Fix user permissions. Hide generate invoice on the summary page if it is empty. Hide load delete option from regular users as they don't have permission anyway

author: Mitch Riedstra <mitch@riedstra.us> 2017-11-01 00:10:47 -0400
committer: Mitch Riedstra <mitch@riedstra.us> 2017-11-01 00:10:47 -0400
commit: e4d865b1a61f6a72551e70abad78c6c35b9345e7 (patch)
tree: 7173d343aa38586b2ce8e9205e0e6f7fd6cd6564 /app/dispatch
parent: b7d282a8ba5f0ed6c773989c96c2182257cc69a5 (diff)
download: dispatch-tracker-e4d865b1a61f6a72551e70abad78c6c35b9345e7.tar.gz
dispatch-tracker-e4d865b1a61f6a72551e70abad78c6c35b9345e7.tar.xz
3 files changed, 62 insertions, 16 deletions
diff --git a/app/dispatch/templates/dispatch/drivers/summary.html b/app/dispatch/templates/dispatch/drivers/summary.html
index d849e9d..5da7d3c 100644
--- a/app/dispatch/templates/dispatch/drivers/summary.html
+++ b/app/dispatch/templates/dispatch/drivers/summary.html
@@ -10,6 +10,8 @@
     </div>
 </div>
 
+<!-- don't show the invoice button if we don't have any loads lol -->
+{% if loads_nosplit.all %}
 <div class="row">
   <div class="col s12">
     <div class="right-align">
@@ -17,6 +19,7 @@
     </div>
   </div>
 </div>
+{% endif %}
 
 {% if not request.user.is_superuser %}
 <div class="row">
diff --git a/app/dispatch/templates/dispatch/loads/detail.html b/app/dispatch/templates/dispatch/loads/detail.html
index 5be54a1..288fdd8 100644
--- a/app/dispatch/templates/dispatch/loads/detail.html
+++ b/app/dispatch/templates/dispatch/loads/detail.html
@@ -10,11 +10,15 @@
     </div>
     <div class="col s6">
       <div class="right-align">
+        {% if request.user.is_superuser %}
         <form action="{% url 'load_delete' object.id %}" id="load_delete" method="POST">
         {% csrf_token %}
           <a class="btn red" href="#" onClick="warn_submit('Are you sure?\nThis cannot be undone!', '#load_delete')">Delete</a>
           <a class="btn blue" href="{% url 'load_edit' object.id %}">Edit</a>
         </form>
+        {% else %}
+          <a class="btn blue" href="{% url 'load_edit' object.id %}">Edit</a>
+        {% endif %}
       </div>
     </div>
 </div>
diff --git a/app/dispatch/views.py b/app/dispatch/views.py
index 95aff28..918cf0d 100644
--- a/app/dispatch/views.py
+++ b/app/dispatch/views.py
@@ -158,11 +158,18 @@ class DriverUpdate(UserPassesTestMixin, UpdateView):
     superuser_fields = ['username', 'first_name', 'last_name', 'email',
                         'is_active', 'is_superuser']
 
-    def get(self, request, *args, **kwargs):
-        if request.user.is_superuser:
+    def set_fields(self, user):
+        if user.is_superuser:
             self.fields = self.superuser_fields
         else:
             self.fields = self.default_fields
+
+    def post(self, request, *args, **kwargs):
+        self.set_fields(request.user)
+        return super(DriverUpdate, self).post(request)
+
+    def get(self, request, *args, **kwargs):
+        self.set_fields(request.user)
         return super(DriverUpdate, self).get(request)
 
     def get_context_data(self, **kwargs):
@@ -247,16 +254,23 @@ class LoadCreate(CreateView):
     model = Load
     fields = []
 
-    defualt_fields = ['date', 'customer', 'description', 'delivered_to',
+    default_fields = ['date', 'customer', 'description', 'delivered_to',
                       'amount']
     superuser_fields = ['user', 'date', 'customer', 'description',
                         'delivered_to', 'amount']
 
-    def get(self, request):
-        if request.user.is_superuser:
+    def set_fields(self, user):
+        if user.is_superuser:
             self.fields = self.superuser_fields
         else:
             self.fields = self.default_fields
+
+    def post(self, request):
+        self.set_fields(request.user)
+        return super(LoadCreate, self).post(request)
+
+    def get(self, request):
+        self.set_fields(request.user)
         return super(LoadCreate, self).get(request)
 
     def form_valid(self, form):
@@ -289,11 +303,18 @@ class LoadUpdate(FilteredUpdateView):
     superuser_fields = ['user', 'date', 'customer', 'description',
                         'delivered_to', 'amount']
 
-    def get(self, request, pk):
-        if request.user.is_superuser:
+    def set_fields(self, user):
+        if user.is_superuser:
             self.fields = self.superuser_fields
         else:
             self.fields = self.default_fields
+
+    def post(self, request, pk):
+        self.set_fields(request.user)
+        return super(LoadUpdate, self).post(request)
+
+    def get(self, request, pk):
+        self.set_fields(request.user)
         return super(LoadUpdate, self).get(request)
 
     def form_valid(self, form):
@@ -381,14 +402,18 @@ class UserInvoiceNumberUpdate(UserPassesTestMixin, UpdateView):
     default_fields = ['number']
     superuser_fields = ['number', 'user']
 
-    def get(self, request, *args, **kwargs):
-        if request.user.is_superuser:
-            # self.fields.insert(1,'user')
+    def set_fields(self, user):
+        if user.is_superuser:
             self.fields = self.superuser_fields
-            # print('Is superuser\nFields: {}'.format(self.fields))
         else:
             self.fields = self.default_fields
-            # print('Is not superuser\nFields: {}'.format(self.fields))
+
+    def post(self, request, *args, **kwargs):
+        self.set_fields(request.user)
+        return super(UserInvoiceNumberUpdate, self).post(request)
+
+    def get(self, request, *args, **kwargs):
+        self.set_fields(request.user)
         return super(UserInvoiceNumberUpdate, self).get(request)
 
     def test_func(self):
@@ -418,11 +443,18 @@ class IdentityCreate(UserPassesTestMixin, CreateView):
     default_fields = ['name', 'address', 'city', 'state', 'zip_code']
     superuser_fields = ['user', 'name', 'address', 'city', 'state', 'zip_code']
 
-    def get(self, request, *args, **kwargs):
-        if request.user.is_superuser:
+    def set_fields(self, user):
+        if user.is_superuser:
             self.fields = self.superuser_fields
         else:
             self.fields = self.default_fields
+
+    def post(self, request, *args, **kwargs):
+        self.set_fields(request.user)
+        return super(IdentityCreate, self).post(request)
+
+    def get(self, request, *args, **kwargs):
+        self.set_fields(request.user)
         return super(IdentityCreate, self).get(request)
 
     def test_func(self):
@@ -438,11 +470,18 @@ class IdentityUpdate(UserPassesTestMixin, UpdateView):
     default_fields = ['name', 'address', 'city', 'state', 'zip_code']
     superuser_fields = ['user', 'name', 'address', 'city', 'state', 'zip_code']
 
-    def get(self, request, *args, **kwargs):
-        if request.user.is_superuser:
+    def set_fields(self, user):
+        if user.is_superuser:
             self.fields = self.superuser_fields
         else:
             self.fields = self.default_fields
+
+    def post(self, request, *args, **kwargs):
+        self.set_fields(request.user)
+        return super(IdentityUpdate, self).post(request)
+
+    def get(self, request, *args, **kwargs):
+        self.set_fields(request.user)
         return super(IdentityUpdate, self).get(request)
 
     def test_func(self):
author	Mitch Riedstra <mitch@riedstra.us>	2017-11-01 00:10:47 -0400
committer	Mitch Riedstra <mitch@riedstra.us>	2017-11-01 00:10:47 -0400
commit	e4d865b1a61f6a72551e70abad78c6c35b9345e7 (patch)
tree	7173d343aa38586b2ce8e9205e0e6f7fd6cd6564 /app/dispatch
parent	b7d282a8ba5f0ed6c773989c96c2182257cc69a5 (diff)
download	dispatch-tracker-e4d865b1a61f6a72551e70abad78c6c35b9345e7.tar.gz dispatch-tracker-e4d865b1a61f6a72551e70abad78c6c35b9345e7.tar.xz