Merge pull request #631 from bradsk88/master

fix(): Disable "Log in as this user" when gym doesn't match
wger-project · Mar 13, 2021 · cea9167 · cea9167
2 parents 4b79269 + 9ee8cb4
commit cea9167
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 1 deletion.
diff --git a/wger/core/templates/user/overview.html b/wger/core/templates/user/overview.html
@@ -469,6 +469,26 @@ <h4>{% trans "Configuration" %}</h4>
 {#         #}
 {% block options %}
 {% if perms.gym.gym_trainer %}
-    <a href="{% url 'core:user:trainer-login' current_user.pk %}" class="btn btn-success btn-sm">{% trans "Log in as this user" %}</a>
+
+    <style>
+        .btn.btn-sm.btn-secondary {
+            background: #EEE;
+            color: #AAA;
+            cursor: not-allowed;
+        }
+    </style>
+
+    <a
+       {% if enable_login_button %}
+        href="{% url 'core:user:trainer-login' current_user.pk %}"
+        class="btn btn-sm btn-success"
+       {% else %}
+        href="#"
+        title="{% trans 'Admin login is only available for users in' %} &ldquo;{{gym_name}}&rdquo;"
+        class="btn btn-sm btn-secondary"
+       {% endif %}
+    >
+       {% trans "Log in as this user" %}
+    </a>
 {% endif %}
 {% endblock %}
diff --git a/wger/core/views/user.py b/wger/core/views/user.py
@@ -520,6 +520,12 @@ def get_context_data(self, **kwargs):
         context['session'] = WorkoutSession.objects.filter(user=self.object).order_by('-date')[:10]
         context['admin_notes'] = AdminUserNote.objects.filter(member=self.object)[:5]
         context['contracts'] = Contract.objects.filter(member=self.object)[:5]
+
+        page_user = self.object  # type: User
+        request_user = self.request.user  # type: User
+        same_gym_id = request_user.userprofile.gym_id == page_user.userprofile.gym_id
+        context['enable_login_button'] = request_user.has_perm('gym.gym_trainer') and same_gym_id
+        context['gym_name'] = request_user.userprofile.gym.name
         return context