- CSV Import:

  Relaxed permissions, so that project write permissions are sufficient
  in order to import risks per project

www/import-2.tcl

@@ -19,10 +19,12 @@ set current_user_id [ad_maybe_redirect_for_registration]
 set page_title [lang::message::lookup "" intranet-cvs-import.Upload_Objects "Upload Objects"]
 set context_bar [im_context_bar "" $page_title]
 set admin_p [im_is_user_site_wide_or_intranet_admin $current_user_id]
-if {!$admin_p} {
-    ad_return_complaint 1 "Only administrators have the right to import objects"
-    ad_script_abort
-}
+
+# fraber 130225: Permissions are now handled by the import-* files
+# if {!$admin_p} {
+#     ad_return_complaint 1 "Only administrators have the right to import objects"
+#     ad_script_abort
+# }
 
 # Get the file from the user.
 # number_of_bytes is the upper-limit

www/import-im_risk.tcl

@@ -28,11 +28,7 @@ ad_page_contract {
 set current_user_id [ad_maybe_redirect_for_registration]
 set page_title [lang::message::lookup "" intranet-cvs-import.Upload_Objects "Upload Objects"]
 set context_bar [im_context_bar "" $page_title]
-set admin_p [im_is_user_site_wide_or_intranet_admin $current_user_id]
-if {!$admin_p} {
-    ad_return_complaint 1 "Only administrators have the right to import objects"
-    ad_script_abort
-}
+
 
 
 # ---------------------------------------------------------------------
@@ -218,6 +214,15 @@ foreach csv_line_fields $values_list_of_lists {
 	continue
     }
 
+    # Check permissions
+    im_project_permissions $current_user_id $risk_project_id view_p read_p write_p admin_p
+    if {!$write_p} {
+	if {$ns_write_p} {
+	    ns_write "<li><font color=red>Error: You don't have write permissions for project #$risk_project_id.</font>"
+	}
+	continue
+    }
+
     # Status is a required field
     if {"" == $risk_status_id} {
 	if {$ns_write_p} { ns_write "<li><font color=brown>Warning: Didn't find risk status '$risk_status_id', using default status 'Open'</font>\n" }