From 4e7c81a0b9fa0498a38393cf1648b445304a39a1 Mon Sep 17 00:00:00 2001
From: Paul Eggleton <paul.eggleton@linux.intel.com>
Date: Tue, 26 Mar 2019 14:16:51 +1300
Subject: [PATCH] Add access controls to PatchDispositionAdmin

* Make patch / user fields non-editable for existing records (patch
  mostly because the list is huge for a drop-down)
* User must be a superuser or the dispositioner to edit

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
 layerindex/admin.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/layerindex/admin.py b/layerindex/admin.py
index 905aca1..684ef74 100644
--- a/layerindex/admin.py
+++ b/layerindex/admin.py
@@ -179,8 +179,16 @@ class PatchAdmin(admin.ModelAdmin):
         return False
 
 class PatchDispositionAdmin(admin.ModelAdmin):
+    fields = ['patch', 'user', 'disposition', 'comment']
     search_fields = ['patch__path']
     list_filter = ['patch__recipe__layerbranch__layer__name', 'patch__recipe__layerbranch__branch__name']
+    def get_readonly_fields(self, request, obj=None):
+        readonly_fields = ['user']
+        if obj:
+            readonly_fields.append('patch')
+            if not (request.user == obj.user or request.user.is_superuser):
+                readonly_fields.append('disposition', 'comment')
+        return readonly_fields
 
 class IncFileAdmin(admin.ModelAdmin):
     search_fields = ['path']