this is not the form renderer responsability to check for update permissions. Move this to autoform editable_attributes relation
--- a/web/views/autoform.py Thu Feb 18 10:54:50 2010 +0100
+++ b/web/views/autoform.py Thu Feb 18 10:55:41 2010 +0100
@@ -655,6 +655,8 @@
"""return a list of (relation schema, role) to edit for the entity"""
if self.display_fields is not None:
return self.display_fields
+ if self.edited_entity.has_eid() and not self.edited_entity.has_perm('update'):
+ return []
# XXX we should simply put eid in the generated section, no?
return [(rtype, role) for rtype, _, role in self._relations_by_section(
'attributes', 'update', strict) if rtype != 'eid']
--- a/web/views/formrenderers.py Thu Feb 18 10:54:50 2010 +0100
+++ b/web/views/formrenderers.py Thu Feb 18 10:55:41 2010 +0100
@@ -380,10 +380,6 @@
attrs_fs_label += '<div class="formBody">'
return attrs_fs_label + super(EntityFormRenderer, self).open_form(form, values)
- def _render_fields(self, fields, w, form):
- if not form.edited_entity.has_eid() or form.edited_entity.has_perm('update'):
- super(EntityFormRenderer, self)._render_fields(fields, w, form)
-
def render_buttons(self, w, form):
if len(form.form_buttons) == 3:
w("""<table width="100%%">