Don't link folders in the folder path if user doesn't have permission

This updates folder_path macro to not link to any folders that the user doesn't have permission for.
2026-04-17 15:51:52 -04:00 · 2019-03-28 16:10:00 +00:00
parent 172f6b303f
commit e6d4c7aaa8
6 changed files with 19 additions and 5 deletions
--- a/app/templates/components/folder-path.html
+++ b/app/templates/components/folder-path.html
@@ -2,6 +2,7 @@
  folders,
  service_id,
  template_type,
+  current_user,
  fallback_page_title=None,
  show_fallback_page_title=False,
  link_current_item=False
@@ -21,7 +22,11 @@
          {% endif %}
        {% else %}
          {% if folder.id %}
-            <a href="{{ url_for('.choose_template', service_id=service_id, template_type=template_type, template_folder_id=folder.id) }}" class="folder-heading-folder {% if loop.index < (loop.length - 1) %}folder-heading-folder-truncated{% endif %}" title="{{ folder.name }}">{{ folder.name }}</a>
+            {% if current_user.has_template_folder_permission(folder) %}
+              <a href="{{ url_for('.choose_template', service_id=service_id, template_type=template_type, template_folder_id=folder.id) }}" class="folder-heading-folder {% if loop.index < (loop.length - 1) %}folder-heading-folder-truncated{% endif %}" title="{{ folder.name }}">{{ folder.name }}</a>
+            {% else %}
+              <span class="folder-heading-folder">{{ folder.name }}</span>
+            {% endif %}
          {% else %}
            <a href="{{ url_for('.choose_template', service_id=service_id, template_type=template_type) }}" title="Templates" class="{% if loop.length > 2 %}folder-heading-folder-root-truncated{% endif %}">Templates</a>
          {% endif %}
@@ -36,7 +41,8 @@
 {% macro copy_folder_path(
  folder_path,
  current_service_id,
-  from_service
+  from_service,
+  current_user
 ) %}
  {% if folder_path %}
    <h2 class="heading-medium folder-heading">
@@ -51,7 +57,12 @@
          </span>
        {% else %}
          {% if folder.id %}
-            <a href="{{ url_for('.choose_template_to_copy', service_id=current_service_id, from_service=from_service.id, from_folder=folder.id) }}" class="folder-heading-folder">{{ folder.name }}</a> {% if not loop.last %}{{ folder_path_separator() }}{% endif %}
+            {% if current_user.has_template_folder_permission(folder) %}
+              <a href="{{ url_for('.choose_template_to_copy', service_id=current_service_id, from_service=from_service.id, from_folder=folder.id) }}" class="folder-heading-folder">{{ folder.name }}</a>
+             {% else %}
+              <span class="folder-heading-folder">{{ folder.name }}</span>
+            {% endif %}
+            {% if not loop.last %}{{ folder_path_separator() }}{% endif %}
          {% elif folder.parent_id == None %}
            <a href="{{ url_for('.choose_template_to_copy', service_id=current_service_id, from_service=from_service.id, from_folder=folder.id) }}" class="folder-heading-folder">{{ from_service.name }}</a> {% if not loop.last %}{{ folder_path_separator() }}{% endif %}
          {% else %}
--- a/app/templates/views/templates/choose-reply.html
+++ b/app/templates/views/templates/choose-reply.html
@@ -14,7 +14,7 @@

 <div class="bottom-gutter-1-2">
  <h1 class="heading-large">Choose a template</h1>
-  {{ folder_path(template_folder_path, current_service.id, template_type) }}
+  {{ folder_path(template_folder_path, current_service.id, template_type, current_user) }}
 </div>

  {% if not templates_and_folders.templates_to_show %}
--- a/app/templates/views/templates/choose.html
+++ b/app/templates/views/templates/choose.html
@@ -53,6 +53,7 @@
          folders=template_folder_path,
          service_id=current_service.id,
          template_type=template_type,
+          current_user=current_user,
          fallback_page_title=page_title,
          show_fallback_page_title=not current_service.all_template_folders
        ) }}
--- a/app/templates/views/templates/copy.html
+++ b/app/templates/views/templates/copy.html
@@ -11,7 +11,7 @@

    <div class="bottom-gutter-1-2">
      <h1 class="heading-large">Copy an existing template</h1>
-      {{ copy_folder_path(template_folder_path, current_service.id, from_service) }}
+      {{ copy_folder_path(template_folder_path, current_service.id, from_service, current_user) }}
    </div>
    {% if not services_templates_and_folders.templates_to_show %}
      <p class="template-list-empty">
--- a/app/templates/views/templates/manage-template-folder.html
+++ b/app/templates/views/templates/manage-template-folder.html
@@ -17,6 +17,7 @@
        folders=template_folder_path,
        service_id=current_service.id,
        template_type='all',
+        current_user=current_user,
        link_current_item=True
      ) }}
    </div>
--- a/app/templates/views/templates/template.html
+++ b/app/templates/views/templates/template.html
@@ -35,6 +35,7 @@
          folders=current_service.get_template_path(template._template),
          service_id=current_service.id,
          template_type='all',
+          current_user=current_user,
          fallback_page_title=template.name,
          show_fallback_page_title=not current_service.all_template_folders
        ) }}