diff options
23 files changed, 201 insertions, 42 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 21b82a8d8..8e55461ce 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,8 @@ - Interface for disabling updates/reopening for certain categories. #2991 #2992 - Include group in CSV export if enabled. #2994 - Disable category rename on Open311 categories when unprotected. #2957 + - In category admin, group is already shown elsewhere. + - Add assigned_(users|categories)_only functionality. - Bugfixes: - Application user in Docker container can't install packages. #2914 - Look at all categories when sending reports. diff --git a/docs/assets/img/pro-user-guide/edit-category-page.png b/docs/assets/img/pro-user-guide/edit-category-page.png Binary files differindex 8b029faa0..db84bbb70 100644..100755 --- a/docs/assets/img/pro-user-guide/edit-category-page.png +++ b/docs/assets/img/pro-user-guide/edit-category-page.png diff --git a/perllib/FixMyStreet/App/Controller/Admin/Bodies.pm b/perllib/FixMyStreet/App/Controller/Admin/Bodies.pm index 3b99d7e0f..7b060f2ca 100644 --- a/perllib/FixMyStreet/App/Controller/Admin/Bodies.pm +++ b/perllib/FixMyStreet/App/Controller/Admin/Bodies.pm @@ -271,7 +271,7 @@ sub update_contact : Private { $contact->send_method( $c->get_param('send_method') ); # Set flags in extra to the appropriate values - foreach (qw(photo_required open311_protect updates_disallowed reopening_disallowed)) { + foreach (qw(photo_required open311_protect updates_disallowed reopening_disallowed assigned_users_only)) { if ( $c->get_param($_) ) { $contact->set_extra_metadata( $_ => 1 ); } else { diff --git a/perllib/FixMyStreet/App/Controller/Admin/Users.pm b/perllib/FixMyStreet/App/Controller/Admin/Users.pm index 046e19126..f4b9bd7dc 100644 --- a/perllib/FixMyStreet/App/Controller/Admin/Users.pm +++ b/perllib/FixMyStreet/App/Controller/Admin/Users.pm @@ -373,6 +373,11 @@ sub edit : Chained('user') : PathPart('') : Args(0) { my @live_contact_ids = map { $_->id } @live_contacts; my @new_contact_ids = grep { $c->get_param("contacts[$_]") } @live_contact_ids; $user->set_extra_metadata('categories', \@new_contact_ids); + if ($c->get_param('assigned_categories_only')) { + $user->set_extra_metadata(assigned_categories_only => 1); + } else { + $user->unset_extra_metadata('assigned_categories_only'); + } } else { $user->unset_extra_metadata('categories'); } diff --git a/perllib/FixMyStreet/App/Controller/Around.pm b/perllib/FixMyStreet/App/Controller/Around.pm index af50f1883..0e87d1e70 100644 --- a/perllib/FixMyStreet/App/Controller/Around.pm +++ b/perllib/FixMyStreet/App/Controller/Around.pm @@ -262,6 +262,8 @@ sub check_and_stash_category : Private { my %valid_categories = map { $_ => 1 } grep { $_ && $categories_mapped{$_} } @$categories; $c->stash->{filter_category} = \%valid_categories; $c->cobrand->call_hook('munge_around_filter_category_list'); + + $c->forward('/report/assigned_users_only', [ \@categories ]); } sub map_features : Private { diff --git a/perllib/FixMyStreet/App/Controller/Dashboard.pm b/perllib/FixMyStreet/App/Controller/Dashboard.pm index 833d6d6b2..52af45940 100644 --- a/perllib/FixMyStreet/App/Controller/Dashboard.pm +++ b/perllib/FixMyStreet/App/Controller/Dashboard.pm @@ -564,7 +564,8 @@ sub heatmap : Local : Args(0) { $c->stash->{children} = $children; $c->stash->{ward_hash} = { map { $_->{id} => 1 } @{$c->stash->{wards}} } if $c->stash->{wards}; - $c->forward('/reports/setup_categories_and_map'); + $c->forward('/reports/setup_categories'); + $c->forward('/reports/setup_map'); } sub heatmap_filters :Private { diff --git a/perllib/FixMyStreet/App/Controller/Report.pm b/perllib/FixMyStreet/App/Controller/Report.pm index 058edebd8..8a6047194 100644 --- a/perllib/FixMyStreet/App/Controller/Report.pm +++ b/perllib/FixMyStreet/App/Controller/Report.pm @@ -85,14 +85,32 @@ sub display :PathPart('') :Chained('id') :Args(0) { $c->forward( 'load_updates' ); $c->forward( 'format_problem_for_display' ); - my $permissions = $c->stash->{_permissions} ||= $c->forward( 'check_has_permission_to', - [ qw/report_inspect report_edit_category report_edit_priority report_mark_private triage/ ] ); - if (any { $_ } values %$permissions) { + my $permissions = $c->stash->{permissions} ||= $c->forward('fetch_permissions'); + + my $staff_user = $c->user_exists && ($c->user->is_superuser || $c->user->belongs_to_body($c->stash->{problem}->bodies_str)); + + if ($staff_user) { + # Check assigned categories feature + my $okay = 1; + my $contact = $c->stash->{problem}->contact; + if ($contact && ($c->user->get_extra_metadata('assigned_categories_only') || $contact->get_extra_metadata('assigned_users_only'))) { + my $user_cats = $c->user->get_extra_metadata('categories') || []; + $okay = any { $contact->id eq $_ } @$user_cats; + } + if ($okay) { + $c->stash->{relevant_staff_user} = 1; + } else { + # Remove all staff permissions + $permissions = $c->stash->{permissions} = {}; + } + } + + if (grep { $permissions->{$_} } qw/report_inspect report_edit_category report_edit_priority report_mark_private triage/) { $c->stash->{template} = 'report/inspect.html'; $c->forward('inspect'); } - if ($c->user_exists && $c->user->has_permission_to(contribute_as_another_user => $c->stash->{problem}->bodies_str_ids)) { + if ($permissions->{contribute_as_another_user}) { $c->stash->{email} = $c->user->email; } } @@ -160,8 +178,7 @@ sub load_problem_or_display_error : Private { } elsif ( $problem->non_public ) { # Creator, and inspection users can see non_public reports $c->stash->{problem} = $problem; - my $permissions = $c->stash->{_permissions} = $c->forward( 'check_has_permission_to', - [ qw/report_inspect report_edit_category report_edit_priority report_mark_private / ] ); + my $permissions = $c->stash->{permissions} = $c->forward('fetch_permissions'); # If someone has clicked a unique token link in an email to them my $from_email = $c->sessionid && $c->flash->{alert_to_reporter} && $c->flash->{alert_to_reporter} == $problem->id; @@ -386,7 +403,7 @@ sub delete :Chained('id') :Args(0) { sub inspect : Private { my ( $self, $c ) = @_; my $problem = $c->stash->{problem}; - my $permissions = $c->stash->{_permissions}; + my $permissions = $c->stash->{permissions}; $c->forward('/admin/reports/categories_for_point'); $c->stash->{report_meta} = { map { 'x' . $_->{name} => $_ } @{ $c->stash->{problem}->get_extra_fields() } }; @@ -668,22 +685,19 @@ sub _nearby_json :Private { } -=head2 check_has_permission_to +=head2 fetch_permissions -Ensure the currently logged-in user has any of the provided permissions applied -to the current Problem in $c->stash->{problem}. Shows the 403 page if not. +Returns a hash of the user's permissions, applied to the problem +in $c->stash->{problem}. =cut -sub check_has_permission_to : Private { - my ( $self, $c, @permissions ) = @_; +sub fetch_permissions : Private { + my ( $self, $c ) = @_; return {} unless $c->user_exists; - my $bodies = $c->stash->{problem}->bodies_str_ids; - my %permissions = map { $_ => $c->user->has_permission_to($_, $bodies) } @permissions; - return \%permissions; + return $c->user->permissions($c->stash->{problem}); }; - sub stash_category_groups : Private { my ( $self, $c, $contacts, $combine_multiple ) = @_; @@ -710,6 +724,19 @@ sub stash_category_groups : Private { $c->stash->{category_groups} = \@category_groups; } +sub assigned_users_only : Private { + my ($self, $c, $categories) = @_; + + # Assigned only category checking + if ($c->user_exists && $c->user->from_body) { + my @assigned_users_only = grep { $_->get_extra_metadata('assigned_users_only') } @$categories; + $c->stash->{assigned_users_only} = { map { $_->category => 1 } @assigned_users_only }; + $c->stash->{assigned_categories_only} = $c->user->get_extra_metadata('assigned_categories_only'); + + $c->stash->{user_categories} = { map { $_ => 1 } @{$c->user->categories} }; + } +} + __PACKAGE__->meta->make_immutable; 1; diff --git a/perllib/FixMyStreet/App/Controller/Reports.pm b/perllib/FixMyStreet/App/Controller/Reports.pm index 53f27eb62..10902eab9 100644 --- a/perllib/FixMyStreet/App/Controller/Reports.pm +++ b/perllib/FixMyStreet/App/Controller/Reports.pm @@ -154,6 +154,8 @@ sub ward : Path : Args(2) { $c->forward('stash_report_sort', [ $c->cobrand->reports_ordering ]); $c->forward( 'load_and_group_problems' ); + $c->forward('setup_categories'); + if ($c->get_param('ajax')) { my $ajax_template = $c->stash->{ajax_template} || 'reports/_problem-list.html'; $c->detach('ajax', [ $ajax_template ]); @@ -165,7 +167,7 @@ sub ward : Path : Args(2) { $c->stash->{stats} = $c->cobrand->get_report_stats(); - $c->forward('setup_categories_and_map'); + $c->forward('setup_map'); # List of wards if ( !$c->stash->{wards} && $c->stash->{body}->id && $c->stash->{body}->body_areas->first ) { @@ -181,7 +183,7 @@ sub ward : Path : Args(2) { } } -sub setup_categories_and_map :Private { +sub setup_categories :Private { my ($self, $c) = @_; my @categories = $c->stash->{body}->contacts->not_deleted->search( undef, { @@ -191,9 +193,15 @@ sub setup_categories_and_map :Private { $c->cobrand->call_hook('munge_reports_category_list', \@categories); + $c->forward('/report/assigned_users_only', [ \@categories ]); + $c->stash->{filter_categories} = \@categories; $c->stash->{filter_category} = { map { $_ => 1 } $c->get_param_list('filter_category', 1) }; $c->forward('/report/stash_category_groups', [ \@categories ]) if $c->cobrand->enable_category_groups; +} + +sub setup_map :Private { + my ($self, $c) = @_; my $pins = $c->stash->{pins} || []; diff --git a/perllib/FixMyStreet/DB/Result/User.pm b/perllib/FixMyStreet/DB/Result/User.pm index b0a05d0b7..49338f245 100644 --- a/perllib/FixMyStreet/DB/Result/User.pm +++ b/perllib/FixMyStreet/DB/Result/User.pm @@ -444,7 +444,7 @@ sub permissions { my $body_id = $problem->bodies_str; - return unless $self->belongs_to_body($body_id); + return {} unless $self->belongs_to_body($body_id); my @permissions = grep { $_->{body_id} == $self->from_body->id } @{$self->body_permissions}; return { map { $_->{permission} => 1 } @permissions }; diff --git a/t/app/controller/admin/bodies.t b/t/app/controller/admin/bodies.t index 74084afbf..9f7b18cde 100644 --- a/t/app/controller/admin/bodies.t +++ b/t/app/controller/admin/bodies.t @@ -263,6 +263,16 @@ subtest 'open311 protection editing' => sub { is $contact->get_extra_metadata('open311_protect'), 1, 'Open311 protect flag set'; }; +subtest 'test assigned_users_only setting' => sub { + $mech->get_ok('/admin/body/' . $body->id . '/test%20category'); + $mech->submit_form_ok( { with_fields => { + assigned_users_only => 1, + } } ); + $mech->content_contains('Values updated'); + my $contact = $body->contacts->find({ category => 'test category' }); + is $contact->get_extra_metadata('assigned_users_only'), 1; +}; + subtest 'updates disabling' => sub { $mech->get_ok('/admin/body/' . $body->id . '/test%20category'); $mech->submit_form_ok( { with_fields => { diff --git a/t/app/controller/admin/users.t b/t/app/controller/admin/users.t index 4f0298103..bc8d28e2d 100644 --- a/t/app/controller/admin/users.t +++ b/t/app/controller/admin/users.t @@ -299,6 +299,7 @@ FixMyStreet::override_config { flagged => undef, is_superuser => undef, area_ids => undef, + assigned_categories_only => undef, %default_perms, roles => $role->id, }, @@ -320,6 +321,7 @@ FixMyStreet::override_config { flagged => undef, is_superuser => undef, area_ids => undef, + assigned_categories_only => undef, %default_perms, roles => $role->id, }, @@ -341,6 +343,7 @@ FixMyStreet::override_config { flagged => undef, is_superuser => undef, area_ids => undef, + assigned_categories_only => undef, %default_perms, roles => $role->id, }, @@ -365,6 +368,7 @@ FixMyStreet::override_config { flagged => undef, is_superuser => undef, area_ids => undef, + assigned_categories_only => undef, %default_perms, }, changes => { @@ -385,6 +389,7 @@ FixMyStreet::override_config { flagged => 'on', is_superuser => undef, area_ids => undef, + assigned_categories_only => undef, %default_perms, }, changes => { @@ -394,7 +399,7 @@ FixMyStreet::override_config { log_entries => [qw/edit edit edit edit/], }, { - desc => 'edit user add is_superuser', + desc => 'edit user add is_superuser and assigned_categories_only', fields => { name => 'Changed User', email => 'changed@example.com', @@ -405,10 +410,12 @@ FixMyStreet::override_config { flagged => undef, is_superuser => undef, area_ids => undef, + assigned_categories_only => undef, %default_perms, }, changes => { is_superuser => 'on', + assigned_categories_only => 'on', }, removed => [ keys %default_perms, @@ -428,6 +435,7 @@ FixMyStreet::override_config { flagged => undef, is_superuser => 'on', area_ids => undef, + assigned_categories_only => 'on', }, changes => { is_superuser => undef, diff --git a/t/app/controller/around.t b/t/app/controller/around.t index 186b833fd..6e49c6f29 100644 --- a/t/app/controller/around.t +++ b/t/app/controller/around.t @@ -150,7 +150,7 @@ subtest 'check missing body message not shown when it does not need to be' => su }; for my $permission ( qw/ report_inspect report_mark_private/ ) { - subtest 'check non public reports are displayed on around page with $permission permission' => sub { + subtest "check non public reports are displayed on around page with $permission permission" => sub { my $body = FixMyStreet::DB->resultset('Body')->find( $body_edin_id ); my $body2 = FixMyStreet::DB->resultset('Body')->find( $body_west_id ); my $user = $mech->log_in_ok( 'test@example.com' ); @@ -218,6 +218,29 @@ for my $permission ( qw/ report_inspect report_mark_private/ ) { }; } +subtest 'check assigned-only list items do not display shortlist buttons' => sub { + my $body = FixMyStreet::DB->resultset('Body')->find( $body_edin_id ); + my $contact = $mech->create_contact_ok( category => 'Horses', body_id => $body->id, email => "horses\@example.org" ); + $edinburgh_problems[4]->update({ category => 'Horses' }); + + my $user = $mech->log_in_ok( 'test@example.com' ); + $user->set_extra_metadata(assigned_categories_only => 1); + $user->user_body_permissions->delete(); + $user->set_extra_metadata(categories => [ $contact->id ]); + $user->update({ from_body => $body }); + $user->user_body_permissions->find_or_create({ body => $body, permission_type => 'planned_reports' }); + + FixMyStreet::override_config { + ALLOWED_COBRANDS => 'fixmystreet', + MAPIT_URL => 'http://mapit.uk/', + }, sub { + $mech->get_ok('/around?pc=EH1+1BB'); + }; + $mech->content_contains('shortlist-add-' . $edinburgh_problems[4]->id); + $mech->content_lacks('shortlist-add-' . $edinburgh_problems[3]->id); + $mech->content_lacks('shortlist-add-' . $edinburgh_problems[1]->id); +}; + my $body = $mech->create_body_ok(2237, "Oxfordshire"); subtest 'check category, status and extra filtering works on /around' => sub { diff --git a/t/app/controller/report_inspect.t b/t/app/controller/report_inspect.t index 8deb2667e..2852f8d18 100644 --- a/t/app/controller/report_inspect.t +++ b/t/app/controller/report_inspect.t @@ -822,7 +822,53 @@ FixMyStreet::override_config { }; }; +FixMyStreet::override_config { + MAPIT_URL => 'http://mapit.uk/', + ALLOWED_COBRANDS => 'oxfordshire', +}, sub { + subtest 'test relevant staff user display' => sub { + $user->user_body_permissions->create({ body => $oxon, permission_type => 'planned_reports' }); + $user->user_body_permissions->create({ body => $oxon, permission_type => 'moderate' }); + $mech->log_in_ok('body@example.com'); -END { - done_testing(); -} + # First, check user can see staff things on reports 2 and 3 + $mech->get_ok("/report/$report2_id"); + $mech->content_contains('<select class="form-control" name="state" id="state">'); + $mech->content_contains('<div class="inspect-section">'); + $mech->get_ok("/report/$report3_id"); + $mech->content_contains('<select class="form-control" name="state" id="state">'); + $mech->content_contains('<div class="inspect-section">'); + + # User's categories are ["Cows"], which is currently report 2 + # So should be able to see staff things on 2, but no longer on 3 + $user->set_extra_metadata(assigned_categories_only => 1); + $user->update; + $mech->get_ok("/report/$report2_id"); + $mech->content_contains('<select class="form-control" name="state" id="state">'); + $mech->content_contains('<div class="inspect-section">'); + $mech->get_ok("/report/$report3_id"); + $mech->content_lacks('<select class="form-control" name="state" id="state">'); + $mech->content_lacks('<div class="inspect-section">'); + $mech->content_lacks('Moderate this report'); + $mech->content_lacks('shortlist'); + $user->unset_extra_metadata('assigned_categories_only'); + $user->update; + + # Contact 2 is "Sheep", which is currently report 3 + # So again, should be able to see staff things on 2, but no longer on 3 + $contact2->set_extra_metadata(assigned_users_only => 1); + $contact2->update; + $mech->get_ok("/report/$report2_id"); + $mech->content_contains('<select class="form-control" name="state" id="state">'); + $mech->content_contains('<div class="inspect-section">'); + $mech->get_ok("/report/$report3_id"); + $mech->content_lacks('<select class="form-control" name="state" id="state">'); + $mech->content_lacks('<div class="inspect-section">'); + $mech->content_lacks('Moderate this report'); + $mech->content_lacks('shortlist'); + $contact2->unset_extra_metadata('assigned_users_only'); + $contact2->update; + }; +}; + +done_testing(); diff --git a/templates/web/base/admin/bodies/contact-form.html b/templates/web/base/admin/bodies/contact-form.html index 77c85bfbf..65000942b 100644 --- a/templates/web/base/admin/bodies/contact-form.html +++ b/templates/web/base/admin/bodies/contact-form.html @@ -82,6 +82,12 @@ </p> [% END %] + <p class="form-check"> + <input type="checkbox" name="assigned_users_only" value="1" id="assigned_users_only" [% ' checked' IF contact.extra.assigned_users_only %]> + <label for="assigned_users_only">[% loc('Frontend staff access only to users assigned to this category') %]</label> + <span class='form-hint'>[% loc('Use this if you wish only users assigned to this category to see staff-related features (such as the inspector form) in the front end.') %]</span> + </p> + [% IF body.can_be_devolved %] <div class="admin-hint"> <p> @@ -126,6 +132,7 @@ <h2>[% loc('Extra data:') %] </h2> <dl> [% FOR pair IN contact.get_extra_metadata %] + [% NEXT IF pair.key == 'group' OR pair.key == 'assigned_users_only' %] <dt>[% pair.key %]</dt> <dd>[% pair.value OR '<em>-</em>' %]</dd> [% END %] </dl> diff --git a/templates/web/base/admin/triage/_inspect.html b/templates/web/base/admin/triage/_inspect.html index 926197ceb..bd76a47f7 100644 --- a/templates/web/base/admin/triage/_inspect.html +++ b/templates/web/base/admin/triage/_inspect.html @@ -24,7 +24,6 @@ </select> [% END %] -[% permissions = c.user.permissions(problem) %] [% second_column = BLOCK -%] <div id="side-inspect"> diff --git a/templates/web/base/admin/users/form.html b/templates/web/base/admin/users/form.html index 495da8648..efe885908 100644 --- a/templates/web/base/admin/users/form.html +++ b/templates/web/base/admin/users/form.html @@ -101,6 +101,21 @@ [% END %] + [% IF user.from_body AND c.cobrand.moniker != 'zurich' %] + <li> + <div class="admin-hint"> + <p> + [% loc("This means the user will only see front end staff features (such as the inspector form) in their assigned categories.") %] + </p> + </div> + + <label> + [% loc('Assigned categories only') %]: + <input type="checkbox" id="assigned_categories_only" name="assigned_categories_only"[% user.extra.assigned_categories_only ? ' checked' : '' %]> + </label> + </li> + [% END %] + [% IF c.cobrand.moniker != 'zurich' %] <li> <div class="admin-hint"> diff --git a/templates/web/base/report/_inspect.html b/templates/web/base/report/_inspect.html index 771942b16..a8be342d0 100644 --- a/templates/web/base/report/_inspect.html +++ b/templates/web/base/report/_inspect.html @@ -1,4 +1,3 @@ -[% permissions = c.user.permissions(problem) %] [% second_column = BLOCK -%] <div id="side-inspect"> diff --git a/templates/web/base/report/_item.html b/templates/web/base/report/_item.html index 4d74b3be9..baba04d3e 100644 --- a/templates/web/base/report/_item.html +++ b/templates/web/base/report/_item.html @@ -2,7 +2,17 @@ [% PROCESS 'admin/report_blocks.html' ~%] [% END ~%] -[% IF c.user.has_permission_to('planned_reports', problem.bodies_str_ids) OR c.user.is_planned_report(problem) ~%] +[% + +SET relevant_staff = 1; +SET is_user_category = user_categories.${problem.category}; +IF (assigned_users_only.${problem.category} OR assigned_categories_only) AND NOT is_user_category; + SET relevant_staff = 0; +END; + +~%] + +[% IF relevant_staff AND (c.user.has_permission_to('planned_reports', problem.bodies_str_ids) OR c.user.is_planned_report(problem)) ~%] [% item_extra_class = "item-list__item--indented" ~%] [% item_action = BLOCK ~%] <input type="submit" value="1" @@ -49,12 +59,12 @@ [% END %] [% END ~%] - [% IF c.user.has_permission_to('report_inspect', problem.bodies_str_ids) %] + [% IF relevant_staff AND c.user.has_permission_to('report_inspect', problem.bodies_str_ids) %] <div class="item-list__description">[% problem.detail | html %]</div> [% END %] <small>[% PROCESS 'report/_item_small.html' %]</small> - [% IF c.user.has_permission_to('report_inspect', problem.bodies_str_ids) %] + [% IF relevant_staff AND c.user.has_permission_to('report_inspect', problem.bodies_str_ids) %] <div class="item-list__item__metadata"> <div> <h4>[% loc('Report ID:') %]</h4> diff --git a/templates/web/base/report/display.html b/templates/web/base/report/display.html index f08df931d..af2282f66 100644 --- a/templates/web/base/report/display.html +++ b/templates/web/base/report/display.html @@ -38,9 +38,6 @@ [% SET shown_form = 1 %] [% END %] -[% IF c.user_exists %] - [% DEFAULT permissions = c.user.permissions(problem) %] -[%- END %] [% INCLUDE 'report/_main.html' %] [% IF problem.duplicate_of %] diff --git a/templates/web/base/report/display_tools.html b/templates/web/base/report/display_tools.html index e16ffcb2c..4c79e4b71 100644 --- a/templates/web/base/report/display_tools.html +++ b/templates/web/base/report/display_tools.html @@ -1,7 +1,7 @@ <div class="shadow-wrap"> <ul id="key-tools"> [% IF c.user_exists OR NOT problem.non_public %] - [% IF c.user_exists AND c.cobrand.users_can_hide AND c.user.belongs_to_body( problem.bodies_str ) %] + [% IF c.cobrand.users_can_hide AND relevant_staff_user %] <li><form method="post" action="/report/[% problem.id %]/delete" id="remove-from-site-form"> <input type="hidden" name="token" value="[% csrf_token %]"> <button type="submit" id="key-tool-report-abuse" class="abuse" data-confirm="[% loc('Are you sure?') %]" name="remove_from_site">[% loc('Remove from site') %]</button> @@ -46,7 +46,7 @@ [% loc('Receive email when updates are left on this problem.' ) %]</p> <fieldset> [% IF c.user_exists %] - [% IF c.user.has_permission_to("contribute_as_another_user", problem.bodies_str_ids) %] + [% IF permissions.contribute_as_another_user %] <label for="alert_rznvy">[% loc('Email') %]</label> <div class="form-txt-submit-box"> <input type="email" class="form-control" name="rznvy" id="alert_rznvy" value="[% email | html %]" size="30"> diff --git a/templates/web/base/report/inspect/information.html b/templates/web/base/report/inspect/information.html index b81b37543..3abde9a98 100644 --- a/templates/web/base/report/inspect/information.html +++ b/templates/web/base/report/inspect/information.html @@ -6,7 +6,7 @@ <p> <strong>[% loc('Report ID:') %]</strong> <span class="js-report-id">[% problem.id %]</span> - [% IF c.user_exists AND c.cobrand.admin_allow_user(c.user) AND c.user.has_permission_to('report_edit', problem.bodies_str_ids) %] + [% IF c.user_exists AND c.cobrand.admin_allow_user(c.user) AND permissions.report_edit %] (<a href="[% c.uri_for_action( 'admin/reports/edit', [ problem.id ] ) %]">[% loc('admin') %]</a>) [% END %] </p> diff --git a/templates/web/base/report/update/form_update.html b/templates/web/base/report/update/form_update.html index ff4612840..089d63f55 100644 --- a/templates/web/base/report/update/form_update.html +++ b/templates/web/base/report/update/form_update.html @@ -29,7 +29,7 @@ [% TRY %][% PROCESS 'report/update/before_update.html' %][% CATCH file %][% END %] <label for="form_update">[% loc( 'Update' ) %]</label> -[% IF c.user AND (c.user.is_superuser OR c.user.belongs_to_body(problem.bodies_str)) %] +[% IF relevant_staff_user %] [% INCLUDE 'admin/response_templates_select.html' for='form_update' %] [% END %] [% IF field_errors.update %] @@ -37,7 +37,7 @@ [% END %] <textarea rows="7" cols="30" name="update" class="form-control" id="form_update" required>[% update.text | html %]</textarea> -[% IF c.user AND (c.user.is_superuser OR c.user.belongs_to_body(problem.bodies_str)) %] +[% IF relevant_staff_user %] <label for="state">[% loc( 'State' ) %]</label> [% INCLUDE 'report/inspect/state_groups_select.html' %] [% ELSE %] diff --git a/templates/web/base/report/update/form_user_loggedin.html b/templates/web/base/report/update/form_user_loggedin.html index bec783bb4..35c9beeff 100644 --- a/templates/web/base/report/update/form_user_loggedin.html +++ b/templates/web/base/report/update/form_user_loggedin.html @@ -4,9 +4,9 @@ [% PROCESS 'user/_anonymity.html' anonymous = update.anonymous %] - [% can_contribute_as_another_user = c.user.has_permission_to("contribute_as_another_user", problem.bodies_str_ids) %] - [% can_contribute_as_anonymous_user = c.user.has_permission_to("contribute_as_anonymous_user", problem.bodies_str_ids) %] - [% can_contribute_as_body = c.user.from_body AND c.user.has_permission_to("contribute_as_body", problem.bodies_str_ids) %] + [% can_contribute_as_another_user = permissions.contribute_as_another_user %] + [% can_contribute_as_anonymous_user = permissions.contribute_as_anonymous_user %] + [% can_contribute_as_body = c.user.from_body AND permissions.contribute_as_body %] [% IF can_contribute_as_another_user OR can_contribute_as_body OR can_contribute_as_anonymous_user %] <label for="form_as">[% loc('Provide update as') %]</label> |
