Implemented tag that checks if user is authorized.

This commit is contained in:
Marcus Scholz 2020-10-11 09:46:15 +02:00
parent 7943537276
commit 5035c6fe2f
2 changed files with 8 additions and 6 deletions

View File

@ -4,6 +4,7 @@
{% load thumbnail %} {% load thumbnail %}
{% load svg_icon %} {% load svg_icon %}
{% load lostplaces %}
{% block additional_head %} {% block additional_head %}
<link rel="stylesheet" href="{% static 'maps/ol.css' %}" type="text/css"> <link rel="stylesheet" href="{% static 'maps/ol.css' %}" type="text/css">
@ -36,10 +37,8 @@
</div> </div>
<section class="LP-Section"> <section class="LP-Section">
{% url 'place_tag_submit' place_id=place.id as tag_submit_url%} {% url 'place_tag_submit' place_id=place.id as tag_submit_url%}
{% include 'partials/tagging.html' with config=tagging_config %} {% include 'partials/tagging.html' with config=tagging_config %}
</section> </section>
<section class="LP-Section"> <section class="LP-Section">
@ -63,7 +62,8 @@
<a target="_blank" href="{{photo_album.url}}" class="LP-Link"> <a target="_blank" href="{{photo_album.url}}" class="LP-Link">
<span class="LP-Text">{{photo_album.label}}</span> <span class="LP-Text">{{photo_album.label}}</span>
</a> </a>
{% if user.explorer == photo_album.submitted_by or user.explorer == place.submitted_by %} {% can_modify_place_asset photo_album request as authorized %}
{% if authorized %}
<a href="{% url 'photo_album_delete' pk=photo_album.pk%}" class="LP-Link LP-LinkList__ItemHover" title="Delete Photo Album"> <a href="{% url 'photo_album_delete' pk=photo_album.pk%}" class="LP-Link LP-LinkList__ItemHover" title="Delete Photo Album">
<div class="RV-Iconized__Container RV-Iconized__Container--small"> <div class="RV-Iconized__Container RV-Iconized__Container--small">
{% icon 'trash' className="RV-Iconized__Icon" %} {% icon 'trash' className="RV-Iconized__Icon" %}
@ -98,7 +98,8 @@
<a href="{{ place_image.filename.large.url }}" class="LP-Link"> <a href="{{ place_image.filename.large.url }}" class="LP-Link">
<img class="LP-Image" src="{{ place_image.filename.thumbnail.url }}"> <img class="LP-Image" src="{{ place_image.filename.thumbnail.url }}">
</a> </a>
{% if user.explorer == place_image.submitted_by or user.explorer == place.submitted_by %} {% can_modify_place_asset place_image request as authorized %}
{% if authorized %}
<span class="LP-ImageGrid__DeleteItem" title="Bild löschen"> <span class="LP-ImageGrid__DeleteItem" title="Bild löschen">
<a href="{% url 'place_image_delete' pk=place_image.id %}" class="LP-Link"> <a href="{% url 'place_image_delete' pk=place_image.id %}" class="LP-Link">
<img class="LP-Icon" src="{% static 'icons/cancel.svg' %}" /> <img class="LP-Icon" src="{% static 'icons/cancel.svg' %}" />

View File

@ -26,10 +26,11 @@ def proper_paginate(paginator, current_page, neighbors=2):
return paginator.page_range return paginator.page_range
@register.simple_tag @register.simple_tag
def can_modify_place_asset(place_asset): def can_modify_place_asset(place_asset, request, *args, **kwargs):
print(place_asset.place.submitted_by, place_asset.submitted_by, request.user)
if request.user.is_superuser: if request.user.is_superuser:
return True return True
if request.user == ( place_asset.place.submitted_by or place_asset.submitted_by): if request.user.explorer == place_asset.place.submitted_by or request.user.explorer == place_asset.submitted_by:
return True return True
else: else:
return False return False