diff --git a/castellum/contacts/forms.py b/castellum/contacts/forms.py index fd6a6e029482c0f02e2dfb73f12e9fb92b791bbe..9a898110ecfb262c804691eb66aca8e7ee963591 100644 --- a/castellum/contacts/forms.py +++ b/castellum/contacts/forms.py @@ -83,7 +83,7 @@ class ContactForm(forms.ModelForm): ] def __init__(self, *args, **kwargs): - user = kwargs.pop('user') + self.user = kwargs.pop('user') super().__init__(*args, **kwargs) self.address = self.get_address_form(**kwargs) @@ -93,7 +93,7 @@ class ContactForm(forms.ModelForm): elif any([self.instance.get_address(), self.instance.phone_number, self.instance.email]): self.fields['guardians_pane'].initial = 'self' - self.fields['guardians_remove'].choices = self.get_guardians_rm_choices(user) + self.fields['guardians_remove'].choices = self.get_guardians_rm_choices(self.user) def get_address_form(self, **kwargs): address_kwargs = kwargs.copy() @@ -182,13 +182,14 @@ class ContactForm(forms.ModelForm): contact = Contact.objects.get(pk=contact.pk) if self.cleaned_data.get('guardians_pane') == 'guardians': - contact.guardians.remove(*[ - subject.contact for subject in self.cleaned_data.get('guardians_remove', []) - ]) - - contact.guardians.add(*[ - subject.contact for subject in self.cleaned_data.get('guardians_add', []) - ]) + if self.user.has_perm('subjects.change_subject'): + contact.guardians.remove(*[ + subject.contact for subject in self.cleaned_data.get('guardians_remove', []) + ]) + + contact.guardians.add(*[ + subject.contact for subject in self.cleaned_data.get('guardians_add', []) + ]) else: contact.guardians.set([]) diff --git a/castellum/contacts/templates/contacts/__guardian_item.html b/castellum/contacts/templates/contacts/__guardian_item.html index 82fbd160aa4063f5476f9079bad77e2d5e653d4c..77d72184230e69253adb5f0b68e489a24452891f 100644 --- a/castellum/contacts/templates/contacts/__guardian_item.html +++ b/castellum/contacts/templates/contacts/__guardian_item.html @@ -1,19 +1,22 @@ {% load i18n auth %}