[Admin] Hide admin index forms without permission.

mysociety · Nov 5, 2024 · 182f35b · 182f35b
1 parent a8d3569
commit 182f35b
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/t/cobrand/tfl.t b/t/cobrand/tfl.t
@@ -983,7 +983,7 @@ for my $host ( 'www.fixmystreet.com', 'tfl.fixmystreet.com' ) {
 subtest 'TfL staff can access TfL admin' => sub {
     $mech->log_in_ok( $staffuser->email );
     $mech->get_ok('/admin');
-    $mech->content_contains( 'Search Reports' );
+    $mech->content_contains( '<h1>Summary</h1>' );
 };
 
 subtest 'TLRN categories cannot be renamed' => sub {
@@ -1439,7 +1439,7 @@ FixMyStreet::override_config {
 subtest 'Bromley staff can access Bromley admin' => sub {
     $mech->log_in_ok( $bromleyuser->email );
     $mech->get_ok('/admin');
-    $mech->content_contains( 'Search Reports' );
+    $mech->content_contains( '<h1>Summary</h1>' );
     $mech->log_out_ok;
 };
 

diff --git a/templates/web/base/admin/index.html b/templates/web/base/admin/index.html
@@ -13,21 +13,25 @@
 
 <div class="admin-index-search clearfix">
 
+[% IF c.user.has_body_permission_to('report_edit') %]
 <form method="get" action="[% c.uri_for('reports') %]" accept-charset="utf-8">
     <label for="search_reports">[% loc('Search Reports') %]</label>
     <div class="form-txt-submit-box">
         <input type="text" class="form-control" name="search"  size="30" id="search_reports" value="[% searched | html %]">
         <input type="submit" class="btn" value="[% loc('Go') %]">
     </div>
 </form>
+[% END %]
 
+[% IF c.user.has_body_permission_to('user_edit') %]
 <form method="get" action="[% c.uri_for('users') %]" accept-charset="utf-8">
     <label for="search_users">[% loc('Search Users') %]</label>
     <div class="form-txt-submit-box">
         <input type="text" class="form-control" name="search"  size="30" id="search_users" value="[% searched | html %]">
         <input type="submit" class="btn" value="[% loc('Go') %]">
     </div>
 </form>
+[% END %]
 
 [% TRY %][% PROCESS 'admin/_index_extra_search.html' %][% CATCH file %][% END %]