# HG changeset patch
# User Sylvain Thénault <sylvain.thenault@logilab.fr>
# Date 1266243368 -3600
# Node ID 19d73051eb575ef9eac39a8cba82965e8c57eea6
# Parent  060c91ced72ff297c0e9ad3b7e23df6f7b66508a
[autoform] we should consider role when checking delete permission

diff -r 060c91ced72f -r 19d73051eb57 web/views/autoform.py
--- a/web/views/autoform.py	Mon Feb 15 15:14:50 2010 +0100
+++ b/web/views/autoform.py	Mon Feb 15 15:16:08 2010 +0100
@@ -384,7 +384,11 @@
             related = []
             if entity.has_eid():
                 rset = entity.related(rschema, role, limit=form.related_limit)
-                if rschema.has_perm(form._cw, 'delete'):
+                if role == 'subject':
+                    haspermkwargs = {'fromeid': entity.eid}
+                else:
+                    haspermkwargs = {'toeid': entity.eid}
+                if rschema.has_perm(form._cw, 'delete', **haspermkwargs):
                     toggleable_rel_link_func = toggleable_relation_link
                 else:
                     toggleable_rel_link_func = lambda x, y, z: u''