diff --git a/apps/member/templates/member/club_alias.html b/apps/member/templates/member/club_alias.html
index d80dfa0b62d605144f94b9ed90e534e55e5b104e..f4b33f42d20d49dc2346a68d550c0885fa5c2ab7 100644
--- a/apps/member/templates/member/club_alias.html
+++ b/apps/member/templates/member/club_alias.html
@@ -9,15 +9,18 @@ SPDX-License-Identifier: GPL-3.0-or-later
<h3 class="card-header text-center">
{% trans "Note aliases" %}
</h3>
+
<div class="card-body">
- <form class="input-group" method="POST" id="form_alias">
- {% csrf_token %}
- <input type="hidden" name="note" value="{{ object.note.pk }}">
- <input type="text" name="name" class="form-control">
- <div class="input-group-append">
- <input type="submit" class="btn btn-success" value="{% trans "Add" %}">
- </div>
- </form>
+ {% if can_create %}
+ <form class="input-group" method="POST" id="form_alias">
+ {% csrf_token %}
+ <input type="hidden" name="note" value="{{ object.note.pk }}">
+ <input type="text" name="name" class="form-control">
+ <div class="input-group-append">
+ <input type="submit" class="btn btn-success" value="{% trans "Add" %}">
+ </div>
+ </form>
+ {% endif %}
</div>
{% render_table aliases %}
</div>
diff --git a/apps/member/templates/member/profile_alias.html b/apps/member/templates/member/profile_alias.html
index d80dfa0b62d605144f94b9ed90e534e55e5b104e..789896277d4a4262f26349e36533b3e523fc2be6 100644
--- a/apps/member/templates/member/profile_alias.html
+++ b/apps/member/templates/member/profile_alias.html
@@ -10,14 +10,16 @@ SPDX-License-Identifier: GPL-3.0-or-later
{% trans "Note aliases" %}
</h3>
<div class="card-body">
- <form class="input-group" method="POST" id="form_alias">
- {% csrf_token %}
- <input type="hidden" name="note" value="{{ object.note.pk }}">
- <input type="text" name="name" class="form-control">
- <div class="input-group-append">
- <input type="submit" class="btn btn-success" value="{% trans "Add" %}">
- </div>
- </form>
+ {% if can_create %}
+ <form class="input-group" method="POST" id="form_alias">
+ {% csrf_token %}
+ <input type="hidden" name="note" value="{{ object.note.pk }}">
+ <input type="text" name="name" class="form-control">
+ <div class="input-group-append">
+ <input type="submit" class="btn btn-success" value="{% trans "Add" %}">
+ </div>
+ </form>
+ {% endif %}
</div>
{% render_table aliases %}
</div>
diff --git a/apps/member/views.py b/apps/member/views.py
index c97d15a395ac108e438f198fab0affdb7265c41f..79cbed8d0c5bd6e65d037eb38586c243d72f4416 100644
--- a/apps/member/views.py
+++ b/apps/member/views.py
@@ -218,7 +218,13 @@ class ProfileAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
note = context['object'].note
- context["aliases"] = AliasTable(note.alias_set.all())
+ context["aliases"] = AliasTable(note.alias_set.filter(PermissionBackend
+ .filter_queryset(self.request.user, Alias, "view")).all())
+ context["can_create"] = PermissionBackend.check_perm(self.request.user, "note.add_alias", Alias(
+ note=context["object"].note,
+ name="",
+ normalized_name="",
+ ))
return context
@@ -422,7 +428,13 @@ class ClubAliasView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
note = context['object'].note
- context["aliases"] = AliasTable(note.alias_set.all())
+ context["aliases"] = AliasTable(note.alias_set.filter(PermissionBackend
+ .filter_queryset(self.request.user, Alias, "view")).all())
+ context["can_create"] = PermissionBackend.check_perm(self.request.user, "note.add_alias", Alias(
+ note=context["object"].note,
+ name="",
+ normalized_name="",
+ ))
return context
diff --git a/apps/note/tables.py b/apps/note/tables.py
index 9a23cd5d717b22db9bbad1c233f847eebd4b50d1..d27915e7d5e5bfa3ff9a694140e81ddab33bfa92 100644
--- a/apps/note/tables.py
+++ b/apps/note/tables.py
@@ -97,7 +97,7 @@ class HistoryTable(tables.Table):
"""
When the validation status is hovered, an input field is displayed to let the user specify an invalidity reason
"""
- has_perm = PermissionBackend\
+ has_perm = PermissionBackend \
.check_perm(get_current_authenticated_user(), "note.change_transaction_invalidity_reason", record)
val = "✔" if value else "✖"
@@ -135,8 +135,16 @@ class AliasTable(tables.Table):
delete_col = tables.TemplateColumn(template_code=DELETE_TEMPLATE,
extra_context={"delete_trans": _('delete')},
- attrs={'td': {'class': 'col-sm-1'}},
- verbose_name=_("Delete"),)
+ attrs=
+ {'td':
+ {'class':
+ lambda record: 'col-sm-1'
+ + (' d-none' if not PermissionBackend
+ .check_perm(get_current_authenticated_user(),
+ "note.delete_alias", record) else '')
+ }
+ },
+ verbose_name=_("Delete"), )
class ButtonTable(tables.Table):
@@ -170,7 +178,7 @@ class ButtonTable(tables.Table):
delete_col = tables.TemplateColumn(template_code=DELETE_TEMPLATE,
extra_context={"delete_trans": _('delete')},
attrs={'td': {'class': 'col-sm-1'}},
- verbose_name=_("Delete"),)
+ verbose_name=_("Delete"), )
def render_amount(self, value):
return pretty_money(value)