autoriser access >= 8 à modifié un RDF facturé

mondumas/templates/dossier/rdf_view.pt

@@ -347,7 +347,8 @@
                 <div class="form-group">					
                     <a class="btn btn-default" href="${request.route_url('dossier_view', nodossier=nodossier)}">
                         <span class="glyphicon glyphicon-arrow-left"></span> Retour Dossier</a>
-                    <a class="btn btn-primary" href="/rdf_edit/${nodossier}/${rapport.date_inter.strftime('%Y-%m-%d')}" tal:condition="date_facture==''">
+                    <a class="btn btn-primary" href="/rdf_edit/${nodossier}/${rapport.date_inter.strftime('%Y-%m-%d')}" 
+                        tal:condition="date_facture=='' or access>=8">
                         <span class="glyphicon glyphicon-pencil"></span> Modifier</a>
                     <button class="btn btn-danger" type="submit" name="form.delete" tal:condition="not rapport.signature_svg and date_relu==''">
                         <span class="glyphicon glyphicon-remove"></span> Supprimer</button>

mondumas/views/dossier.py

@@ -102,6 +102,9 @@ def dossier_view(request):
     nodossier = request.matchdict['nodossier']
     societe = nodossier[0:2]
     logged_in = request.authenticated_userid.upper()
+    # lire son niveau d'accès
+    member = get_member_by_id(request, logged_in)
+    access = member.access 
     
     url = request.route_url("dossier_view", nodossier=nodossier)
 
@@ -136,6 +139,7 @@ def dossier_view(request):
         'docs_attaches': docs_attaches,
         'docs_url': request.static_url(request.registry.settings['mondumas.devfac_url']),
         'bg_color': bg_color,
+        'access': access,
     }
 
 @view_config(route_name='devis_view', renderer='../templates/dossier/devis_view.pt', permission='view')