Moved check for submitter to own view, included it in update place.

This commit is contained in:
Marcus Scholz 2020-08-12 19:07:07 +02:00
parent b6b17f4caf
commit 78f087fb3c

View File

@ -19,10 +19,27 @@ from .models import Place, PlaceImage, Voucher
# Create your views here. # Create your views here.
# BaseView that checks if user is logged in # BaseView that checks if user is logged in.
class IsAuthenticated(LoginRequiredMixin, View): class IsAuthenticated(LoginRequiredMixin, View):
redirect_field_name = 'redirect_to' redirect_field_name = 'redirect_to'
# BaseView that checks if logged in user is submitter of place.
class IsSubmitter(UserPassesTestMixin, View):
def test_func(self):
""" Check if user is eligible to modify place. """
if self.request.user.is_superuser:
return True
# Check if currently logged in user was the submitter
place_obj = self.get_object()
if self.request.user == place_obj.submitted_by:
return True
messages.error(
self.request, 'You do not have permission to do this.')
return False
class SignUpView(CreateView): class SignUpView(CreateView):
form_class = ExplorerCreationForm form_class = ExplorerCreationForm
success_url = reverse_lazy('login') success_url = reverse_lazy('login')
@ -45,7 +62,7 @@ class HomeView(View):
} }
return render(request, 'home.html', context) return render(request, 'home.html', context)
class PlaceUpdateView(IsAuthenticated, UpdateView): class PlaceUpdateView(IsAuthenticated, IsSubmitter, UpdateView):
template_name = 'place/place_update.html' template_name = 'place/place_update.html'
model = Place model = Place
form_class = PlaceForm form_class = PlaceForm
@ -101,22 +118,8 @@ class PlaceCreateView(IsAuthenticated, View):
) )
place_image.save() place_image.save()
class PlaceDeleteView(IsAuthenticated, UserPassesTestMixin, DeleteView): class PlaceDeleteView(IsAuthenticated, IsSubmitter, DeleteView):
template_name = 'place/place_delete.html' template_name = 'place/place_delete.html'
model = Place model = Place
success_url = reverse_lazy('place_list') success_url = reverse_lazy('place_list')
def test_func(self):
""" Check if user is eligible to delete place. """
if self.request.user.is_superuser:
return True
# Check if currently logged in user was the submitter
place_obj = self.get_object()
if self.request.user == place_obj.submitted_by:
return True
messages.error(
self.request, 'You do not have permission to delete this place.')
return False