fix #1594

diff --git a/project/dae/decorators.py b/project/dae/decorators.py
index 9deacac..0e4b20b 100644 (file)
--- a/project/dae/decorators.py
+++ b/project/dae/decorators.py
@@ -163,10 +163,10 @@ def dossier_est_modifiable(fn):
         dossier_id = kwargs.get('dossier_id', None)
         if dossier_id is not None:
             dossier = dae.Dossier.objects.get(id=dossier_id)
-            if dossier.etat not in ETATS_EDITABLE:
+            if grp_drh not in request.user.groups.all() and \
+               (dossier.etat not in ETATS_EDITABLE or dossier not in dae.Dossier.objects.mes_choses_a_faire(request.user).all()):
                 msg = u"Ce dossier d'embauche ne peut plus être modifié."
                 return redirect_interdiction(request, msg)
-
         return fn(request, *args, **kwargs)
     return inner
 
@@ -176,7 +176,8 @@ def poste_est_modifiable(fn):
         if key is not None and key.split('-')[0] == 'dae':
             poste_id = key.split('-')[1]
             poste = dae.Poste.objects.get(id=poste_id)
-            if poste.etat not in ETATS_EDITABLE:
+            if grp_drh not in request.user.groups.all() and \
+               (poste.etat not in ETATS_EDITABLE or poste not in dae.Poste.objects.mes_choses_a_faire(request.user).all()):
                 msg = u"Ce poste ne peut plus être modifié."
                 return redirect_interdiction(request, msg)
 

diff --git a/project/dae/templates/dae/embauche_consulter.html b/project/dae/templates/dae/embauche_consulter.html
index ced0bc2..6fc81c8 100644 (file)
--- a/project/dae/templates/dae/embauche_consulter.html
+++ b/project/dae/templates/dae/embauche_consulter.html
@@ -12,7 +12,7 @@
 {% block main %}
 <h1 class="gauche">Demande d'autorisation d'engagement de personnel</h1>
 <a class="droite bouton-action" target="_blank" href="?mode=vpdf">Format impression</a>
-{% if dossier|est_editable %}<a class="droite bouton-action" href="{% url embauche dossier.poste.key dossier.id %}">Modifier</a>{% endif %}
+{% if dossier|est_editable:request.user %}<a class="droite bouton-action" href="{% url embauche dossier.poste.key dossier.id %}">Modifier</a>{% endif %}
 <div class="visualClear"></div>
 
 <h2 class="section">SECTION 1 - POSTE</h2>

diff --git a/project/dae/templates/dae/poste_consulter.html b/project/dae/templates/dae/poste_consulter.html
index 28d535d..b200fe3 100644 (file)
--- a/project/dae/templates/dae/poste_consulter.html
+++ b/project/dae/templates/dae/poste_consulter.html
@@ -15,7 +15,7 @@ Demande d'autorisation d'embauche
 
 <h1 class="gauche">Demande d'autorisation de création de poste</h1>
 <a class="droite bouton-action" target="_blank" href="?mode=vpdf">Format impression</a>
-{% if poste|est_editable %}<a class="droite bouton-action" href="{% url poste poste.key %}">Modifier</a>{% endif %}
+{% if poste|est_editable:request.user %}<a class="droite bouton-action" href="{% url poste poste.key %}">Modifier</a>{% endif %}
 <div class="visualClear"></div>
 
 {% include "dae/poste_resume.html" %}

diff --git a/project/dae/templatetags/dae.py b/project/dae/templatetags/dae.py
index e4df312..05a2197 100644 (file)
--- a/project/dae/templatetags/dae.py
+++ b/project/dae/templatetags/dae.py
@@ -12,8 +12,10 @@ def peut_ajouter(user):
     return False
 
 @register.filter
-def est_editable(obj):
-    if obj.etat in ETATS_EDITABLE:
+def est_editable(obj, user):
+    klass = obj.__class__
+    groupes_users = user.groups.all()
+    if (obj.etat in ETATS_EDITABLE and obj in klass.objects.mes_choses_a_faire(user).all()) or grp_drh in groupes_users:
         return True
     else:
         return False