From c84be34a376bf46b946e3251255ce1cbfb0501f2 Mon Sep 17 00:00:00 2001 From: reverend Date: Thu, 27 Aug 2020 10:31:14 +0200 Subject: [PATCH] Place delete, more abstraction for ISPlaceSubmitter and more messages --- .../static/icons/hamburger_menu.svg | 5 +- lostplaces/lostplaces_app/views.py | 69 ++++++++++++++++--- 2 files changed, 63 insertions(+), 11 deletions(-) diff --git a/lostplaces/lostplaces_app/static/icons/hamburger_menu.svg b/lostplaces/lostplaces_app/static/icons/hamburger_menu.svg index 5755197..c9482fc 100644 --- a/lostplaces/lostplaces_app/static/icons/hamburger_menu.svg +++ b/lostplaces/lostplaces_app/static/icons/hamburger_menu.svg @@ -1 +1,4 @@ - \ No newline at end of file + + + \ No newline at end of file diff --git a/lostplaces/lostplaces_app/views.py b/lostplaces/lostplaces_app/views.py index bca02bc..49d73a6 100644 --- a/lostplaces/lostplaces_app/views.py +++ b/lostplaces/lostplaces_app/views.py @@ -5,6 +5,7 @@ from django.shortcuts import render, redirect, get_object_or_404 from django.urls import reverse_lazy from django.views.generic.edit import CreateView, UpdateView, DeleteView +from django.views.generic.detail import SingleObjectMixin from django.views.generic import ListView from django.views import View from django.http import Http404 @@ -25,22 +26,36 @@ from .models import Place, PlaceImage, Voucher, PhotoAlbum # BaseView that checks if user is logged in. class IsAuthenticated(LoginRequiredMixin, View): redirect_field_name = 'redirect_to' + permission_denied_message = 'Please login to proceed' + + def handle_no_permission(self): + messages.error(self.request, self.permission_denied_message) + return super().handle_no_permission() # BaseView that checks if logged in user is submitter of place. -class IsSubmitter(UserPassesTestMixin, View): +class IsPlaceSubmitter(UserPassesTestMixin, View): + place_submitter_error_message = None + + def get_place(self): + pass + def test_func(self): """ Check if user is eligible to modify place. """ + + if not hasattr(self.request, 'user'): + return False + if self.request.user.is_superuser: return True # Check if currently logged in user was the submitter - place_obj = self.get_object() + place_obj = self.get_place() - if self.request.user == place_obj.submitted_by: + if place_obj and hasattr(place_obj, 'submitted_by') and self.request.user == place_obj.submitted_by: return True - messages.error( - self.request, 'You do not have permission to do this.') + if self.place_submitter_error_message: + messages.error(self.request, self.place_submitter_error_message) return False class SignUpView(SuccessMessageMixin, CreateView): @@ -80,15 +95,19 @@ class HomeView(View): } return render(request, 'home.html', context) -class PlaceUpdateView(IsAuthenticated, IsSubmitter, SuccessMessageMixin, UpdateView): +class PlaceUpdateView(IsAuthenticated, IsPlaceSubmitter, SuccessMessageMixin, UpdateView): template_name = 'place/place_update.html' model = Place form_class = PlaceForm success_message = 'Successfully updated place.' + place_submitter_error_message = 'You do no have permissions to alter this place' def get_success_url(self): return reverse_lazy('place_detail', kwargs={'pk':self.get_object().pk}) + def get_place(self): + return self.get_object() + class PlaceCreateView(IsAuthenticated, View): def get(self, request, *args, **kwargs): @@ -145,17 +164,21 @@ class PlaceCreateView(IsAuthenticated, View): ) place_image.save() -class PlaceDeleteView(IsAuthenticated, IsSubmitter, DeleteView): +class PlaceDeleteView(IsAuthenticated, IsPlaceSubmitter, DeleteView): template_name = 'place/place_delete.html' model = Place success_message = 'Successfully deleted place.' success_url = reverse_lazy('place_list') success_message = 'Place deleted' + place_submitter_error_message = 'You do no have permission to delete this place' def delete(self, request, *args, **kwargs): messages.success(self.request, self.success_message) return super().delete(request, *args, **kwargs) + def get_place(self): + return self.get_object() + class AlbumCreateView(IsAuthenticated, View): def get(self, request, *args, **kwargs): url = request.GET['url'] @@ -169,11 +192,11 @@ class AlbumCreateView(IsAuthenticated, View): print(photo_album) return redirect(reverse_lazy('place_detail', kwargs={'pk': place_id})) -class PhotoAlbumCreateView(IsAuthenticated, CreateView): +class PhotoAlbumCreateView(IsAuthenticated, SuccessMessageMixin, CreateView): model = PhotoAlbum fields = ['url', 'label'] template_name = 'photo_album/photo_album_create.html' - success_message = 'Photo album submitted' + success_message = 'Photo Album submitted' def get(self, request, place_id, *args, **kwargs): self.place = Place.objects.get(pk=place_id) @@ -193,4 +216,30 @@ class PhotoAlbumCreateView(IsAuthenticated, CreateView): return context def get_success_url(self): - return reverse_lazy('place_detail', kwargs={'pk': self.place.id}) \ No newline at end of file + return reverse_lazy('place_detail', kwargs={'pk': self.place.id}) + +class PhotoAlbumDeleteView(IsAuthenticated, IsPlaceSubmitter, SingleObjectMixin, View): + model = PhotoAlbum + pk_url_kwarg = 'pk' + success_message = 'Photo Album deleted' + + def get_place(self): + place_id = self.get_object().place.id + return Place.objects.get(pk=place_id) + + def test_func(self): + can_edit_place = super().test_func() + if can_edit_place: + return True + + if self.get_object().submitted_by == self.request.user: + return True + + messages.error(self.request, 'You do not have permissions to alter this photo album') + return False + + def get(self, request, *args, **kwargs): + place_id = self.get_object().place.id + self.get_object().delete() + messages.success(self.request, self.success_message) + return redirect(reverse_lazy('place_detail', kwargs={'pk': place_id}))