dossier_id = kwargs.get('dossier_id', None)
if dossier_id is not None:
dossier = dae.Dossier.objects.get(id=dossier_id)
- if dossier.etat not in ETATS_EDITABLE:
+ if grp_drh not in request.user.groups.all() and \
+ (dossier.etat not in ETATS_EDITABLE or dossier not in dae.Dossier.objects.mes_choses_a_faire(request.user).all()):
msg = u"Ce dossier d'embauche ne peut plus être modifié."
return redirect_interdiction(request, msg)
-
return fn(request, *args, **kwargs)
return inner
if key is not None and key.split('-')[0] == 'dae':
poste_id = key.split('-')[1]
poste = dae.Poste.objects.get(id=poste_id)
- if poste.etat not in ETATS_EDITABLE:
+ if grp_drh not in request.user.groups.all() and \
+ (poste.etat not in ETATS_EDITABLE or poste not in dae.Poste.objects.mes_choses_a_faire(request.user).all()):
msg = u"Ce poste ne peut plus être modifié."
return redirect_interdiction(request, msg)
{% block main %}
<h1 class="gauche">Demande d'autorisation d'engagement de personnel</h1>
<a class="droite bouton-action" target="_blank" href="?mode=vpdf">Format impression</a>
-{% if dossier|est_editable %}<a class="droite bouton-action" href="{% url embauche dossier.poste.key dossier.id %}">Modifier</a>{% endif %}
+{% if dossier|est_editable:request.user %}<a class="droite bouton-action" href="{% url embauche dossier.poste.key dossier.id %}">Modifier</a>{% endif %}
<div class="visualClear"></div>
<h2 class="section">SECTION 1 - POSTE</h2>
<h1 class="gauche">Demande d'autorisation de création de poste</h1>
<a class="droite bouton-action" target="_blank" href="?mode=vpdf">Format impression</a>
-{% if poste|est_editable %}<a class="droite bouton-action" href="{% url poste poste.key %}">Modifier</a>{% endif %}
+{% if poste|est_editable:request.user %}<a class="droite bouton-action" href="{% url poste poste.key %}">Modifier</a>{% endif %}
<div class="visualClear"></div>
{% include "dae/poste_resume.html" %}
return False
@register.filter
-def est_editable(obj):
- if obj.etat in ETATS_EDITABLE:
+def est_editable(obj, user):
+ klass = obj.__class__
+ groupes_users = user.groups.all()
+ if (obj.etat in ETATS_EDITABLE and obj in klass.objects.mes_choses_a_faire(user).all()) or grp_drh in groupes_users:
return True
else:
return False