auth: disable UI elements for non-editable roles

If a role is not user-editable, disable the UI elements that allow
editting of the role to prevent that as an option in the first place.

2 files changed, 9 insertions, 2 deletions

diff --git a/wqflask/wqflask/oauth2/ui.py b/wqflask/wqflask/oauth2/ui.py
index 31b873be..4fdbe869 100644
--- a/wqflask/wqflask/oauth2/ui.py
+++ b/wqflask/wqflask/oauth2/ui.py
@@ -2,6 +2,7 @@
 from flask import session, render_template
 
 from .client import oauth2_get
+from .request_utils import process_error
 
 def render_ui(templatepath: str, **kwargs):
     """Handle repetitive UI rendering stuff."""
diff --git a/wqflask/wqflask/templates/oauth2/view-group-role.html b/wqflask/wqflask/templates/oauth2/view-group-role.html
index 5536d475..efc8fd75 100644
--- a/wqflask/wqflask/templates/oauth2/view-group-role.html
+++ b/wqflask/wqflask/templates/oauth2/view-group-role.html
@@ -37,7 +37,10 @@
 		<input type="hidden" name="privilege_id"
 		       value="{{privilege.privilege_id}}" />
 		<input type="submit" class="btn btn-danger"
-		       value="Remove" />
+		       value="Remove"
+		       {%if not group_role.role.user_editable%}
+		       disabled="disabled"
+		       {%endif%} />
 	      </form>
 	    </td>
 	  </tr>
@@ -72,7 +75,10 @@
 		<input type="hidden" name="privilege_id"
 		       value="{{priv.privilege_id}}" />
 		<input type="submit" class="btn btn-warning"
-		       value="Add to Role" />
+		       value="Add to Role"
+		       {%if not group_role.role.user_editable%}
+		       disabled="disabled"
+		       {%endif%} />
 	      </form>
 	    </td>
 	  </tr>