# HG changeset patch # User Lennard de Rijk # Date 1249468730 -7200 # Node ID 4d143278f9a0885691635baa1bc4efc6d13858cc # Parent d1cfed8da0278e8056d6f994988ee1ae9d58c2d5 The Survey Results view now only list Records of interest to the current user. Also added a hook that can be overwritten by subclasses to adjust the filter. THis will be useful when wanting to filter on ProjectSurveyRecords for a specific org. diff -r d1cfed8da027 -r 4d143278f9a0 app/soc/views/models/survey.py --- a/app/soc/views/models/survey.py Tue Aug 04 21:46:03 2009 +0200 +++ b/app/soc/views/models/survey.py Wed Aug 05 12:38:50 2009 +0200 @@ -672,13 +672,12 @@ @decorators.check_access def viewResults(self, request, access_type, page_name=None, params=None, **kwargs): - """View that will list the survey records. + """View that lists all SurveyRecords which are of interest to the user. For params see base.View.public(). """ - # TODO If read access then show all records, else show only mine + - # hook for subclasses. On both possibilities. + # TODO: this view could also contain statistics for the Survey survey_logic = params['logic'] record_logic = survey_logic.getRecordLogic() @@ -695,26 +694,68 @@ context['page_name'] = "%s titled '%s'" % (page_name, entity.title) context['entity'] = entity - # only show truncated preview of first answer + # add the first question to the context show a preview can be shown context['first_question'] = entity.survey_content.orderedProperties()[0] - filter = {'survey': entity} + # get the rights checker + user_entity = user_logic.getForCurrentAccount() + rights = self._params['rights'] + rights.setCurrentUser(user_entity.account, user_entity) + + # check if the current user is allowed to visit the read the survey + allowed_to_read = False + + try: + rights.checkIsSurveyReadable( + {'key_name': survey_entity.key().name(), + 'prefix': survey_entity.prefix, + 'scope_path': survey_entity.scope_path, + 'link_id': survey_entity.link_id, + 'user': user_entity}, + survey_logic) + allowed_to_read = True + except: + pass + + # only show records for the retrieved survey + fields = {'survey': entity} + + if not allowed_to_read: + # this user is not allowed to view all the Records so only show their own + fields['user'] = user_entity + + # call the hook for adjusting the SurveyRecord filter + fields = self._getResultsViewRecordFields(fields, entity, allowed_to_read) list_params = params.copy() list_params['logic'] = record_logic list_params['list_heading'] = 'soc/survey/list/records_heading.html' list_params['list_row'] = 'soc/survey/list/records_row.html' list_params['list_description'] = \ - 'List of %(name_plural)s.' % list_params + "List of Records for the %s titled '%s'." %(list_params['name'], + entity.title) list_params['list_action'] = (redirects.getViewSurveyRecordRedirect, list_params) - record_list = lists.getListContent(request, list_params, filter, idx=0) + record_list = lists.getListContent(request, list_params, fields, idx=0) contents = [record_list] return self._list(request, list_params, contents, page_name, context) + def _getResultsViewRecordFields(self, fields, survey, allowed_to_read): + """Hook for adjusting the Results View filter for SurveyRecords. + + Args: + fields: filter dictionary to adjust + survey: Survey instance for which the Records need to be shown + allowed_to_read: specifies if the current User has read access + + Returns: + Returns the dictionary containing the fields to filter on + """ + return fields + @decorators.merge_params @decorators.check_access def viewRecord(self, request, access_type, page_name=None,