Fix some permission issues regarding villages.
This commit is contained in:
parent
178be1deb0
commit
11fd8ca0fd
|
@ -1,11 +1,13 @@
|
||||||
|
from django.http import Http404
|
||||||
|
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||||
from django.core.urlresolvers import reverse_lazy
|
from django.core.urlresolvers import reverse_lazy
|
||||||
from django.http import HttpResponseRedirect
|
from django.http import HttpResponseRedirect
|
||||||
from django.views.generic import (
|
from django.views.generic import (
|
||||||
ListView, DetailView, CreateView, UpdateView, DeleteView
|
ListView, DetailView, CreateView, UpdateView, DeleteView
|
||||||
)
|
)
|
||||||
from .models import (
|
from django.views.generic.detail import SingleObjectMixin
|
||||||
Village,
|
|
||||||
)
|
from .models import Village
|
||||||
|
|
||||||
|
|
||||||
class VillageListView(ListView):
|
class VillageListView(ListView):
|
||||||
|
@ -20,7 +22,7 @@ class VillageDetailView(DetailView):
|
||||||
context_object_name = 'village'
|
context_object_name = 'village'
|
||||||
|
|
||||||
|
|
||||||
class VillageCreateView(CreateView):
|
class VillageCreateView(LoginRequiredMixin, CreateView):
|
||||||
model = Village
|
model = Village
|
||||||
template_name = 'village_form.html'
|
template_name = 'village_form.html'
|
||||||
fields = ['name', 'description', 'private']
|
fields = ['name', 'description', 'private']
|
||||||
|
@ -33,7 +35,21 @@ class VillageCreateView(CreateView):
|
||||||
return HttpResponseRedirect(village.get_absolute_url())
|
return HttpResponseRedirect(village.get_absolute_url())
|
||||||
|
|
||||||
|
|
||||||
class VillageUpdateView(UpdateView):
|
class EnsureUserOwnsVillageMixin(SingleObjectMixin):
|
||||||
|
model = Village
|
||||||
|
|
||||||
|
def dispatch(self, request, *args, **kwargs):
|
||||||
|
# If the user is not contact for this village OR is not staff
|
||||||
|
if not request.user.is_staff:
|
||||||
|
if self.get_object().contact != request.user:
|
||||||
|
raise Http404("Village not found")
|
||||||
|
|
||||||
|
return super(EnsureUserOwnsVillageMixin, self).dispatch(
|
||||||
|
request, *args, **kwargs
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class VillageUpdateView(EnsureUserOwnsVillageMixin, LoginRequiredMixin, UpdateView):
|
||||||
model = Village
|
model = Village
|
||||||
queryset = Village.objects.not_deleted()
|
queryset = Village.objects.not_deleted()
|
||||||
template_name = 'village_form.html'
|
template_name = 'village_form.html'
|
||||||
|
@ -43,7 +59,7 @@ class VillageUpdateView(UpdateView):
|
||||||
return self.get_object().get_absolute_url()
|
return self.get_object().get_absolute_url()
|
||||||
|
|
||||||
|
|
||||||
class VillageDeleteView(DeleteView):
|
class VillageDeleteView(EnsureUserOwnsVillageMixin, LoginRequiredMixin, DeleteView):
|
||||||
model = Village
|
model = Village
|
||||||
success_url = reverse_lazy('villages:list')
|
success_url = reverse_lazy('villages:list')
|
||||||
template_name = 'village_confirm_delete.html'
|
template_name = 'village_confirm_delete.html'
|
||||||
|
|
Loading…
Reference in a new issue