def update_work_item(request, wip_report, work_item_id):
wip_report = WIPReport.objects.get(name=wip_report)
work_item = get_object_or_404(WIPItem, id=work_item_id)
# Some security
allow_access = False
for group in request.user.groups.all():
if group in wip_report.read_acl.all():
allow_access = True
form = WIPItemUserForm(request.POST, instance=work_item)
if group in wip_report.write_acl.all():
allow_access = True
form = WIPItemEditorForm(wip_report, request.POST, instance=work_item)
if allow_access:
if form.is_valid():
t = form.save(commit=False)
if request.POST['update'] != '':
if request.user.get_full_name() == '':
update_name = request.user.username
else:
update_name = request.user.get_full_name()
t.history = '''\n\n------Updated by %s on %s------\n\n%s\n\n%s''' % ( update_name, time.strftime("%Y-%m-%d %H:%M"), form.cleaned_data.get('update'), work_item.history )
t.save()
_add_wip_to_archive(work_item.heading.all()[0].report.all()[0])
return HttpResponse( return_json_success() )
else:
return HttpResponse( handle_form_errors(form.errors))
def get_ajax_form(request, work_item_id):
work_item = WIPItem.objects.get(id=work_item_id)
# Some security.. if the user isn't allowed to read the WIP report this belongs to
# redirect them. Otherwise give them back the appropriate form
f = WIPItemUserForm(instance=work_item) # Give them the editor form unless we find they are an editor
allow_access = False
for group in request.user.groups.all():
if group in work_item.heading.all()[0].report.all()[0].read_acl.all():
allow_access = True
if group in work_item.heading.all()[0].report.all()[0].write_acl.all():
f = WIPItemEditorForm(instance=work_item, wip_report=work_item.heading.all()[0].report.all()[0])
if allow_access:
return HttpResponse(f.as_table())
else:
return HttpResponse(work_item_id.heading.all()[0].report.all()[0].get_absolute_url())
