2020-02-12 12:10:41 +00:00
|
|
|
from django.http import Http404
|
|
|
|
from django.shortcuts import get_object_or_404
|
2019-03-28 06:04:53 +00:00
|
|
|
|
|
|
|
from .models import Chain, Credebtor
|
|
|
|
|
|
|
|
|
|
|
|
class ChainViewMixin(object):
|
|
|
|
"""
|
|
|
|
The ChainViewMixin sets self.chain based on chain_slug from the URL
|
|
|
|
"""
|
2019-04-02 10:32:12 +00:00
|
|
|
|
2019-03-28 06:04:53 +00:00
|
|
|
def setup(self, *args, **kwargs):
|
2019-04-02 10:32:12 +00:00
|
|
|
super().setup(*args, **kwargs)
|
|
|
|
self.chain = get_object_or_404(Chain, slug=self.kwargs["chain_slug"])
|
2019-03-28 06:04:53 +00:00
|
|
|
|
|
|
|
|
|
|
|
class CredebtorViewMixin(object):
|
|
|
|
"""
|
|
|
|
The CredebtorViewMixin sets self.credebtor based on credebtor_slug from the URL
|
|
|
|
"""
|
2019-04-02 10:32:12 +00:00
|
|
|
|
2019-03-28 06:04:53 +00:00
|
|
|
def setup(self, *args, **kwargs):
|
2019-04-02 10:32:12 +00:00
|
|
|
super().setup(*args, **kwargs)
|
2019-03-28 06:04:53 +00:00
|
|
|
self.credebtor = get_object_or_404(
|
2019-04-02 10:32:12 +00:00
|
|
|
Credebtor, slug=self.kwargs["credebtor_slug"]
|
2019-03-28 06:04:53 +00:00
|
|
|
)
|
2018-08-29 22:52:32 +00:00
|
|
|
|
|
|
|
|
|
|
|
class ExpensePermissionMixin(object):
|
|
|
|
"""
|
|
|
|
This mixin checks if request.user submitted the Expense, or if request.user has camps.economyteam_permission
|
|
|
|
"""
|
2019-04-02 10:32:12 +00:00
|
|
|
|
2018-08-29 22:52:32 +00:00
|
|
|
def get_object(self, queryset=None):
|
|
|
|
obj = super().get_object(queryset=queryset)
|
2019-04-02 10:32:12 +00:00
|
|
|
if obj.user == self.request.user or self.request.user.has_perm(
|
|
|
|
"camps.economyteam_permission"
|
|
|
|
):
|
2018-08-29 22:52:32 +00:00
|
|
|
return obj
|
|
|
|
else:
|
2018-11-20 16:12:32 +00:00
|
|
|
# the current user is different from the user who submitted the expense, and current user is not in the economy team; fuckery is afoot, no thanks
|
|
|
|
raise Http404()
|
|
|
|
|
|
|
|
|
|
|
|
class RevenuePermissionMixin(object):
|
|
|
|
"""
|
|
|
|
This mixin checks if request.user submitted the Revenue, or if request.user has camps.economyteam_permission
|
|
|
|
"""
|
2019-04-02 10:32:12 +00:00
|
|
|
|
2018-11-20 16:12:32 +00:00
|
|
|
def get_object(self, queryset=None):
|
|
|
|
obj = super().get_object(queryset=queryset)
|
2019-04-02 10:32:12 +00:00
|
|
|
if obj.user == self.request.user or self.request.user.has_perm(
|
|
|
|
"camps.economyteam_permission"
|
|
|
|
):
|
2018-11-20 16:12:32 +00:00
|
|
|
return obj
|
|
|
|
else:
|
|
|
|
# the current user is different from the user who submitted the revenue, and current user is not in the economy team; fuckery is afoot, no thanks
|
2018-08-29 22:52:32 +00:00
|
|
|
raise Http404()
|
|
|
|
|
|
|
|
|
|
|
|
class ReimbursementPermissionMixin(object):
|
|
|
|
"""
|
|
|
|
This mixin checks if request.user owns the Reimbursement, or if request.user has camps.economyteam_permission
|
|
|
|
"""
|
2019-04-02 10:32:12 +00:00
|
|
|
|
2018-08-29 22:52:32 +00:00
|
|
|
def get_object(self, queryset=None):
|
|
|
|
obj = super().get_object(queryset=queryset)
|
2019-04-02 10:32:12 +00:00
|
|
|
if obj.reimbursement_user == self.request.user or self.request.user.has_perm(
|
|
|
|
"camps.economyteam_permission"
|
|
|
|
):
|
2018-08-29 22:52:32 +00:00
|
|
|
return obj
|
|
|
|
else:
|
2018-11-20 16:12:32 +00:00
|
|
|
# the current user is different from the user who "owns" the reimbursement, and current user is not in the economy team; fuckery is afoot, no thanks
|
2018-08-29 22:52:32 +00:00
|
|
|
raise Http404()
|