def get_ajax_form(request, work_item_id): work_item = WIPItem.objects.get(id=work_item_id) # Some security.. if the user isn't allowed to read the WIP report this belongs to # redirect them. Otherwise give them back the appropriate form f = WIPItemUserForm(instance=work_item) # Give them the editor form unless we find they are an editor allow_access = False for group in request.user.groups.all(): if group in work_item.heading.all()[0].report.all()[0].read_acl.all(): allow_access = True if group in work_item.heading.all()[0].report.all()[0].write_acl.all(): f = WIPItemEditorForm(instance=work_item, wip_report=work_item.heading.all()[0].report.all()[0]) if allow_access: return HttpResponse(f.as_table()) else: return HttpResponse(work_item_id.heading.all()[0].report.all()[0].get_absolute_url())