webapps/portal-oddajanje-solar
16
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

endpoint permission updates for institutions, threw out add user from manage institution menu

Browse Source
This commit is contained in:
msinkec 2022-02-10 10:25:27 +01:00
parent 6cd69c5d4b
commit 710abf74df
2 changed files with 10 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
app.py
View File

@ -231,7 +231,7 @@ def solar_register_post():
portal.solar.send_admins_new_user_notification_mail(user_id, upload_handler_solar.config) portal.solar.send_admins_new_user_notification_mail(user_id, upload_handler_solar.config)
flash('Podatki so bili poslani v potrditev. Ko bo registracija potrjena, boste o tem obveščeni po e-mailu, ki ste ga posredovali zgoraj.') flash('Podatki so bili poslani v potrditev. Ko bo registracija potrjena, boste o tem obveščeni po e-mailu.')
return redirect('/login') return redirect('/login')
@ -679,8 +679,15 @@ def change_user_email():
@app.route('/changeuserrole', methods=['POST']) @app.route('/changeuserrole', methods=['POST'])
@login_required @login_required
def change_user_role(): def change_user_role():
institution = portal.solar.get_user_institution(current_user.id)
if not portal.solar.is_admin(current_user.id): if not portal.solar.is_admin(current_user.id):
return '', 404
# Institution coordinators can only assign roles of users in their own
# institution.
if institution and portal.solar.is_institution_coordinator(current_user.id, institution.id):
pass
else:
return '', 404
user_id = request.form.get('user-id') user_id = request.form.get('user-id')
role = request.form.get('role') role = request.form.get('role')
@ -717,7 +724,7 @@ def add_user_institution_mapping():
if institution: if institution:
institution_id = institution.id institution_id = institution.id
if not (portal.solar.is_admin(current_user.id) or portal.solar.is_institution_coordinator(current_user.id, institution_id)): if not portal.solar.is_admin(current_user.id):
return '', 404 return '', 404
user_id = request.form['user_id'] user_id = request.form['user_id']

32
templates/solar-manage-institution.html
View File

@ -57,26 +57,6 @@
</div> </div>
{% endif %} {% endif %}
{% endwith %} {% endwith %}
<h3>Seznam vseh aktivnih uporabnikov</h3>
<div class="tableFixHead">
<table>
<thead>
<tr>
<th>ID</th>
<th>Ime in priimek</th>
<th>Email</th>
</tr>
</thead>
<tbody>
{% for item in users %}
<tr>
<td>{{item.id}}</td>
<td>{{item.name}}</td>
<td>{{item.email}}</td>
</tr>
{% endfor %}
</table>
</div>
<h3>Seznam uporabnikov v vaši instituciji</h3> <h3>Seznam uporabnikov v vaši instituciji</h3>
<div class="tableFixHead"> <div class="tableFixHead">
@ -99,18 +79,6 @@
</table> </table>
</div> </div>
<br> <br>
<h3>Dodaj uporabnika instituciji</h3>
<form action="../addusertoinstitution" method="post">
<label for="user_id">ID uporabnika:</label>
<input type="text" id="user_id" name="user_id"><br>
<label for="role">Vloga v instituciji:</label>
<select name="role" id="role">
<option value="coordinator">Koordinator/-ka</option>
<option value="mentor">Mentor/-ica</option>
<option value="other">Druga vloga</option>
</select>
<input type="submit" value="Dodeli">
</form>
<h3>Odstrani uporabnika iz institucije</h3> <h3>Odstrani uporabnika iz institucije</h3>
<form action="../deluserfrominstitution" method="post"> <form action="../deluserfrominstitution" method="post">
<label for="user_id">ID uporabnika:</label> <label for="user_id">ID uporabnika:</label>