From ff1aa89f35c4a069b4fc74b8dcab4af669076bda Mon Sep 17 00:00:00 2001 From: zhengxie Date: Thu, 18 Oct 2012 13:55:24 +0800 Subject: [PATCH] Added role control when removing group msg --- group/templates/group/group_info.html | 10 ++++++++++ group/views.py | 12 +++++++++--- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/group/templates/group/group_info.html b/group/templates/group/group_info.html index 27397ee0bb..d392f132d2 100644 --- a/group/templates/group/group_info.html +++ b/group/templates/group/group_info.html @@ -149,7 +149,9 @@

+ {% if is_staff or msg.from_email == request.user.username %} + {% endif %}
@@ -203,6 +205,14 @@ $('.download').click(function() { {% include 'snippets/repo_create_js.html' %} {% endwith %} +$('.msg-delete').hover( + function() { + $(this).css('color', '#f93'); + }, + function() { + $(this).css('color', '#080'); + } +); addConfirmTo($('.msg-delete')); diff --git a/group/views.py b/group/views.py index 6a98545e68..1e2ca21f2b 100644 --- a/group/views.py +++ b/group/views.py @@ -374,10 +374,16 @@ def group_message_remove(request, group_id, msg_id): try: gm = GroupMessage.objects.get(id=msg_id) except GroupMessage.DoesNotExist: - messages.success(request, u'删除失败') + messages.error(request, u'删除失败') else: - gm.delete() - messages.success(request, u'删除成功') + # Test whether user is group admin or message owner. + if check_group_staff(group_id, request.user) or \ + gm.from_email == request.user.username: + gm.delete() + messages.success(request, u'删除成功') + else: + messages.error(request, u'删除失败:权限不足') + return HttpResponseRedirect(reverse('group_info', args=[group_id])) @login_required