From aa42f5671c2dc54c64607dcf94b27c6c42be5d56 Mon Sep 17 00:00:00 2001
From: Patrick Smith <patrick+dds@promptworks.com>
Date: Sun, 30 Sep 2018 22:19:26 -0400
Subject: [PATCH] Don't show workspace nav items the user doesn't have access
 to

---
 .../navigation/workspace_navigation.html      | 40 ++++++++++---------
 1 file changed, 22 insertions(+), 18 deletions(-)

diff --git a/templates/navigation/workspace_navigation.html b/templates/navigation/workspace_navigation.html
index 83c515c9..dd63a6a3 100644
--- a/templates/navigation/workspace_navigation.html
+++ b/templates/navigation/workspace_navigation.html
@@ -16,25 +16,29 @@
       ]
     ) }}
 
-    {{ SidenavItem(
-      "Members",
-      href=url_for("workspaces.workspace_members", workspace_id=workspace.id),
-      active=request.url_rule.rule.startswith('/workspaces/<workspace_id>/members'),
-      subnav=None if not user_can(permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE) else [
-        {
-          "label": "Add New Member",
-          "href": url_for("workspaces.new_member", workspace_id=workspace.id),
-          "active": request.url_rule.rule.startswith('/workspaces/<workspace_id>/members/new'),
-          "icon": "plus"
-        }
-      ]
-    ) }}
+    {% if user_can(permissions.VIEW_WORKSPACE_MEMBERS) %}
+      {{ SidenavItem(
+        "Members",
+        href=url_for("workspaces.workspace_members", workspace_id=workspace.id),
+        active=request.url_rule.rule.startswith('/workspaces/<workspace_id>/members'),
+        subnav=None if not user_can(permissions.ASSIGN_AND_UNASSIGN_ATAT_ROLE) else [
+          {
+            "label": "Add New Member",
+            "href": url_for("workspaces.new_member", workspace_id=workspace.id),
+            "active": request.url_rule.rule.startswith('/workspaces/<workspace_id>/members/new'),
+            "icon": "plus"
+          }
+        ]
+      ) }}
+    {% endif %}
 
-    {{ SidenavItem(
-      "Budget Report",
-      href=url_for("workspaces.workspace_reports", workspace_id=workspace.id),
-      active=request.url_rule.rule.startswith('/workspaces/<workspace_id>/reports')
-    ) }}
+    {% if user_can(permissions.VIEW_USAGE_DOLLARS) %}
+      {{ SidenavItem(
+        "Budget Report",
+        href=url_for("workspaces.workspace_reports", workspace_id=workspace.id),
+        active=request.url_rule.rule.startswith('/workspaces/<workspace_id>/reports')
+      ) }}
+    {% endif %}
 
     {% if user_can(permissions.EDIT_WORKSPACE_INFORMATION) %}
       {{ SidenavItem(