lostplaces-backend/django_lostplaces/lostplaces/views/base_views.py

109 lines
3.6 KiB
Python
Raw Normal View History

2020-08-30 17:11:24 +02:00
from django.views import View
2020-08-30 17:26:43 +02:00
from django.views.generic.edit import CreateView
from django.views.generic.detail import SingleObjectMixin
2020-08-30 17:11:24 +02:00
from django.contrib import messages
2020-08-30 17:26:43 +02:00
from django.contrib.auth.mixins import UserPassesTestMixin, LoginRequiredMixin
from django.contrib.messages.views import SuccessMessageMixin
from django.shortcuts import redirect
from django.urls import reverse_lazy
from lostplaces.models import Place
2020-08-30 17:11:24 +02:00
2020-09-13 10:56:18 +02:00
class IsAuthenticatedMixin(LoginRequiredMixin, View):
2020-09-09 22:52:28 +02:00
'''
A view mixin that checks wether a user is loged in or not.
If the user is not logged in, he gets redirected to
the login page.
'''
2020-09-10 18:38:26 +02:00
login_url = reverse_lazy('login')
2020-08-30 17:11:24 +02:00
permission_denied_message = 'Please login to proceed'
def handle_no_permission(self):
messages.error(self.request, self.permission_denied_message)
return super().handle_no_permission()
2020-09-13 10:57:53 +02:00
class IsPlaceSubmitterMixin(UserPassesTestMixin, View):
2020-09-09 22:52:28 +02:00
'''
A view mixin that checks wethe a user is the submitter
of a place Throws 403 if the user is not. The subclass
has to provide a get_place method, wich returns the
place to check.
'''
2020-08-30 17:11:24 +02:00
place_submitter_error_message = None
def get_place(self):
pass
def test_func(self):
""" Check if user is eligible to modify place. """
if not hasattr(self.request, 'user'):
return False
if self.request.user.is_superuser:
return True
# Check if currently logged in user was the submitter
place_obj = self.get_place()
if place_obj and hasattr(place_obj, 'submitted_by') and self.request.user.explorer == place_obj.submitted_by:
2020-08-30 17:11:24 +02:00
return True
if self.place_submitter_error_message:
messages.error(self.request, self.place_submitter_error_message)
return False
2020-08-30 17:26:43 +02:00
2020-09-13 10:56:18 +02:00
class PlaceAssetCreateView(IsAuthenticatedMixin, SuccessMessageMixin, CreateView):
2020-08-30 17:26:43 +02:00
model = None
fields = []
template_name = ''
success_message = ''
def get(self, request, place_id, *args, **kwargs):
self.place = Place.objects.get(pk=place_id)
return super().get(request, *args, **kwargs)
def post(self, request, place_id, *args, **kwargs):
self.place = Place.objects.get(pk=place_id)
response = super().post(request, *args, **kwargs)
self.object.place = self.place
self.object.submitted_by = request.user.explorer
2020-08-30 17:26:43 +02:00
self.object.save()
return response
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
context['place'] = self.place
return context
def get_success_url(self):
return reverse_lazy('place_detail', kwargs={'pk': self.place.id})
2020-09-13 10:57:53 +02:00
class PlaceAssetDeleteView(IsAuthenticatedMixin, IsPlaceSubmitterMixin, SingleObjectMixin, View):
2020-08-30 17:26:43 +02:00
model = None
success_message = ''
permission_denied_message = ''
def get_place(self):
place_id = self.get_object().place.id
return Place.objects.get(pk=place_id)
def test_func(self):
can_edit_place = super().test_func()
if can_edit_place:
return True
if self.get_object().submitted_by == self.request.user.explorer:
2020-08-30 17:26:43 +02:00
return True
messages.error(self.request, self.permission_denied_message)
return False
def get(self, request, *args, **kwargs):
place_id = self.get_object().place.id
self.get_object().delete()
messages.success(self.request, self.success_message)
2020-09-10 00:32:56 +02:00
return redirect(reverse_lazy('place_detail', kwargs={'pk': place_id}))