Add in some permission checks in portfolio nav header

2019-02-06 21:45:08 -05:00 · 2019-02-06 21:45:08 -05:00 · 7904569a0d
commit 7904569a0d
parent aa8cc45fd5
1 changed files with 16 additions and 12 deletions
--- a/templates/portfolios/header.html
+++ b/templates/portfolios/header.html
@ -25,23 +25,27 @@
    </div>
  </div>
  <div class='row links'>
-    {{ Link(
-      icon='chart',
-      text='Reports',
-      url=url_for("portfolios.portfolio_reports", portfolio_id=portfolio.id),
-      active=request.url_rule.endpoint == "portfolios.portfolio_reports",
-    ) }}
+    {% if user_can(permissions.VIEW_USAGE_DOLLARS) %}
+      {{ Link(
+        icon='chart',
+        text='Reports',
+        url=url_for("portfolios.portfolio_reports", portfolio_id=portfolio.id),
+        active=request.url_rule.endpoint == "portfolios.portfolio_reports",
+      ) }}
+    {% endif %}
    {{ Link(
      icon='dollar-sign',
      text='Funding',
      url=url_for("portfolios.portfolio_funding", portfolio_id=portfolio.id),
      active=request.url_rule.endpoint == "portfolios.portfolio_funding",
    ) }}
-    {{ Link(
-      icon='time',
-      text='Admin',
-      url=url_for("portfolios.portfolio", portfolio_id=portfolio.id),
-      active=request.url_rule.endpoint == "portfolios.portfolio",
-    ) }}
+    {% if user_can(permissions.EDIT_PORTFOLIO_INFORMATION) %}
+      {{ Link(
+        icon='time',
+        text='Admin',
+        url=url_for("portfolios.portfolio", portfolio_id=portfolio.id),
+        active=request.url_rule.endpoint == "portfolios.portfolio",
+      ) }}
+    {% endif %}
  </div>
 </div>