diff --git a/src/staff/tables.py b/src/staff/tables.py index 55933332..b64a29d1 100644 --- a/src/staff/tables.py +++ b/src/staff/tables.py @@ -423,10 +423,10 @@ class Meta: class NewUnseenOrderTable(StaffIDMixinTable): seen = tables.TemplateColumn( + verbose_name="", orderable=False, - verbose_name="Seen", - template_name="staff/components/seen_column.html", empty_values=(), + template_name="staff/components/seen_column.html", ) description = tables.Column( diff --git a/src/staff/templates/staff/analysisorder_detail.html b/src/staff/templates/staff/analysisorder_detail.html index fc2ae045..a31480dd 100644 --- a/src/staff/templates/staff/analysisorder_detail.html +++ b/src/staff/templates/staff/analysisorder_detail.html @@ -1,5 +1,6 @@ {% extends "staff/base.html" %} {% load i18n %} +{% load order_tags %} {% block content %} @@ -18,7 +19,7 @@

Order {{ object }}

- {% if not object.is_seen %} + {% if object.genrequest.responsible_staff.all|is_responsible:request.user and not object.is_seen %}
{% csrf_token %} diff --git a/src/staff/templates/staff/components/seen_column.html b/src/staff/templates/staff/components/seen_column.html index 4e318c3c..8d0329b3 100644 --- a/src/staff/templates/staff/components/seen_column.html +++ b/src/staff/templates/staff/components/seen_column.html @@ -1,5 +1,11 @@ +{% load order_tags %} + +{% if record.genrequest.responsible_staff.all|is_responsible:request.user %} {% csrf_token %} - +
+{% endif %} diff --git a/src/staff/templates/staff/extractionorder_detail.html b/src/staff/templates/staff/extractionorder_detail.html index 40da9dbd..f48e3e2b 100644 --- a/src/staff/templates/staff/extractionorder_detail.html +++ b/src/staff/templates/staff/extractionorder_detail.html @@ -1,5 +1,6 @@ {% extends "staff/base.html" %} {% load i18n %} +{% load order_tags %} {% block content %} @@ -38,7 +39,7 @@

Order {{ object }}

- {% if not object.is_seen %} + {% if object.genrequest.responsible_staff.all|is_responsible:request.user and not object.is_seen %}
{% csrf_token %} diff --git a/src/staff/templatetags/order_tags.py b/src/staff/templatetags/order_tags.py index b9c6046f..57d34388 100644 --- a/src/staff/templatetags/order_tags.py +++ b/src/staff/templatetags/order_tags.py @@ -1,6 +1,7 @@ from django import template from django.db import models +from capps.users.models import User from genlab_bestilling.models import Area, Order from ..tables import ( @@ -14,6 +15,11 @@ register = template.Library() +@register.filter +def is_responsible(staff_queryset: models.QuerySet, user: User) -> bool: + return staff_queryset.filter(id=user.id).exists() + + @register.inclusion_tag("staff/components/order_table.html", takes_context=True) def urgent_orders_table(context: dict, area: Area | None = None) -> dict: urgent_orders = ( diff --git a/src/staff/views.py b/src/staff/views.py index 5f44b6d3..4b270d0d 100644 --- a/src/staff/views.py +++ b/src/staff/views.py @@ -190,6 +190,17 @@ def get_object(self) -> Order: def post(self, request: HttpRequest, *args, **kwargs) -> HttpResponse: try: order = self.get_object() + + if not order.genrequest.responsible_staff.filter( + id=request.user.id + ).exists(): + messages.error( + request, _("You are not authorized to mark this order as seen.") + ) + return HttpResponseRedirect( + self.get_return_url(request.POST.get("return_to")) + ) + order.toggle_seen() messages.success(request, _("Order is marked as seen")) except Exception as e: