Moved check for submitter to own view, included it in update place.
This commit is contained in:
parent
b6b17f4caf
commit
78f087fb3c
@ -19,10 +19,27 @@ from .models import Place, PlaceImage, Voucher
|
|||||||
|
|
||||||
# Create your views here.
|
# Create your views here.
|
||||||
|
|
||||||
# BaseView that checks if user is logged in
|
# BaseView that checks if user is logged in.
|
||||||
class IsAuthenticated(LoginRequiredMixin, View):
|
class IsAuthenticated(LoginRequiredMixin, View):
|
||||||
redirect_field_name = 'redirect_to'
|
redirect_field_name = 'redirect_to'
|
||||||
|
|
||||||
|
# BaseView that checks if logged in user is submitter of place.
|
||||||
|
class IsSubmitter(UserPassesTestMixin, View):
|
||||||
|
def test_func(self):
|
||||||
|
""" Check if user is eligible to modify place. """
|
||||||
|
if self.request.user.is_superuser:
|
||||||
|
return True
|
||||||
|
|
||||||
|
# Check if currently logged in user was the submitter
|
||||||
|
place_obj = self.get_object()
|
||||||
|
|
||||||
|
if self.request.user == place_obj.submitted_by:
|
||||||
|
return True
|
||||||
|
|
||||||
|
messages.error(
|
||||||
|
self.request, 'You do not have permission to do this.')
|
||||||
|
return False
|
||||||
|
|
||||||
class SignUpView(CreateView):
|
class SignUpView(CreateView):
|
||||||
form_class = ExplorerCreationForm
|
form_class = ExplorerCreationForm
|
||||||
success_url = reverse_lazy('login')
|
success_url = reverse_lazy('login')
|
||||||
@ -45,7 +62,7 @@ class HomeView(View):
|
|||||||
}
|
}
|
||||||
return render(request, 'home.html', context)
|
return render(request, 'home.html', context)
|
||||||
|
|
||||||
class PlaceUpdateView(IsAuthenticated, UpdateView):
|
class PlaceUpdateView(IsAuthenticated, IsSubmitter, UpdateView):
|
||||||
template_name = 'place/place_update.html'
|
template_name = 'place/place_update.html'
|
||||||
model = Place
|
model = Place
|
||||||
form_class = PlaceForm
|
form_class = PlaceForm
|
||||||
@ -101,22 +118,8 @@ class PlaceCreateView(IsAuthenticated, View):
|
|||||||
)
|
)
|
||||||
place_image.save()
|
place_image.save()
|
||||||
|
|
||||||
class PlaceDeleteView(IsAuthenticated, UserPassesTestMixin, DeleteView):
|
class PlaceDeleteView(IsAuthenticated, IsSubmitter, DeleteView):
|
||||||
template_name = 'place/place_delete.html'
|
template_name = 'place/place_delete.html'
|
||||||
model = Place
|
model = Place
|
||||||
success_url = reverse_lazy('place_list')
|
success_url = reverse_lazy('place_list')
|
||||||
|
|
||||||
def test_func(self):
|
|
||||||
""" Check if user is eligible to delete place. """
|
|
||||||
if self.request.user.is_superuser:
|
|
||||||
return True
|
|
||||||
|
|
||||||
# Check if currently logged in user was the submitter
|
|
||||||
place_obj = self.get_object()
|
|
||||||
|
|
||||||
if self.request.user == place_obj.submitted_by:
|
|
||||||
return True
|
|
||||||
|
|
||||||
messages.error(
|
|
||||||
self.request, 'You do not have permission to delete this place.')
|
|
||||||
return False
|
|
Loading…
Reference in New Issue
Block a user