c52bf300ff
* first version of dect registration and phonebook functionality, missing export functionality for dect phone system, the rest should more or less work * add a missing button and message * fix typo * add django-oauth-toolkit to implement oauth2 auth for the DECT csv export * remove unused HMAC code * add logger * only show buttons when user is logged in * remove unneeded enctype
37 lines
1.1 KiB
Python
37 lines
1.1 KiB
Python
import logging
|
|
|
|
from django.contrib import messages
|
|
from django.contrib.auth.mixins import PermissionRequiredMixin, UserPassesTestMixin
|
|
from django.core.exceptions import PermissionDenied
|
|
|
|
logger = logging.getLogger("bornhack.%s" % __name__)
|
|
|
|
|
|
class StaffMemberRequiredMixin(object):
|
|
"""
|
|
A CBV mixin for when a view should only be permitted for staff users
|
|
"""
|
|
|
|
def dispatch(self, request, *args, **kwargs):
|
|
# only permit staff users
|
|
if not request.user.is_staff:
|
|
messages.error(request, "No thanks")
|
|
raise PermissionDenied()
|
|
|
|
# continue with the request
|
|
return super().dispatch(request, *args, **kwargs)
|
|
|
|
|
|
class RaisePermissionRequiredMixin(PermissionRequiredMixin):
|
|
"""
|
|
A subclass of PermissionRequiredMixin which raises an exception to return 403 rather than a redirect to the login page
|
|
We use this to avoid a redirect loop since our login page redirects back to the ?next= url when a user is logged in...
|
|
"""
|
|
|
|
raise_exception = True
|
|
|
|
|
|
class UserIsObjectOwnerMixin(UserPassesTestMixin):
|
|
def test_func(self):
|
|
return self.get_object().user == self.request.user
|