restrict access to the generic class edit form

Richard Jones · Richard Jones · commit 938d9decb60a · 2002-09-11T01:20:41.000Z
diff --git a/roundup/templates/classic/html/_generic.index b/roundup/templates/classic/html/_generic.index
@@ -1,5 +1,14 @@
 <!-- dollarId: issue.index,v 1.2 2001/07/29 04:07:37 richard Exp dollar-->
+<tal:block tal:define="
+    editok python:request.user.hasPermission('Edit') or
+           context.id == request.user.id;
+    viewok python:request.user.hasPermission('View')">
 
+<span tal:condition="python:not (viewok or editok)">
+You are not allowed to view this page.
+</span>
+
+<tal:block tal:condition="editok">
 <p class="form-help">
  You may edit the contents of the <span tal:replace="request/classname" />
  class using this form. Commas, newlines and double quotes (") must be
@@ -24,4 +33,10 @@
 <input type="hidden" name=":action" value="editCSV">
 <input type="submit" value="Edit Items">
 </form>
+</tal:block>
+
+<tal:block tal:condition="python:viewok and not editok">
+view ok
+</tal:block>
 
+</tal:block>
