From 63e2996e3e9dc92c1bb612706373d99ca222826f Mon Sep 17 00:00:00 2001
From: sks444 <krishnasingh.ss30@gmail.com>
Date: Tue, 6 Jul 2021 16:34:25 +0530
Subject: [PATCH] Fix vendor detail page when project is not editable
---
.../application_projects/vendor_detail.html | 18 +++++++++-------
hypha/apply/projects/views/vendor.py | 21 ++++++++++++++++---
2 files changed, 28 insertions(+), 11 deletions(-)
diff --git a/hypha/apply/projects/templates/application_projects/vendor_detail.html b/hypha/apply/projects/templates/application_projects/vendor_detail.html
index 2bb2a9160..da54c5a6d 100644
--- a/hypha/apply/projects/templates/application_projects/vendor_detail.html
+++ b/hypha/apply/projects/templates/application_projects/vendor_detail.html
@@ -1,6 +1,6 @@
{% extends "base-apply.html" %}
-{% load bleach_tags i18n %}
-
+{% load bleach_tags i18n approval_tools %}
+{% user_can_edit_project object request.user as editable %}
{% block title %}{% trans "Vendor Information for" %} {{ project.title }} {% endblock %}
{% block content %}
@@ -14,12 +14,14 @@
<div>
<h5 class="vendor-info">Last Updated: {{ vendor.updated_at|date:'F d, Y' }}</h5>
</div>
- <div>
- <a class="link link--edit-vendor is-active" href="{% url 'apply:projects:vendor' pk=project.pk %}">
- Edit
- <svg class="icon icon--pen"><use xlink:href="#pen"></use></svg>
- </a>
- </div>
+ {% if editable %}
+ <div>
+ <a class="link link--edit-vendor is-active" href="{% url 'apply:projects:vendor' pk=project.pk %}">
+ Edit
+ <svg class="icon icon--pen"><use xlink:href="#pen"></use></svg>
+ </a>
+ </div>
+ {% endif %}
</div>
<div class="rich-text rich-text--answers">
diff --git a/hypha/apply/projects/views/vendor.py b/hypha/apply/projects/views/vendor.py
index a78d4e2ff..6087123d0 100644
--- a/hypha/apply/projects/views/vendor.py
+++ b/hypha/apply/projects/views/vendor.py
@@ -42,7 +42,7 @@ def show_extra_info_form(wizard):
return cleaned_data.get('need_extra_info', True)
-class VendorAccessMixin:
+class CreateVendorAccessMixin:
def dispatch(self, request, *args, **kwargs):
project_settings = ProjectSettings.for_request(request)
if not project_settings.vendor_setup_required:
@@ -59,7 +59,22 @@ class VendorAccessMixin:
return super().dispatch(request, *args, **kwargs)
-class CreateVendorView(VendorAccessMixin, SessionWizardView):
+class DetailVendorAccessMixin:
+ def dispatch(self, request, *args, **kwargs):
+ project_settings = ProjectSettings.for_request(request)
+ if not project_settings.vendor_setup_required:
+ raise PermissionDenied
+ is_admin = request.user.is_apply_staff
+ project = self.get_project()
+ is_owner = request.user == project.user
+ if not (is_owner or is_admin):
+ raise PermissionDenied
+ if not project.vendor:
+ raise Http404
+ return super().dispatch(request, *args, **kwargs)
+
+
+class CreateVendorView(CreateVendorAccessMixin, SessionWizardView):
file_storage = PrivateStorage()
form_list = [
('basic', CreateVendorFormStep1),
@@ -209,7 +224,7 @@ class CreateVendorView(VendorAccessMixin, SessionWizardView):
return kwargs
-class VendorDetailView(VendorAccessMixin, DetailView):
+class VendorDetailView(DetailVendorAccessMixin, DetailView):
model = Vendor
template_name = 'application_projects/vendor_detail.html'
--
GitLab