diff --git a/app.py b/app.py index c1420f8..9e3ef00 100644 --- a/app.py +++ b/app.py @@ -231,7 +231,7 @@ def solar_register_post(): portal.solar.send_admins_new_user_notification_mail(user_id, upload_handler_solar.config) - flash('Podatki so bili poslani v potrditev. Ko bo registracija potrjena, boste o tem obveščeni po e-mailu, ki ste ga posredovali zgoraj.') + flash('Podatki so bili poslani v potrditev. Ko bo registracija potrjena, boste o tem obveščeni po e-mailu.') return redirect('/login') @@ -682,8 +682,15 @@ def change_user_email(): @app.route('/changeuserrole', methods=['POST']) @login_required def change_user_role(): + institution = portal.solar.get_user_institution(current_user.id) if not portal.solar.is_admin(current_user.id): - return '', 404 + + # Institution coordinators can only assign roles of users in their own + # institution. + if institution and portal.solar.is_institution_coordinator(current_user.id, institution.id): + pass + else: + return '', 404 user_id = request.form.get('user-id') role = request.form.get('role') @@ -720,7 +727,7 @@ def add_user_institution_mapping(): if institution: institution_id = institution.id - if not (portal.solar.is_admin(current_user.id) or portal.solar.is_institution_coordinator(current_user.id, institution_id)): + if not portal.solar.is_admin(current_user.id): return '', 404 user_id = request.form['user_id'] diff --git a/templates/solar-manage-institution.html b/templates/solar-manage-institution.html index a3e4f14..5d6492d 100644 --- a/templates/solar-manage-institution.html +++ b/templates/solar-manage-institution.html @@ -56,26 +56,6 @@ {% endif %} {% endwith %} -

Seznam vseh aktivnih uporabnikov

-
- - - - - - - - - - {% for item in users %} - - - - - - {% endfor %} -
IDIme in priimekEmail
{{item.id}}{{item.name}}{{item.email}}
-

Seznam uporabnikov v vaši instituciji

@@ -98,18 +78,6 @@

-

Dodaj uporabnika instituciji

-
- -
- - - -

Odstrani uporabnika iz institucije