diff --git a/lostplaces/lostplaces_app/static/icons/hamburger_menu.svg b/lostplaces/lostplaces_app/static/icons/hamburger_menu.svg
index 5755197..c9482fc 100644
--- a/lostplaces/lostplaces_app/static/icons/hamburger_menu.svg
+++ b/lostplaces/lostplaces_app/static/icons/hamburger_menu.svg
@@ -1 +1,4 @@
-
\ No newline at end of file
+
\ No newline at end of file
diff --git a/lostplaces/lostplaces_app/views.py b/lostplaces/lostplaces_app/views.py
index bca02bc..49d73a6 100644
--- a/lostplaces/lostplaces_app/views.py
+++ b/lostplaces/lostplaces_app/views.py
@@ -5,6 +5,7 @@
from django.shortcuts import render, redirect, get_object_or_404
from django.urls import reverse_lazy
from django.views.generic.edit import CreateView, UpdateView, DeleteView
+from django.views.generic.detail import SingleObjectMixin
from django.views.generic import ListView
from django.views import View
from django.http import Http404
@@ -25,22 +26,36 @@ from .models import Place, PlaceImage, Voucher, PhotoAlbum
# BaseView that checks if user is logged in.
class IsAuthenticated(LoginRequiredMixin, View):
redirect_field_name = 'redirect_to'
+ permission_denied_message = 'Please login to proceed'
+
+ def handle_no_permission(self):
+ messages.error(self.request, self.permission_denied_message)
+ return super().handle_no_permission()
# BaseView that checks if logged in user is submitter of place.
-class IsSubmitter(UserPassesTestMixin, View):
+class IsPlaceSubmitter(UserPassesTestMixin, View):
+ place_submitter_error_message = None
+
+ def get_place(self):
+ pass
+
def test_func(self):
""" Check if user is eligible to modify place. """
+
+ if not hasattr(self.request, 'user'):
+ return False
+
if self.request.user.is_superuser:
return True
# Check if currently logged in user was the submitter
- place_obj = self.get_object()
+ place_obj = self.get_place()
- if self.request.user == place_obj.submitted_by:
+ if place_obj and hasattr(place_obj, 'submitted_by') and self.request.user == place_obj.submitted_by:
return True
- messages.error(
- self.request, 'You do not have permission to do this.')
+ if self.place_submitter_error_message:
+ messages.error(self.request, self.place_submitter_error_message)
return False
class SignUpView(SuccessMessageMixin, CreateView):
@@ -80,15 +95,19 @@ class HomeView(View):
}
return render(request, 'home.html', context)
-class PlaceUpdateView(IsAuthenticated, IsSubmitter, SuccessMessageMixin, UpdateView):
+class PlaceUpdateView(IsAuthenticated, IsPlaceSubmitter, SuccessMessageMixin, UpdateView):
template_name = 'place/place_update.html'
model = Place
form_class = PlaceForm
success_message = 'Successfully updated place.'
+ place_submitter_error_message = 'You do no have permissions to alter this place'
def get_success_url(self):
return reverse_lazy('place_detail', kwargs={'pk':self.get_object().pk})
+ def get_place(self):
+ return self.get_object()
+
class PlaceCreateView(IsAuthenticated, View):
def get(self, request, *args, **kwargs):
@@ -145,17 +164,21 @@ class PlaceCreateView(IsAuthenticated, View):
)
place_image.save()
-class PlaceDeleteView(IsAuthenticated, IsSubmitter, DeleteView):
+class PlaceDeleteView(IsAuthenticated, IsPlaceSubmitter, DeleteView):
template_name = 'place/place_delete.html'
model = Place
success_message = 'Successfully deleted place.'
success_url = reverse_lazy('place_list')
success_message = 'Place deleted'
+ place_submitter_error_message = 'You do no have permission to delete this place'
def delete(self, request, *args, **kwargs):
messages.success(self.request, self.success_message)
return super().delete(request, *args, **kwargs)
+ def get_place(self):
+ return self.get_object()
+
class AlbumCreateView(IsAuthenticated, View):
def get(self, request, *args, **kwargs):
url = request.GET['url']
@@ -169,11 +192,11 @@ class AlbumCreateView(IsAuthenticated, View):
print(photo_album)
return redirect(reverse_lazy('place_detail', kwargs={'pk': place_id}))
-class PhotoAlbumCreateView(IsAuthenticated, CreateView):
+class PhotoAlbumCreateView(IsAuthenticated, SuccessMessageMixin, CreateView):
model = PhotoAlbum
fields = ['url', 'label']
template_name = 'photo_album/photo_album_create.html'
- success_message = 'Photo album submitted'
+ success_message = 'Photo Album submitted'
def get(self, request, place_id, *args, **kwargs):
self.place = Place.objects.get(pk=place_id)
@@ -193,4 +216,30 @@ class PhotoAlbumCreateView(IsAuthenticated, CreateView):
return context
def get_success_url(self):
- return reverse_lazy('place_detail', kwargs={'pk': self.place.id})
\ No newline at end of file
+ return reverse_lazy('place_detail', kwargs={'pk': self.place.id})
+
+class PhotoAlbumDeleteView(IsAuthenticated, IsPlaceSubmitter, SingleObjectMixin, View):
+ model = PhotoAlbum
+ pk_url_kwarg = 'pk'
+ success_message = 'Photo Album deleted'
+
+ def get_place(self):
+ place_id = self.get_object().place.id
+ return Place.objects.get(pk=place_id)
+
+ def test_func(self):
+ can_edit_place = super().test_func()
+ if can_edit_place:
+ return True
+
+ if self.get_object().submitted_by == self.request.user:
+ return True
+
+ messages.error(self.request, 'You do not have permissions to alter this photo album')
+ return False
+
+ def get(self, request, *args, **kwargs):
+ place_id = self.get_object().place.id
+ self.get_object().delete()
+ messages.success(self.request, self.success_message)
+ return redirect(reverse_lazy('place_detail', kwargs={'pk': place_id}))