This is an automated email from the ASF dual-hosted git repository. machristie pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/airavata-django-portal.git
commit a28401f0d30eee94d366f685068b79a88d229a8e Author: Marcus Christie <[email protected]> AuthorDate: Fri Jul 26 09:37:58 2019 -0400 AIRAVATA-3177 Restrict readonly admins from creating/editing notices --- .../notices/NoticesManagementContainer.vue | 23 +++++++++++++--------- django_airavata/apps/api/serializers.py | 5 +++++ .../django_airavata_api/js/models/Notification.js | 3 ++- 3 files changed, 21 insertions(+), 10 deletions(-) diff --git a/django_airavata/apps/admin/static/django_airavata_admin/src/components/notices/NoticesManagementContainer.vue b/django_airavata/apps/admin/static/django_airavata_admin/src/components/notices/NoticesManagementContainer.vue index 33c3ee2..d7df7b5 100644 --- a/django_airavata/apps/admin/static/django_airavata_admin/src/components/notices/NoticesManagementContainer.vue +++ b/django_airavata/apps/admin/static/django_airavata_admin/src/components/notices/NoticesManagementContainer.vue @@ -10,7 +10,7 @@ <div class="card"> <div class="card-body"> <list-layout @add-new-item="addNewNotice" title="Notice" - new-item-button-text="New Notice"> + new-item-button-text="New Notice" :new-button-disabled="!isGatewayAdmin"> <template slot="new-item-editor"> <b-card v-if="showNewItemEditor"> <notice-editor @@ -36,13 +36,15 @@ <human-date :date="data.value"/> </template> <template slot="action" slot-scope="data"> - <b-link class="action-link" @click="toggleDetails(data)"> - Edit - <i class="fa fa-edit" aria-hidden="true"></i> - </b-link> - <delete-link @delete="deleteNotice(data.item.notificationId)"> - Are you sure you want to delete the notice? - </delete-link> + <template v-if="data.item.userHasWriteAccess"> + <b-link class="action-link" @click="toggleDetails(data)"> + Edit + <i class="fa fa-edit" aria-hidden="true"></i> + </b-link> + <delete-link @delete="deleteNotice(data.item.notificationId)"> + Are you sure you want to delete the notice? + </delete-link> + </template> </template> <template slot="row-details" slot-scope="row"> <b-card> @@ -68,7 +70,7 @@ </template> <script> -import { models, services } from "django-airavata-api"; +import { models, services, session } from "django-airavata-api"; import { components, layouts } from "django-airavata-common-ui"; import NoticeEditor from "./NoticeEditor"; @@ -128,6 +130,9 @@ export default { return this.notices ? this.notices : []; + }, + isGatewayAdmin() { + return session.Session.isGatewayAdmin; } }, methods: { diff --git a/django_airavata/apps/api/serializers.py b/django_airavata/apps/api/serializers.py index 4e5fb21..d5adde2 100644 --- a/django_airavata/apps/api/serializers.py +++ b/django_airavata/apps/api/serializers.py @@ -929,6 +929,11 @@ class NotificationSerializer( creationTime = UTCPosixTimestampDateTimeField(allow_null=True) publishedTime = UTCPosixTimestampDateTimeField() expirationTime = UTCPosixTimestampDateTimeField() + userHasWriteAccess = serializers.SerializerMethodField() + + def get_userHasWriteAccess(self, userProfile): + request = self.context['request'] + return request.is_gateway_admin class ExperimentStatisticsSerializer( diff --git a/django_airavata/apps/api/static/django_airavata_api/js/models/Notification.js b/django_airavata/apps/api/static/django_airavata_api/js/models/Notification.js index 889c3cd..f6f99d8 100644 --- a/django_airavata/apps/api/static/django_airavata_api/js/models/Notification.js +++ b/django_airavata/apps/api/static/django_airavata_api/js/models/Notification.js @@ -21,7 +21,8 @@ const FIELDS = [ { name: "priority", type: NotificationPriority - } + }, + "userHasWriteAccess" ]; export default class Notification extends BaseModel {
