diff --git a/cadasta/organization/forms.py b/cadasta/organization/forms.py index 811c012b2..a1b503515 100644 --- a/cadasta/organization/forms.py +++ b/cadasta/organization/forms.py @@ -10,7 +10,7 @@ from django.forms.utils import ErrorDict from leaflet.forms.widgets import LeafletWidget -from tutelary.models import Role +from tutelary.models import Role, check_perms from buckets.widgets import S3FileUploadWidget from accounts.models import User @@ -226,12 +226,28 @@ class ProjectAddDetails(forms.Form): accepted_types=QUESTIONNAIRE_TYPES)) contacts = ContactsField(form=ContactsForm, required=False) + def check_admin(self, user): + if not hasattr(self, 'su_role'): + self.su_role = Role.objects.get(name='superuser') + + is_superuser = any([isinstance(pol, Role) and pol == self.su_role + for pol in user.assigned_policies()]) + return is_superuser + def __init__(self, *args, **kwargs): + self.user = kwargs.pop('user', None) super().__init__(*args, **kwargs) - self.fields['organization'].choices = [ - (o.slug, o.name) for o in Organization.objects.order_by('name') - ] + if self.check_admin(self.user): + self.fields['organization'].choices = [ + (o.slug, o.name) for o in Organization.objects.order_by('name') + ] + else: + qs = self.user.organizations.all() + self.fields['organization'].choices = [ + (o.slug, o.name) for o in qs.order_by('name') + if check_perms(self.user, ('project.create',), (o,)) + ] def clean_name(self): name = self.cleaned_data['name'] diff --git a/cadasta/organization/views/default.py b/cadasta/organization/views/default.py index 0e477b711..8dde15cdf 100644 --- a/cadasta/organization/views/default.py +++ b/cadasta/organization/views/default.py @@ -414,7 +414,11 @@ def process_step(self, form): return result def get_form_kwargs(self, step=None): - if step == 'permissions': + if step == 'details': + return { + 'user': self.request.user + } + elif step == 'permissions': return { 'organization': self.get_cleaned_data_for_step( 'details').get('organization')