search_body" name="body"> -[% FOREACH body IN bodies %] - [%- SET id = body.id %] - <option[% IF body.deleted %] class="adminhidden"[% END %] value="[% body.id %]"> - [% body.name | html %] - [%- IF body.parent %], [% body.parent.name | html %][% END -%] - </option> +[% IF c.user.is_superuser %] + <form method="get" action="[% c.uri_for('bodies') %]"> + <label for="search_body">[% loc('Edit body details') %]</label> + <select id="search_body" name="body"> + [% FOREACH body IN bodies %] + [%- SET id = body.id %] + <option[% IF body.deleted %] class="adminhidden"[% END %] value="[% body.id %]"> + [% body.name | html %] + [%- IF body.parent %], [% body.parent.name | html %][% END -%] + </option> + [% END %] + </select> + <input type="submit" value="[% loc('Go') %]"> + </form> [% END %] -</select> -<input type="submit" value="[% loc('Go') %]"> -</form> [% IF unsent_reports.size %] <h2>[% loc('Reports waiting to be sent') %]</h2> |