33383e6559
* Event feedback functionality and related commits: * blackness and isort and flake8 - this branch does not have pre-commit so I forgot :/ * finish backoffice management of eventfeedback * add username to eventfeedback detail panel when viewed in backoffice * Add feedback url to elm schedule. Fix access when user is anonymous. Remove print statement. * one prefetch_related call to rule them all Co-authored-by: Víðir Valberg Guðmundsson <valberg@orn.li>
33 lines
1.1 KiB
Python
33 lines
1.1 KiB
Python
from django.contrib import messages
|
|
from django.contrib.auth.mixins import PermissionRequiredMixin, UserPassesTestMixin
|
|
from django.http import HttpResponseForbidden
|
|
|
|
|
|
class StaffMemberRequiredMixin(object):
|
|
"""
|
|
A CBV mixin for when a view should only be permitted for staff users
|
|
"""
|
|
|
|
def dispatch(self, request, *args, **kwargs):
|
|
# only permit staff users
|
|
if not request.user.is_staff:
|
|
messages.error(request, "No thanks")
|
|
return HttpResponseForbidden()
|
|
|
|
# continue with the request
|
|
return super().dispatch(request, *args, **kwargs)
|
|
|
|
|
|
class RaisePermissionRequiredMixin(PermissionRequiredMixin):
|
|
"""
|
|
A subclass of PermissionRequiredMixin which raises an exception to return 403 rather than a redirect to the login page
|
|
We use this to avoid a redirect loop since our login page redirects back to the ?next= url when a user is logged in...
|
|
"""
|
|
|
|
raise_exception = True
|
|
|
|
|
|
class UserIsObjectOwnerMixin(UserPassesTestMixin):
|
|
def test_func(self):
|
|
return self.get_object().user == self.request.user
|