issue 23982: shim for client to understand nonedit orm attribute priv

diff --git a/lib/backbone-x/source/model_mixin.js b/lib/backbone-x/source/model_mixin.js
index 8b54e4b..0b4d8a9 100644 (file)
--- a/lib/backbone-x/source/model_mixin.js
+++ b/lib/backbone-x/source/model_mixin.js
@@ -11,11 +11,21 @@
     @private
   */
   var _canDoAttr = function (action, attribute) {
-    var priv = this.privileges &&
+    var privObject = this.privileges &&
       this.privileges.attribute &&
-      this.privileges.attribute[attribute] &&
-      !_.isUndefined(this.privileges.attribute[attribute][action]) ?
-      this.privileges.attribute[attribute][action] : undefined;
+      this.privileges.attribute[attribute];
+
+    // shim: the way to set an attribute to be non-editable after persist is {update: "false"}
+    // if someone is asking if we can update a ready_new model, they're going to be asking
+    // canEdit, which will map to update, but we really know they are interested in the `create`
+    // attribute of the privObject
+    if (privObject && action === "update" && this.isNew() && privObject.create !== privObject.update) {
+      action = "create";
+    }
+
+    var priv = privObject &&
+      !_.isUndefined(privObject[action]) ?
+      privObject[action] : undefined;
 
     // If there was a privilege then check our access, otherwise assume we have it
     var hasPriv = !_.isUndefined(priv) ? XT.session.getPrivileges().get(priv) : true;