Disable non admin user to edit institution sisp field

(institution_fields) Signed-off-by: Arthur Del Esposte <arthurmde@gmail.com> Signed-off-by: Fabio Teixeira <fabio1079@gmail.com>

Disable non admin user to edit institution sisp field
(institution_fields) Signed-off-by: Arthur Del Esposte <arthurmde@gmail.com> Signed-off-by: Fabio Teixeira <fabio1079@gmail.com>
Arthur Esposte
1 parent 05dce99b
Showing 2 changed files with 36 additions and 16 deletions Show diff stats
lib/mpog_software_plugin.rb
views/institution_editor_extras.html.erb
@@ -16,11 +16,6 @@ class MpogSoftwarePlugin &lt; Noosfero::Plugin
     _("Add Public Software and MPOG features.")
   end
-  def show_sisp_field current_user
-    @show_sisp_field = current_user.login == "adminuser"
-    @show_sisp_field
-  end
-
   def signup_extra_contents
     institutions = Institution.all
@@ -65,13 +60,13 @@ class MpogSoftwarePlugin &lt; Noosfero::Plugin
     end
   end
-  def profile_editor_extras show_sisp_field=true
-    @show_sisp_field = show_sisp_field
+  def profile_editor_extras
     if context.profile.person?
       expanded_template('person_editor_extras.html.erb')
     elsif context.profile.respond_to? :software_info and !context.profile.software_info.nil?
       expanded_template('software_editor_extras.html.erb')
     elsif context.profile.respond_to? :institution and !context.profile.institution.nil?
+      @show_sisp_field = show_sisp_field
       expanded_template('institution_editor_extras.html.erb')
     end
   end
@@ -115,6 +110,26 @@ class MpogSoftwarePlugin &lt; Noosfero::Plugin
     end
   end
+  def profile_editor_controller_filters
+    block = proc do
+      if request.post? && params[:institution]
+        is_admin = environment.admins.include?(current_user.person)
+
+        unless is_admin
+          institution = profile.institution
+          params[:institution][:sisp] = institution.sisp if params[:institution][:sisp] != institution.sisp
+        end
+      end
+    end
+
+    [{
+      :type => "before_filter",
+      :method_name => "validate_institution_sisp_field_access",
+      :options => { :only=>:edit },
+      :block => block
+    }]
+  end
+
   def profile_tabs
     if context.profile.person?
       { :title => _("Mpog"),
@@ -387,4 +402,9 @@ class MpogSoftwarePlugin &lt; Noosfero::Plugin
       user.institutions << community.institution
     end
   end
+
+  def show_sisp_field
+    current_person = User.find(context.session[:user]).person
+    context.environment.admins.include?(current_person)
+  end
 end
@@ -36,13 +36,13 @@
   </div>
 </span>
-<% if @show_sisp_field  %>
-  <span class= 'public-institutions-fields'>
-  <div class="formfieldline">
-    <%= _("SISP?") %>
-    <%= labelled_radio_button(_('Yes'), 'institution[sisp]', 'true', context.profile.institution.sisp)%>
-    <%= labelled_radio_button(_('No'), 'institution[sisp]', 'false', !context.profile.institution.sisp)%>
-  </div>
-</span>
-<% end %>
+  <% if @show_sisp_field  %>
+    <span class= 'public-institutions-fields'>
+      <div class="formfieldline">
+        <%= _("SISP?") %>
+        <%= labelled_radio_button(_('Yes'), 'institution[sisp]', 'true', context.profile.institution.sisp)%>
+        <%= labelled_radio_button(_('No'), 'institution[sisp]', 'false', !context.profile.institution.sisp)%>
+      </div>
+    </span>
+  <% end %>
 <% end %>