diff options
| author |   Paul Eggleton <paul.eggleton@linux.intel.com> | 2013-03-27 11:05:05 +0000 |
|---|---|---|
| committer | Paul Eggleton <paul.eggleton@linux.intel.com> | 2013-03-27 11:06:03 +0000 |
| commit | 49578f98c8d79059114507b0401ea06d3a69777f (patch) | |
| tree | 0dc9f2d77b2f35f58fc506798e3769199c765ac9 /templates | |
| parent | fd2be466bc6a47339f016737f1083d17c6f1086c (diff) | |
| download | openembedded-core-contrib-49578f98c8d79059114507b0401ea06d3a69777f.tar.gz | |
Fix permission checking for publish_layer permission
The incorrect module name was being checked; previously this was only
tested with superusers (who get granted any permission requested, even
if it is invalid).
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Diffstat (limited to 'templates')
| -rw-r--r-- | templates/base.html | 2 | ||||
| -rw-r--r-- | templates/layerindex/detail.html | 4 | ||||
| -rw-r--r-- | templates/layerindex/reviewdetail.html | 6 |
3 files changed, 6 insertions, 6 deletions
diff --git a/templates/base.html b/templates/base.html index 8954b43615..9d3e9ce4ce 100644 --- a/templates/base.html +++ b/templates/base.html @@ -55,7 +55,7 @@ <ul class="nav pull-right"> {% block submitlink %}<li><a href="{% url submit_layer %}">Submit layer</a></li>{% endblock %} {% if user.is_authenticated %} - {% if perms.layeritem.publish_layer %} + {% if perms.layerindex.publish_layer %} <li><a href="{% url layer_list_review %}?branch=master"> Review {% if unpublished_count > 0 %} diff --git a/templates/layerindex/detail.html b/templates/layerindex/detail.html index 2df242fbbb..668f4404a9 100644 --- a/templates/layerindex/detail.html +++ b/templates/layerindex/detail.html @@ -32,7 +32,7 @@ {% endif %} {% if user.is_authenticated %} <span class="pull-right"> - {% if perms.layeritem.publish_layer or useredit %} + {% if perms.layerindex.publish_layer or useredit %} <a href="{% url edit_layer layeritem.name %}" class="btn">Edit layer</a> {% if layeritem.layernote_set.count = 0 %} <a href="{% url add_layernote layeritem.name %}" class="btn">Add note</a> @@ -57,7 +57,7 @@ {% for note in layeritem.layernote_set.all %} <div class="alert"> <p>{{ note.text }}</p> - {% if perms.layeritem.publish_layer or useredit %} + {% if perms.layerindex.publish_layer or useredit %} <p> <a href="{% url edit_layernote layeritem.name note.pk %}" class="btn">Edit note</a> <a href="{% url delete_layernote layeritem.name note.pk %}" class='btn'>Delete note</a> diff --git a/templates/layerindex/reviewdetail.html b/templates/layerindex/reviewdetail.html index 7a4cd4d3bc..6769d2cf35 100644 --- a/templates/layerindex/reviewdetail.html +++ b/templates/layerindex/reviewdetail.html @@ -34,13 +34,13 @@ {% endif %} {% if user.is_authenticated %} <span class="pull-right"> - {% if perms.layeritem.publish_layer or useredit %} + {% if perms.layerindex.publish_layer or useredit %} <a href="{% url edit_layer layeritem.name %}" class="btn">Edit layer</a> {% if layeritem.layernote_set.count = 0 %} <a href="{% url add_layernote layeritem.name %}" class="btn">Add note</a> {% endif %} {% endif %} - {% if layeritem.status = "N" and perms.layeritem.publish_layer %} + {% if layeritem.status = "N" and perms.layerindex.publish_layer %} <a href="{% url delete_layer layeritem.name %}" class="btn btn-warning">Delete layer</a> <a href="{% url publish layeritem.name %}" class="btn btn-primary">Publish layer</a> {% endif %} @@ -63,7 +63,7 @@ {% for note in layeritem.layernote_set.all %} <div class="alert"> <p>{{ note.text }}</p> - {% if perms.layeritem.publish_layer or useredit %} + {% if perms.layerindex.publish_layer or useredit %} <p> <a href="{% url edit_layernote layeritem.name note.pk %}" class="btn">Edit note</a> <a href="{% url delete_layernote layeritem.name note.pk %}" class='btn'>Delete note</a> |