def update_comment(self, task_id, comment_id): """ Update a specific comment. """ project_obj = Pool().get('project.work') nereid_user_obj = Pool().get('nereid.user') # allow modification only if the user is an admin or the author of # this ticket task = project_obj.browse(task_id) comment = self.browse(comment_id) assert task.type == "task" assert comment.project.id == task.id # Allow only admins and author of this comment to edit it if nereid_user_obj.is_project_admin(request.nereid_user) or \ comment.updated_by == request.nereid_user: self.write(comment_id, {'comment': request.form['comment']}) else: abort(403) if request.is_xhr: comment_record = self.browse(comment_id) html = render_template('comment.jinja', comment=comment_record) return jsonify({ 'success': True, 'html': html, 'state': project_obj.browse(task.id).state, }) return redirect(request.referrer)
def can_write(self, project, user): """ Returns true if the given user can write to the project :param project: The browse record of the project :param user: The browse record of the current nereid user """ nereid_user_obj = Pool().get('nereid.user') if nereid_user_obj.is_project_admin(user): return True if not user in project.participants: raise abort(404) return True
def home(self): """ Put recent projects into the home """ user_obj = Pool().get('nereid.user') project_obj = Pool().get('project.work') # TODO: Limit to the last 5 projects if user_obj.is_project_admin(request.nereid_user): project_ids = project_obj.search([ ('type', '=', 'project'), ('parent', '=', False), ]) else: project_ids = project_obj.search([ ('participants', '=', request.nereid_user.id), ('type', '=', 'project'), ('parent', '=', False), ]) projects = project_obj.browse(project_ids) return render_template('home.jinja', projects=projects)