Added conditions on admin actions for sessions in sessions listing view

Author: chris-adam

src/imio/esign/browser/table.py

@@ -7,6 +7,7 @@
 from Products.CMFPlone.utils import safe_unicode
 from z3c.table.column import Column
 from z3c.table.table import Table
+from zope.component import getMultiAdapter
 from zope.i18n import translate
 
 
@@ -139,15 +140,17 @@ def renderCell(self, item):
         sessions_url = self.table.view.get_sessions_url()
         #if not sessions_url.endswith("/"):
         #    sessions_url += "/"
-        admin_buttons = u"""
-        <img title="{delete}" onclick="javascript:confirmDeleteObject(base_url='{sessions_url}', object_uid=null, this,
-        msgName=null, view_name='@@esign-session-delete?esign_session_id={session_id}', redirect=null);" style="cursor:pointer" src="delete_icon.png">
-        """.format(
-            delete=translate(_("Delete session"), context=self.request),
-            sessions_url=sessions_url,
-            session_id=session_id,
-        )
-        if item.get("state") == "draft":
+        admin_buttons = u""
+        if getMultiAdapter((self.context, self.request), name="esign-session-delete").may_delete_session():
+            admin_buttons = u"""
+            <img title="{delete}" onclick="javascript:confirmDeleteObject(base_url='{sessions_url}', object_uid=null, this,
+            msgName=null, view_name='@@esign-session-delete?esign_session_id={session_id}', redirect=null);" style="cursor:pointer" src="delete_icon.png">
+            """.format(
+                delete=translate(_("Delete session"), context=self.request),
+                sessions_url=sessions_url,
+                session_id=session_id,
+            )
+        if item.get("state") == "draft" and getMultiAdapter((self.context, self.request), name="external-esign-session-create").may_create_external_sessions():
             admin_buttons += u"""
             <img title="{send}" onclick="javascript:callViewAndReload('{sessions_url}',
             '@@external-esign-session-create', {{'session_id': '{session_id}'}});"

src/imio/esign/browser/views.py

@@ -4,6 +4,7 @@
 from imio.esign import _
 from imio.esign import ESIGN_CREDENTIALS
 from imio.esign import ESIGN_ROOT_URL
+from imio.esign import manage_session_perm
 from imio.esign.browser.table import external_session_link
 from imio.esign.browser.table import SessionsTable
 from imio.esign.config import get_registry_enabled
@@ -113,6 +114,10 @@ def __call__(self):
 
         return self.request.RESPONSE.redirect(self.context.absolute_url() + "/@@parapheo")
 
+    def may_delete_session(self):
+        """Check if the user may delete sessions"""
+        return api.user.has_permission(manage_session_perm, obj=self.context)
+
 
 class ExternalSessionCreateView(BrowserView):
     """View to create a session in Luxtrust."""
@@ -151,6 +156,10 @@ def __call__(self, session_id=None):
             )
         return self.context.absolute_url() + "/@@parapheo"
 
+    def may_create_external_sessions(self):
+        """Check if the user may create external sessions"""
+        return api.user.has_permission(manage_session_perm, obj=self.context)
+
 
 class FacetedSessionInfoViewlet(ViewletBase):
     """Show selected session info inside faceted results."""