def get_ajax_form(request, work_item_id):
work_item = WIPItem.objects.get(id=work_item_id)
# Some security.. if the user isn't allowed to read the WIP report this belongs to
# redirect them. Otherwise give them back the appropriate form
f = WIPItemUserForm(instance=work_item) # Give them the editor form unless we find they are an editor
allow_access = False
for group in request.user.groups.all():
if group in work_item.heading.all()[0].report.all()[0].read_acl.all():
allow_access = True
if group in work_item.heading.all()[0].report.all()[0].write_acl.all():
f = WIPItemEditorForm(instance=work_item, wip_report=work_item.heading.all()[0].report.all()[0])
if allow_access:
return HttpResponse(f.as_table())
else:
return HttpResponse(work_item_id.heading.all()[0].report.all()[0].get_absolute_url())
