Compare commits

...

3 Commits

5 changed files with 75 additions and 21 deletions

View File

@ -1 +1,4 @@
<svg fill="#000000" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 30 30" width="30px" height="30px"><path d="M 3 7 A 1.0001 1.0001 0 1 0 3 9 L 27 9 A 1.0001 1.0001 0 1 0 27 7 L 3 7 z M 3 14 A 1.0001 1.0001 0 1 0 3 16 L 27 16 A 1.0001 1.0001 0 1 0 27 14 L 3 14 z M 3 21 A 1.0001 1.0001 0 1 0 3 23 L 27 23 A 1.0001 1.0001 0 1 0 27 21 L 3 21 z"/></svg> <svg fill="#000000" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 30 30" width="30px" height="30px">
<path
d="M 3 7 A 1.0001 1.0001 0 1 0 3 9 L 27 9 A 1.0001 1.0001 0 1 0 27 7 L 3 7 z M 3 14 A 1.0001 1.0001 0 1 0 3 16 L 27 16 A 1.0001 1.0001 0 1 0 27 14 L 3 14 z M 3 21 A 1.0001 1.0001 0 1 0 3 23 L 27 23 A 1.0001 1.0001 0 1 0 27 21 L 3 21 z" />
</svg>

Before

Width:  |  Height:  |  Size: 351 B

After

Width:  |  Height:  |  Size: 358 B

View File

@ -62,7 +62,7 @@
<span class="LP-Text">{{photo_album.label}}</span> <span class="LP-Text">{{photo_album.label}}</span>
</a> </a>
{% if user == photo_album.submitted_by or user == place.submitted_by %} {% if user == photo_album.submitted_by or user == place.submitted_by %}
<a href="google.com" class="LP-Link LP-LinkList__ItemHover" title="Delete Photo Album"> <a href="{% url 'photo_album_delete' pk=photo_album.pk%}" class="LP-Link LP-LinkList__ItemHover" title="Delete Photo Album">
<div class="RV-Iconized__Container RV-Iconized__Container--small"> <div class="RV-Iconized__Container RV-Iconized__Container--small">
{% icon 'trash' className="RV-Iconized__Icon" %} {% icon 'trash' className="RV-Iconized__Icon" %}
</div> </div>

View File

@ -7,7 +7,8 @@ from .views import (
PlaceCreateView, PlaceCreateView,
PlaceUpdateView, PlaceUpdateView,
PlaceDeleteView, PlaceDeleteView,
PhotoAlbumCreateView PhotoAlbumCreateView,
PhotoAlbumDeleteView
) )
urlpatterns = [ urlpatterns = [
@ -16,6 +17,7 @@ urlpatterns = [
path('place/<int:pk>/', PlaceDetailView.as_view(), name='place_detail'), path('place/<int:pk>/', PlaceDetailView.as_view(), name='place_detail'),
path('place/create/', PlaceCreateView.as_view(), name='place_create'), path('place/create/', PlaceCreateView.as_view(), name='place_create'),
path('photo_album/create/<int:place_id>', PhotoAlbumCreateView.as_view(), name='photo_album_create'), path('photo_album/create/<int:place_id>', PhotoAlbumCreateView.as_view(), name='photo_album_create'),
path('photo_album/delete/<int:pk>', PhotoAlbumDeleteView.as_view(), name='photo_album_delete'),
path('place/update/<int:pk>/', PlaceUpdateView.as_view(), name='place_edit'), path('place/update/<int:pk>/', PlaceUpdateView.as_view(), name='place_edit'),
path('place/delete/<int:pk>/', PlaceDeleteView.as_view(), name='place_delete'), path('place/delete/<int:pk>/', PlaceDeleteView.as_view(), name='place_delete'),
path('place/', PlaceListView.as_view(), name='place_list') path('place/', PlaceListView.as_view(), name='place_list')

View File

@ -5,6 +5,7 @@
from django.shortcuts import render, redirect, get_object_or_404 from django.shortcuts import render, redirect, get_object_or_404
from django.urls import reverse_lazy from django.urls import reverse_lazy
from django.views.generic.edit import CreateView, UpdateView, DeleteView from django.views.generic.edit import CreateView, UpdateView, DeleteView
from django.views.generic.detail import SingleObjectMixin
from django.views.generic import ListView from django.views.generic import ListView
from django.views import View from django.views import View
from django.http import Http404 from django.http import Http404
@ -25,22 +26,36 @@ from .models import Place, PlaceImage, Voucher, PhotoAlbum
# BaseView that checks if user is logged in. # BaseView that checks if user is logged in.
class IsAuthenticated(LoginRequiredMixin, View): class IsAuthenticated(LoginRequiredMixin, View):
redirect_field_name = 'redirect_to' redirect_field_name = 'redirect_to'
permission_denied_message = 'Please login to proceed'
def handle_no_permission(self):
messages.error(self.request, self.permission_denied_message)
return super().handle_no_permission()
# BaseView that checks if logged in user is submitter of place. # BaseView that checks if logged in user is submitter of place.
class IsSubmitter(UserPassesTestMixin, View): class IsPlaceSubmitter(UserPassesTestMixin, View):
place_submitter_error_message = None
def get_place(self):
pass
def test_func(self): def test_func(self):
""" Check if user is eligible to modify place. """ """ Check if user is eligible to modify place. """
if not hasattr(self.request, 'user'):
return False
if self.request.user.is_superuser: if self.request.user.is_superuser:
return True return True
# Check if currently logged in user was the submitter # Check if currently logged in user was the submitter
place_obj = self.get_object() place_obj = self.get_place()
if self.request.user == place_obj.submitted_by: if place_obj and hasattr(place_obj, 'submitted_by') and self.request.user == place_obj.submitted_by:
return True return True
messages.error( if self.place_submitter_error_message:
self.request, 'You do not have permission to do this.') messages.error(self.request, self.place_submitter_error_message)
return False return False
class SignUpView(SuccessMessageMixin, CreateView): class SignUpView(SuccessMessageMixin, CreateView):
@ -80,15 +95,19 @@ class HomeView(View):
} }
return render(request, 'home.html', context) return render(request, 'home.html', context)
class PlaceUpdateView(IsAuthenticated, IsSubmitter, SuccessMessageMixin, UpdateView): class PlaceUpdateView(IsAuthenticated, IsPlaceSubmitter, SuccessMessageMixin, UpdateView):
template_name = 'place/place_update.html' template_name = 'place/place_update.html'
model = Place model = Place
form_class = PlaceForm form_class = PlaceForm
success_message = 'Successfully updated place.' success_message = 'Successfully updated place.'
place_submitter_error_message = 'You do no have permissions to alter this place'
def get_success_url(self): def get_success_url(self):
return reverse_lazy('place_detail', kwargs={'pk':self.get_object().pk}) return reverse_lazy('place_detail', kwargs={'pk':self.get_object().pk})
def get_place(self):
return self.get_object()
class PlaceCreateView(IsAuthenticated, View): class PlaceCreateView(IsAuthenticated, View):
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
@ -145,17 +164,21 @@ class PlaceCreateView(IsAuthenticated, View):
) )
place_image.save() place_image.save()
class PlaceDeleteView(IsAuthenticated, IsSubmitter, DeleteView): class PlaceDeleteView(IsAuthenticated, IsPlaceSubmitter, DeleteView):
template_name = 'place/place_delete.html' template_name = 'place/place_delete.html'
model = Place model = Place
success_message = 'Successfully deleted place.' success_message = 'Successfully deleted place.'
success_url = reverse_lazy('place_list') success_url = reverse_lazy('place_list')
success_message = 'Place deleted' success_message = 'Place deleted'
place_submitter_error_message = 'You do no have permission to delete this place'
def delete(self, request, *args, **kwargs): def delete(self, request, *args, **kwargs):
messages.success(self.request, self.success_message) messages.success(self.request, self.success_message)
return super().delete(request, *args, **kwargs) return super().delete(request, *args, **kwargs)
def get_place(self):
return self.get_object()
class AlbumCreateView(IsAuthenticated, View): class AlbumCreateView(IsAuthenticated, View):
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
url = request.GET['url'] url = request.GET['url']
@ -169,11 +192,11 @@ class AlbumCreateView(IsAuthenticated, View):
print(photo_album) print(photo_album)
return redirect(reverse_lazy('place_detail', kwargs={'pk': place_id})) return redirect(reverse_lazy('place_detail', kwargs={'pk': place_id}))
class PhotoAlbumCreateView(IsAuthenticated, CreateView): class PhotoAlbumCreateView(IsAuthenticated, SuccessMessageMixin, CreateView):
model = PhotoAlbum model = PhotoAlbum
fields = ['url', 'label'] fields = ['url', 'label']
template_name = 'photo_album/photo_album_create.html' template_name = 'photo_album/photo_album_create.html'
success_message = 'Photo album submitted' success_message = 'Photo Album submitted'
def get(self, request, place_id, *args, **kwargs): def get(self, request, place_id, *args, **kwargs):
self.place = Place.objects.get(pk=place_id) self.place = Place.objects.get(pk=place_id)
@ -194,3 +217,29 @@ class PhotoAlbumCreateView(IsAuthenticated, CreateView):
def get_success_url(self): def get_success_url(self):
return reverse_lazy('place_detail', kwargs={'pk': self.place.id}) return reverse_lazy('place_detail', kwargs={'pk': self.place.id})
class PhotoAlbumDeleteView(IsAuthenticated, IsPlaceSubmitter, SingleObjectMixin, View):
model = PhotoAlbum
pk_url_kwarg = 'pk'
success_message = 'Photo Album deleted'
def get_place(self):
place_id = self.get_object().place.id
return Place.objects.get(pk=place_id)
def test_func(self):
can_edit_place = super().test_func()
if can_edit_place:
return True
if self.get_object().submitted_by == self.request.user:
return True
messages.error(self.request, 'You do not have permissions to alter this photo album')
return False
def get(self, request, *args, **kwargs):
place_id = self.get_object().place.id
self.get_object().delete()
messages.success(self.request, self.success_message)
return redirect(reverse_lazy('place_detail', kwargs={'pk': place_id}))

View File

@ -23,9 +23,9 @@
<button class="LP-Button">Login</button> <button class="LP-Button">Login</button>
</div> </div>
</div> </div>
</div>
</fieldset> </fieldset>
</form> </form>
<p class="LP-Headline">No account? <a class="LP-Link" href="{% url 'signup' %}"><span class="LP-Link__Text">Sign up here</span></a></p>
{% endblock maincontent %} {% endblock maincontent %}