Commit cd49e1c5 authored by Marc Duez's avatar Marc Duez

server : show buttons only if user have the required permission

parent 7eeb2f37
......@@ -45,7 +45,9 @@ def run_request():
error += "id sequence file needed, "
if not "config_id" in request.vars:
error += "id config needed, "
if not auth.has_permission("run", "data_file") :
error += "permission needed"
id_patient = db.sequence_file[request.vars["sequence_file_id"]].patient_id
if not auth.has_permission('admin', 'patient', id_patient) :
......
......@@ -39,12 +39,11 @@ query = db(
<td> {{=row.patient.info }} </td>
<td> {{=row[count]}}</td>
{{if auth.has_membership("admin"):}}
<td onclick="db.call('patient/permission', {'id' :'{{=row.patient.id}}'} )" > p </td>
{{else:}}
<td></td>
{{pass}}
<td onclick="db.call('patient/permission', {'id' :'{{=row.patient.id}}'} )" > p </td> {{else:}} <td></td> {{pass}}
{{if (auth.has_permission('admin', 'patient', row.patient.id) ):}}
<td onclick="db.call('patient/edit', {'id' :'{{=row.patient.id}}'} )" > e </td>
<td onclick="db.call('patient/confirm', {'id' :'{{=row.patient.id}}'} )" > X </td>
{{else:}} <td></td><td></td>{{pass}}
</tr>
{{pass}}
</table>
......
......@@ -113,9 +113,10 @@ query = db(
<td> {{if filename != '':}}<a href="{{=URL('patient','download', scheme='https', args=row.sequence_file.data_file)}}" >dl</a>{{pass}}</td>
<td> {{=row.sequence_file.sampling_date}} </td>
<td> {{=row.sequence_file.info}} </td>
<td onclick="db.call('file/edit', {'id' :'{{=row.sequence_file.id}}', 'patient_id' :'{{=request.vars['id']}}'} )" > e </td>
<td onclick="db.call('file/confirm', {'id' :'{{=row.sequence_file.id}}', 'patient_id' :'{{=request.vars['id']}}'} )" > X </td>
{{if (auth.has_permission('admin', 'patient', request.vars["id"]) ):}}
<td onclick="db.call('file/edit', {'id' :'{{=row.sequence_file.id}}', 'patient_id' :'{{=request.vars['id']}}'} )" > e </td>
<td onclick="db.call('file/confirm', {'id' :'{{=row.sequence_file.id}}', 'patient_id' :'{{=request.vars['id']}}'} )" > X </td>
{{else:}}<td></td><td></td>{{pass}}
<td class="column_sep"></td>
<td> {{if row.data_file.run_date :}}{{=row.data_file.run_date }}{{pass}} </td>
......@@ -128,7 +129,7 @@ query = db(
<span class="button inactive" title="you don't have permission to schedule runs"> run >> </span>
{{pass}}
{{else:}}
{{=status}}
{{=status}}
{{pass}}
{{pass}}
</td>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment