Compare commits

..

7 Commits

4 changed files with 38 additions and 26 deletions

View File

@ -8,7 +8,10 @@
<link rel="icon" type="image/png" href="{% static 'favicon.ico' %}"> <link rel="icon" type="image/png" href="{% static 'favicon.ico' %}">
<title> <title>
{% block title %}Urban Exploration{% endblock %} {% block title %}Urban Exploration{% endblock %}
</title> </title>
{% block additional_head %}
{% endblock additional_head %}
</head> </head>
<body> <body>

View File

@ -1,6 +1,5 @@
from django.urls import path from django.urls import path
from .views import ( from .views import (
hello_world,
HomeView, HomeView,
place_detail_view, place_detail_view,
place_list_view, place_list_view,
@ -11,7 +10,6 @@ from .views import (
) )
urlpatterns = [ urlpatterns = [
path('hello_world/', hello_world), # You know what this is :P
path('', HomeView.as_view(), name='home'), path('', HomeView.as_view(), name='home'),
path('signup/', SignUpView.as_view(), name='signup'), path('signup/', SignUpView.as_view(), name='signup'),
path('place/<int:pk>/', place_detail_view, name='place_detail'), path('place/<int:pk>/', place_detail_view, name='place_detail'),

View File

@ -8,7 +8,7 @@ from django.views.generic.edit import CreateView, UpdateView, DeleteView
from django.views import View from django.views import View
from django.http import Http404 from django.http import Http404
from django.contrib import messages from django.contrib import messages
from django.contrib.auth.mixins import UserPassesTestMixin from django.contrib.auth.mixins import UserPassesTestMixin, LoginRequiredMixin
from .forms import ( from .forms import (
ExplorerCreationForm, ExplorerCreationForm,
@ -19,6 +19,27 @@ from .models import Place, PlaceImage, Voucher
# Create your views here. # Create your views here.
# BaseView that checks if user is logged in.
class IsAuthenticated(LoginRequiredMixin, View):
redirect_field_name = 'redirect_to'
# BaseView that checks if logged in user is submitter of place.
class IsSubmitter(UserPassesTestMixin, View):
def test_func(self):
""" Check if user is eligible to modify place. """
if self.request.user.is_superuser:
return True
# Check if currently logged in user was the submitter
place_obj = self.get_object()
if self.request.user == place_obj.submitted_by:
return True
messages.error(
self.request, 'You do not have permission to do this.')
return False
class SignUpView(CreateView): class SignUpView(CreateView):
form_class = ExplorerCreationForm form_class = ExplorerCreationForm
success_url = reverse_lazy('login') success_url = reverse_lazy('login')
@ -30,9 +51,6 @@ def place_list_view(request,):
def place_detail_view(request, pk): def place_detail_view(request, pk):
return render(request, 'place/place_detail.html', {'place':Place.objects.get(pk=pk)}) return render(request, 'place/place_detail.html', {'place':Place.objects.get(pk=pk)})
def hello_world(request):
return render(request, 'hello_world.html', {'text':'Hello World!'})
class HomeView(View): class HomeView(View):
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
place_list = Place.objects.all().order_by('submitted_when')[:10] place_list = Place.objects.all().order_by('submitted_when')[:10]
@ -41,7 +59,7 @@ class HomeView(View):
} }
return render(request, 'home.html', context) return render(request, 'home.html', context)
class PlaceUpdateView(UpdateView): class PlaceUpdateView(IsAuthenticated, IsSubmitter, UpdateView):
template_name = 'place/place_update.html' template_name = 'place/place_update.html'
model = Place model = Place
form_class = PlaceForm form_class = PlaceForm
@ -49,7 +67,7 @@ class PlaceUpdateView(UpdateView):
def get_success_url(self): def get_success_url(self):
return reverse_lazy('place_detail', kwargs={'pk':self.get_object().pk}) return reverse_lazy('place_detail', kwargs={'pk':self.get_object().pk})
class PlaceCreateView(View): class PlaceCreateView(IsAuthenticated, View):
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
place_image_form = PlaceImageCreateForm() place_image_form = PlaceImageCreateForm()
@ -97,22 +115,8 @@ class PlaceCreateView(View):
) )
place_image.save() place_image.save()
class PlaceDeleteView(UserPassesTestMixin, DeleteView): class PlaceDeleteView(IsAuthenticated, IsSubmitter, DeleteView):
template_name = 'place/place_delete.html' template_name = 'place/place_delete.html'
model = Place model = Place
success_url = reverse_lazy('place_list') success_url = reverse_lazy('place_list')
def test_func(self):
""" Check if user is eligible to delete place. """
if self.request.user.is_superuser:
return True
# Check if currently logged in user was the submitter
place_obj = self.get_object()
if self.request.user == place_obj.submitted_by:
return True
messages.error(
self.request, 'You do not have permission to delete this place.')
return False

View File

@ -1,9 +1,16 @@
{% extends 'global.html'%} {% extends 'global.html'%}
{% block title %}Forbidden{% endblock %} {% block title %}Forbidden{% endblock %}
{% block additional_head %}
{% if request.META.HTTP_REFERER %}
<p class="LP-Headline"><a href="{{ request.META.HTTP_REFERER }}" class="LP-Link">Go Back</a></p>
<meta http-equiv="refresh" content="5;url={{ request.META.HTTP_REFERER }}" />
{% endif %}
{% endblock additional_head %}
{% block maincontent %} {% block maincontent %}
{% if request.META.HTTP_REFERER %} {% if request.META.HTTP_REFERER %}
<p class="LP-Headline"><a href="{{ request.META.HTTP_REFERER }}" class="LP-Link">Go Back</a></p> <p class="LP-Headline">You will be redirected in 5 seconds</p><p class="LP-Headline"><a href="{{ request.META.HTTP_REFERER }}" class="LP-Link">Go Back</a></p>
{% endif %} {% endif %}
{% endblock maincontent %} {% endblock maincontent %}