From 2b1f593b17e2257dc59d3efd649000b1e749c92c Mon Sep 17 00:00:00 2001
From: Alexander Sulfrian <alex@spline.inf.fu-berlin.de>
Date: Wed, 19 Nov 2014 02:04:59 +0100
Subject: templates/group: hide group deletion for non group admins

---
 templates/group.html | 36 +++++++++++++++++++-----------------
 views.py             | 19 ++++++++++++-------
 2 files changed, 31 insertions(+), 24 deletions(-)

diff --git a/templates/group.html b/templates/group.html
index 5691e1b..d364b10 100644
--- a/templates/group.html
+++ b/templates/group.html
@@ -30,24 +30,26 @@
   </ul>
 </div>
 
-<div class="panel panel-default">
-  <div class="panel-heading">
-    <h3 class="panel-title">
-      <a data-toggle="collapse" href="#collapseOperations">
-        Operations
-      </a>
-    </h3>
-  </div>
+{% if admin %}
+  <div class="panel panel-default">
+    <div class="panel-heading">
+      <h3 class="panel-title">
+        <a data-toggle="collapse" href="#collapseOperations">
+          Operations
+        </a>
+      </h3>
+    </div>
 
-  <div id="collapseOperations" class="panel-collapse collapse in">
-    <div class="panel-body">
-      <p class="col-lg-offset-2 col-lg-8">
-        <a href="{{ url_for('group_delete', group_name=group.name) }}" class="btn btn-block btn-danger">Delete this group</a>
-      </p>
+    <div id="collapseOperations" class="panel-collapse collapse in">
+      <div class="panel-body">
+        <p class="col-lg-offset-2 col-lg-8">
+          <a href="{{ url_for('group_delete', group_name=group.name) }}" class="btn btn-block btn-danger">Delete this group</a>
+        </p>
+      </div>
     </div>
   </div>
-</div>
-<script type="text/javascript">
-  $('#collapseOperations').collapse('hide');
-</script>
+  <script type="text/javascript">
+    $('#collapseOperations').collapse('hide');
+  </script>
+{% endif %}
 {% endblock %}
diff --git a/views.py b/views.py
index 30bab96..3b3d2d0 100644
--- a/views.py
+++ b/views.py
@@ -25,13 +25,6 @@ def index():
     groups = [member.group for member in g.user.groups]
     return {'groups': groups, 'create_form': form}
 
-@app.route('/<group_name>/', methods=['GET', 'POST'])
-@templated('group.html')
-@auth.login_required
-def group(group_name):
-    group = get_group_or_404(Group.name == group_name)
-    return {'group': group, 'members': group.members}
-
 
 @app.route('/<group_name>/_delete/', methods=['GET', 'POST'])
 @templated('group_delete.html')
@@ -64,3 +57,15 @@ def group_change(group_name):
             'change_form': form,
             'breadcrumbs': [{'href': url_for('group', group_name=group.name), 'text': group},
                             {'text': 'Edit group'}]}
+
+
+@app.route('/<group_name>/')
+@templated('group.html')
+@auth.login_required
+def group(group_name):
+    group = get_group_or_404(Group.name == group_name)
+    member = get_object_or_404(Member, Member.user == g.user, Member.group == group)
+    return {'group': group,
+            'admin': member.admin,
+            'members': [m for m in group.members.execute()],
+            'breadcrumbs': [{'text': group}]}
-- 
cgit v1.2.3-1-g7c22