reynir/bornhack-website
1
0
Fork 0
Code Issues Pull requests 1 Releases Wiki Activity

fix permissions stuff maybe

Browse source
This commit is contained in:
Thomas Steen Rasmussen 2020-08-11 03:26:30 +02:00
parent db20fd7b68
commit d61b03b822
2 changed files with 19 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
src/backoffice/mixins.py
View file

@ -1,4 +1,5 @@
from camps.mixins import CampViewMixin from camps.mixins import CampViewMixin
from django.contrib.auth.mixins import UserPassesTestMixin
from django.core.exceptions import PermissionDenied from django.core.exceptions import PermissionDenied
from django.shortcuts import get_object_or_404 from django.shortcuts import get_object_or_404
from economy.models import Pos from economy.models import Pos
@ -43,7 +44,7 @@ class ContentTeamPermissionMixin(RaisePermissionRequiredMixin):
) )
class PosViewMixin(CampViewMixin): class PosViewMixin(CampViewMixin, UserPassesTestMixin):
"""A mixin to set self.pos based on pos_slug in url kwargs.""" """A mixin to set self.pos based on pos_slug in url kwargs."""
def setup(self, *args, **kwargs): def setup(self, *args, **kwargs):
@ -52,14 +53,20 @@ class PosViewMixin(CampViewMixin):
Pos, team__camp=self.camp, slug=self.kwargs["pos_slug"] Pos, team__camp=self.camp, slug=self.kwargs["pos_slug"]
) )
def get_permission_required(self): def test_func(self):
""" """
This view requires two permissions, camps.backoffice_permission and the permission_set for the team in question. This view requires two permissions, camps.backoffice_permission and the permission_set for the team in question.
""" """
if not self.pos.team.permission_set: if not self.pos.team.permission_set:
raise PermissionDenied("No permissions set defined for this team") raise PermissionDenied("No permissions set defined for this team")
perms = ["camps.backoffice_permission"] if not self.request.user.has_perm("camps.backoffice_permission"):
return perms raise PermissionDenied("User has no backoffice permission")
if not self.request.user.has_perm(
"camps.orgateam_permission"
) and not self.request.user.has_perm("camps." + self.pos.team.permission_set):
raise PermissionDenied("User has no permission for this Pos")
return True
def get_context_data(self, *args, **kwargs): def get_context_data(self, *args, **kwargs):
context = super().get_context_data(*args, **kwargs) context = super().get_context_data(*args, **kwargs)

20
src/backoffice/views.py
View file

@ -1978,7 +1978,7 @@ class PosListView(CampViewMixin, RaisePermissionRequiredMixin, ListView):
template_name = "pos_list.html" template_name = "pos_list.html"
class PosDetailView(PosViewMixin, RaisePermissionRequiredMixin, DetailView): class PosDetailView(PosViewMixin, DetailView):
"""Show details for a Pos.""" """Show details for a Pos."""
model = Pos model = Pos
@ -2029,7 +2029,7 @@ class PosDeleteView(CampViewMixin, OrgaTeamPermissionMixin, DeleteView):
return reverse("backoffice:pos_list", kwargs={"camp_slug": self.camp.slug}) return reverse("backoffice:pos_list", kwargs={"camp_slug": self.camp.slug})
class PosReportCreateView(PosViewMixin, RaisePermissionRequiredMixin, CreateView): class PosReportCreateView(PosViewMixin, CreateView):
"""Use this view to create new PosReports.""" """Use this view to create new PosReports."""
model = PosReport model = PosReport
@ -2066,7 +2066,7 @@ class PosReportCreateView(PosViewMixin, RaisePermissionRequiredMixin, CreateView
) )
class PosReportUpdateView(PosViewMixin, RaisePermissionRequiredMixin, UpdateView): class PosReportUpdateView(PosViewMixin, UpdateView):
"""Use this view to update PosReports.""" """Use this view to update PosReports."""
model = PosReport model = PosReport
@ -2085,7 +2085,7 @@ class PosReportUpdateView(PosViewMixin, RaisePermissionRequiredMixin, UpdateView
return context return context
class PosReportDetailView(PosViewMixin, RaisePermissionRequiredMixin, DetailView): class PosReportDetailView(PosViewMixin, DetailView):
"""Show details for a PosReport.""" """Show details for a PosReport."""
model = PosReport model = PosReport
@ -2093,9 +2093,7 @@ class PosReportDetailView(PosViewMixin, RaisePermissionRequiredMixin, DetailView
pk_url_kwarg = "posreport_uuid" pk_url_kwarg = "posreport_uuid"
class PosReportBankCountStartView( class PosReportBankCountStartView(PosViewMixin, UpdateView):
PosViewMixin, RaisePermissionRequiredMixin, UpdateView
):
"""The bank responsible for a PosReport uses this view to add day-start HAX and DKK counts to a PosReport.""" """The bank responsible for a PosReport uses this view to add day-start HAX and DKK counts to a PosReport."""
model = PosReport model = PosReport
@ -2116,7 +2114,7 @@ class PosReportBankCountStartView(
raise PermissionDenied("Only the bank responsible can do this") raise PermissionDenied("Only the bank responsible can do this")
class PosReportBankCountEndView(PosViewMixin, RaisePermissionRequiredMixin, UpdateView): class PosReportBankCountEndView(PosViewMixin, UpdateView):
"""The bank responsible for a PosReport uses this view to add day-end HAX and DKK counts to a PosReport.""" """The bank responsible for a PosReport uses this view to add day-end HAX and DKK counts to a PosReport."""
model = PosReport model = PosReport
@ -2137,9 +2135,7 @@ class PosReportBankCountEndView(PosViewMixin, RaisePermissionRequiredMixin, Upda
raise PermissionDenied("Only the bank responsible can do this") raise PermissionDenied("Only the bank responsible can do this")
class PosReportPosCountStartView( class PosReportPosCountStartView(PosViewMixin, UpdateView):
PosViewMixin, RaisePermissionRequiredMixin, UpdateView
):
"""The Pos responsible for a PosReport uses this view to add day-start HAX and DKK counts to a PosReport.""" """The Pos responsible for a PosReport uses this view to add day-start HAX and DKK counts to a PosReport."""
model = PosReport model = PosReport
@ -2160,7 +2156,7 @@ class PosReportPosCountStartView(
raise PermissionDenied("Only the Pos responsible can do this") raise PermissionDenied("Only the Pos responsible can do this")
class PosReportPosCountEndView(PosViewMixin, RaisePermissionRequiredMixin, UpdateView): class PosReportPosCountEndView(PosViewMixin, UpdateView):
"""The Pos responsible for a PosReport uses this view to add day-end HAX and DKK counts to a PosReport.""" """The Pos responsible for a PosReport uses this view to add day-end HAX and DKK counts to a PosReport."""
model = PosReport model = PosReport