From 2253bc6c3f43ea33d9fae2951e635a766ffd46c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Valenta?= <git@imaniti.org>
Date: Mon, 3 Jul 2023 00:45:43 +0900
Subject: [PATCH] fix approval status permissions
---
contracts/forms.py | 27 +++++++++++++++++++++++----
1 file changed, 23 insertions(+), 4 deletions(-)
diff --git a/contracts/forms.py b/contracts/forms.py
index c4c9133..98a03e6 100644
--- a/contracts/forms.py
+++ b/contracts/forms.py
@@ -54,10 +54,28 @@ class ContractAdminForm(forms.ModelForm):
)
continue
- if self.instance.status in (
- Contract.StatusTypes.WORK_IN_PROGRESS,
- Contract.StatusTypes.TO_BE_APPROVED,
+ if (
+ choice_key == Contract.StatusTypes.TO_BE_APPROVED
+ and self.instance.status != Contract.StatusTypes.APPROVED
+ and (
+ self.current_user == self.instance.created_by
+ or self.current_user.has_perm("contract.edit_others")
+ )
):
+ allowed_choices.append((choice_key, choice_label))
+
+ if self.instance.status == Contract.StatusTypes.APPROVED:
+ if self.current_user.has_perm("contract.approve"):
+ if choice_key == Contract.StatusTypes.WORK_IN_PROGRESS:
+ allowed_choices.append(
+ (
+ choice_key,
+ choice_label,
+ )
+ )
+ continue
+
+ if self.instance.status == Contract.StatusTypes.TO_BE_APPROVED:
if self.current_user.has_perm("contract.approve"):
if choice_key in (
Contract.StatusTypes.APPROVED,
@@ -99,7 +117,8 @@ class ContractAdminForm(forms.ModelForm):
)
if (
- clean_data.get("status", self.instance.status)
+ not self.current_user.is_superuser
+ and clean_data.get("status", self.instance.status)
in (self.instance.StatusTypes.APPROVED, self.instance.StatusTypes.REJECTED)
and self.instance.status != clean_data.get("status", self.instance.status)
and self.current_user == self.instance.created_by
--
GitLab