Add Group ACL recognizing check to upload

Signed-off-by: Michal Čihař <michal@cihar.com>

weblate/html/translation-download.html

 {% load i18n %}
+{% load permissions %}
+
+{% can_upload_transaltion user object as user_can_upload_translation %}
 
 <li><a href="{% url 'download_translation' project=object.subproject.project.slug subproject=object.subproject.slug lang=object.language.code %}" title="{% trans "Download for an offline translation." %}">{% blocktrans with object.subproject.file_format_name as format %}Download original translation file ({{format}}){% endblocktrans %}</a></li>
 <li><a href="{% url 'download_translation_format' project=object.subproject.project.slug subproject=object.subproject.slug lang=object.language.code fmt='xliff'%}" title="{% trans "Download for an offline translation." %}">{% trans "Download translation as XLIFF" %}</a></li>
@@ -8,7 +11,7 @@
 {% if object.supports_language_pack %}
 <li><a href="{% url 'download_language_pack' project=object.subproject.project.slug subproject=object.subproject.slug lang=object.language.code %}" title="{% trans "Download for using within an application." %}">{% trans "Download compiled translation" %}</a></li>
 {% endif %}
-{% if perms.trans.upload_translation %}
+{% if user_can_upload_translation %}
 <li role="separator" class="divider"></li>
 <li><a href="#upload" data-toggle="tab">{% trans "Upload translation" %}</a></li>
 {% endif %}

weblate/html/translation.html

@@ -19,6 +19,7 @@
 
 {% can_see_repository_status user object.subproject.project as user_can_see_repository_status %}
 {% can_commit_translation user object.subproject.project as user_can_commit_translation %}
+{% can_upload_translation user object as user_can_upload_translation %}
 
 {% include "show-lock.html" %}
 
@@ -190,7 +191,7 @@
 </div>
 {% endif %}
 
-{% if perms.trans.upload_translation %}
+{% if user_can_upload_translation %}
 <div class="tab-pane" id="upload">
 <form action="{% url 'upload_translation' project=object.subproject.project.slug subproject=object.subproject.slug lang=object.language.code %}" method="post" enctype="multipart/form-data">
 <div class="panel panel-primary">

weblate/trans/permissions.py

@@ -135,6 +135,14 @@ def can_edit(user, translation, permission):
     return True
 
 
+@cache_permission
+def can_upload_translation(user, translation):
+    """
+    Checks whether user can translate given translation.
+    """
+    return can_edit(user, translation, 'trans.upload_translation')
+
+
 @cache_permission
 def can_translate(user, translation):
     """

weblate/trans/templatetags/permissions.py

@@ -23,6 +23,13 @@ import weblate.trans.permissions
 register = template.Library()
 
 
+@register.assignment_tag
+def can_upload_translation(user, translation):
+    return weblate.trans.permissions.can_upload_translation(
+        user, translation
+    )
+
+
 @register.assignment_tag
 def can_translate(user, translation):
     return weblate.trans.permissions.can_translate(

weblate/trans/views/files.py

@@ -20,6 +20,7 @@
 
 import sys
 
+from django.core.exceptions import PermissionDenied
 from django.utils.translation import ugettext as _, ungettext
 from django.utils.encoding import force_text
 from django.shortcuts import redirect
@@ -34,7 +35,8 @@ from weblate.trans.views.helper import (
     get_translation, import_message, download_translation_file
 )
 from weblate.trans.permissions import (
-    can_author_translation, can_overwrite_translation
+    can_author_translation, can_overwrite_translation,
+    can_upload_translation,
 )
 
 
@@ -63,13 +65,15 @@ def download_language_pack(request, project, subproject, lang):
 
 
 @require_POST
-@permission_required('trans.upload_translation')
 def upload_translation(request, project, subproject, lang):
     '''
     Handling of translation uploads.
     '''
     obj = get_translation(request, project, subproject, lang)
 
+    if not can_upload_translation(request.user, obj):
+        raise PermissionDenied()
+
     # Check method and lock
     if obj.is_locked(request.user):
         messages.error(request, _('Access denied.'))