endpoint permission updates for institutions, threw out add user from manage institution menu

2022-02-10 10:25:27 +01:00 · 2022-02-10 10:25:27 +01:00 · 710abf74df
commit 710abf74df
parent 6cd69c5d4b
2 changed files with 10 additions and 35 deletions
--- a/app.py
+++ b/app.py
@ -231,7 +231,7 @@ def solar_register_post():

    portal.solar.send_admins_new_user_notification_mail(user_id, upload_handler_solar.config) 

-    flash('Podatki so bili poslani v potrditev. Ko bo registracija potrjena, boste o tem obveščeni po e-mailu, ki ste ga posredovali zgoraj.')
+    flash('Podatki so bili poslani v potrditev. Ko bo registracija potrjena, boste o tem obveščeni po e-mailu.')
    return redirect('/login')


@ -679,8 +679,15 @@ def change_user_email():
@app.route('/changeuserrole', methods=['POST'])
@login_required
 def change_user_role():
+    institution = portal.solar.get_user_institution(current_user.id)
    if not portal.solar.is_admin(current_user.id):
-        return '', 404
+
+        # Institution coordinators can only assign roles of users in their own
+        # institution.
+        if institution and portal.solar.is_institution_coordinator(current_user.id, institution.id):
+            pass
+        else:
+            return '', 404

    user_id = request.form.get('user-id')
    role = request.form.get('role')
@ -717,7 +724,7 @@ def add_user_institution_mapping():
        if institution:
            institution_id = institution.id

-    if not (portal.solar.is_admin(current_user.id) or portal.solar.is_institution_coordinator(current_user.id, institution_id)):
+    if not portal.solar.is_admin(current_user.id):
        return '', 404

    user_id = request.form['user_id']
--- a/templates/solar-manage-institution.html
+++ b/templates/solar-manage-institution.html
@ -57,26 +57,6 @@
        </div>
    {% endif %}
    {% endwith %}
-    <h3>Seznam vseh aktivnih uporabnikov</h3>
-    <div class="tableFixHead">
-      <table>
-          <thead>
-              <tr>
-                <th>ID</th>
-                <th>Ime in priimek</th>
-                <th>Email</th>
-              </tr>
-          </thead>
-          <tbody>
-          {% for item in users %}
-          <tr>
-              <td>{{item.id}}</td>
-              <td>{{item.name}}</td>
-              <td>{{item.email}}</td>
-          </tr>
-          {% endfor %}
-      </table>
-    </div>

    <h3>Seznam uporabnikov v vaši instituciji</h3>
    <div class="tableFixHead">
@ -99,18 +79,6 @@
      </table>
    </div>
    <br>
-    <h3>Dodaj uporabnika instituciji</h3>
-    <form action="../addusertoinstitution" method="post">
-        <label for="user_id">ID uporabnika:</label>
-        <input type="text" id="user_id" name="user_id"><br>
-        <label for="role">Vloga v instituciji:</label>
-        <select name="role" id="role">
-                <option value="coordinator">Koordinator/-ka</option>
-                <option value="mentor">Mentor/-ica</option>
-                <option value="other">Druga vloga</option>
-        </select>
-        <input type="submit" value="Dodeli">
-    </form>
    <h3>Odstrani uporabnika iz institucije</h3>
    <form action="../deluserfrominstitution" method="post">
        <label for="user_id">ID uporabnika:</label>