diff options
Diffstat (limited to 'perllib/FixMyStreet')
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Admin.pm | 12 | ||||
| -rw-r--r-- | perllib/FixMyStreet/Cobrand/Default.pm | 7 |
2 files changed, 14 insertions, 5 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Admin.pm b/perllib/FixMyStreet/App/Controller/Admin.pm index 1f07aae82..b643c9633 100644 --- a/perllib/FixMyStreet/App/Controller/Admin.pm +++ b/perllib/FixMyStreet/App/Controller/Admin.pm @@ -219,8 +219,11 @@ sub bodies : Path('bodies') : Args(0) { my ( $self, $c ) = @_; if (my $body_id = $c->get_param('body')) { - $c->res->redirect( $c->uri_for( 'body', $body_id ) ); - return; + return $c->res->redirect( $c->uri_for( 'body', $body_id ) ); + } + + if (!$c->user->is_superuser && $c->user->from_body && $c->cobrand->moniker ne 'zurich') { + return $c->res->redirect( $c->uri_for( 'body', $c->user->from_body->id ) ); } $c->forward( '/auth/get_csrf_token' ); @@ -298,7 +301,10 @@ sub body : Path('body') : Args(1) { $c->stash->{body_id} = $body_id; - $c->forward( 'check_for_super_user' ); + unless ($c->user->has_permission_to('category_edit', $body_id)) { + $c->forward('check_for_super_user'); + } + $c->forward( '/auth/get_csrf_token' ); $c->forward( 'lookup_body' ); $c->forward( 'fetch_all_bodies' ); diff --git a/perllib/FixMyStreet/Cobrand/Default.pm b/perllib/FixMyStreet/Cobrand/Default.pm index 8e170458a..47e577372 100644 --- a/perllib/FixMyStreet/Cobrand/Default.pm +++ b/perllib/FixMyStreet/Cobrand/Default.pm @@ -644,10 +644,8 @@ sub admin_pages { my $pages = { 'summary' => [_('Summary'), 0], - 'bodies' => [_('Bodies'), 1], 'timeline' => [_('Timeline'), 5], 'stats' => [_('Stats'), 8], - 'body' => [undef, undef], }; # There are some pages that only super users can see @@ -656,6 +654,10 @@ sub admin_pages { $pages->{config} = [ _('Configuration'), 9]; }; # And some that need special permissions + if ( $user->is_superuser || $user->has_body_permission_to('category_edit') ) { + $pages->{bodies} = [ _('Bodies'), 1 ]; + $pages->{body} = [ undef, undef ]; + } if ( $user->is_superuser || $user->has_body_permission_to('report_edit') ) { $pages->{reports} = [ _('Reports'), 2 ]; $pages->{report_edit} = [ undef, undef ]; @@ -726,6 +728,7 @@ sub available_permissions { user_assign_areas => _("Assign users to areas"), # future use }, _("Bodies") => { + category_edit => _("Add/edit problem categories"), template_edit => _("Add/edit response templates"), responsepriority_edit => _("Add/edit response priorities"), }, |