#100 Delete applications by admin/superuser only: part2

openslides/application/models.py

@@ -313,6 +313,13 @@ class Application(models.Model, SlideMixin):
         Return a list of all the allowed status.
         """
         actions = []
+        is_admin = False
+        if user:
+            try:
+                user.profile
+                is_admin = True
+            except Profile.DoesNotExist:
+                pass
 
         # check if user allowed to withdraw an application
         if  ((self.status == "pub"
@@ -350,11 +357,13 @@ class Application(models.Model, SlideMixin):
         or user.has_perm("application.can_manage_application"):
             actions.append("edit")
 
-        #Check if the user can delete the application
-        if  self.number is None \
-        and self.status == "pub" \
-        and (self.submitter == user \
-          or user.has_perm("application.can_manage_application")):
+        # Check if the user can delete the application (admin, manager, owner)
+        # reworked as requiered in #100
+        if is_admin \
+        or (user.has_perm("application.can_manage_application") \
+            and (self.status == "pub" or self.number is None))  \
+        or (self.submitter == user \
+            and (self.status == "pub" or self.number is None)):
             actions.append("delete")
 
         #For the rest, all actions need the manage permission

openslides/application/templates/application/overview.html

@@ -42,7 +42,8 @@
             <th><a href="?sort=time{% if 'time' in request.GET.sort and 'reverse' not in request.GET %}&reverse{%endif%}">{%trans "Creation Time" %}<a></th>
             <th style="width: 1px;">{% trans "Actions" %}</th>
         </tr>
-    {% for application in applications %}
+    {% for app_info in applications %}
+    {% with application=app_info.application useractions=app_info.actions %}
         <tr class="{% cycle '' 'odd' %} 
             {% if application.active %}activeline{% endif %}">
             <td>{% if application.number %}{{ application.number }}{% else %}-{% endif %}</td>
@@ -69,12 +70,15 @@
                 {% endif %}
                 {% if perms.application.can_manage_application %}
                     <a href="{% url application_edit application.id %}"><img src="{% static 'images/icons/edit.png' %}" title="{% trans 'Edit application' %}"></a>
+                    {% if "delete" in useractions %}
                     <a href="{% url application_delete application.id %}"><img src="{% static 'images/icons/delete.png' %}" title="{% trans 'Delete application' %}"></a>
+                    {% endif %}
                 {% endif %}
                 <a href="{% url print_application application.id  %}" title="{%trans 'Application as PDF' %}"><img src="{% static 'pdf.png' %}"></a>
                 </span>
             </td>
         </tr>
+    {% endwith %}
     {% empty %}
         <tr>
         <td colspan="7"><i>{%trans "No applications available." %}</i></td>

openslides/application/views.py

@@ -113,6 +113,24 @@ def overview(request):
     else:
         applications = query
 
+    if type(applications) is not list:
+        applications = list(query.all())
+
+    # not the most efficient way to do this but 'get_allowed_actions'
+    # is not callable from within djangos templates..
+    for (i, application) in enumerate(applications):
+        try:
+            applications[i] = { 
+                'actions'     : application.get_allowed_actions(request.user),
+                'application' : application
+            }
+        except:
+            # todo: except what?
+            applications[i] = { 
+                'actions'     : [],
+                'application' : application
+            }
+
     return {
         'applications': applications,
         'min_supporters': int(config['application_min_supporters']),