Compare commits
7 Commits
10d96c7c8f
...
87efccf6c9
Author | SHA1 | Date | |
---|---|---|---|
87efccf6c9 | |||
a82ddaa44e | |||
78f087fb3c | |||
1d62b20a3c | |||
9f3ed46b35 | |||
b6b17f4caf | |||
c0191fc6c4 |
@ -9,6 +9,9 @@
|
||||
<title>
|
||||
{% block title %}Urban Exploration{% endblock %}
|
||||
</title>
|
||||
|
||||
{% block additional_head %}
|
||||
{% endblock additional_head %}
|
||||
</head>
|
||||
|
||||
<body>
|
||||
|
@ -1,6 +1,5 @@
|
||||
from django.urls import path
|
||||
from .views import (
|
||||
hello_world,
|
||||
HomeView,
|
||||
place_detail_view,
|
||||
place_list_view,
|
||||
@ -11,7 +10,6 @@ from .views import (
|
||||
)
|
||||
|
||||
urlpatterns = [
|
||||
path('hello_world/', hello_world), # You know what this is :P
|
||||
path('', HomeView.as_view(), name='home'),
|
||||
path('signup/', SignUpView.as_view(), name='signup'),
|
||||
path('place/<int:pk>/', place_detail_view, name='place_detail'),
|
||||
|
@ -8,7 +8,7 @@ from django.views.generic.edit import CreateView, UpdateView, DeleteView
|
||||
from django.views import View
|
||||
from django.http import Http404
|
||||
from django.contrib import messages
|
||||
from django.contrib.auth.mixins import UserPassesTestMixin
|
||||
from django.contrib.auth.mixins import UserPassesTestMixin, LoginRequiredMixin
|
||||
|
||||
from .forms import (
|
||||
ExplorerCreationForm,
|
||||
@ -19,6 +19,27 @@ from .models import Place, PlaceImage, Voucher
|
||||
|
||||
# Create your views here.
|
||||
|
||||
# BaseView that checks if user is logged in.
|
||||
class IsAuthenticated(LoginRequiredMixin, View):
|
||||
redirect_field_name = 'redirect_to'
|
||||
|
||||
# BaseView that checks if logged in user is submitter of place.
|
||||
class IsSubmitter(UserPassesTestMixin, View):
|
||||
def test_func(self):
|
||||
""" Check if user is eligible to modify place. """
|
||||
if self.request.user.is_superuser:
|
||||
return True
|
||||
|
||||
# Check if currently logged in user was the submitter
|
||||
place_obj = self.get_object()
|
||||
|
||||
if self.request.user == place_obj.submitted_by:
|
||||
return True
|
||||
|
||||
messages.error(
|
||||
self.request, 'You do not have permission to do this.')
|
||||
return False
|
||||
|
||||
class SignUpView(CreateView):
|
||||
form_class = ExplorerCreationForm
|
||||
success_url = reverse_lazy('login')
|
||||
@ -30,9 +51,6 @@ def place_list_view(request,):
|
||||
def place_detail_view(request, pk):
|
||||
return render(request, 'place/place_detail.html', {'place':Place.objects.get(pk=pk)})
|
||||
|
||||
def hello_world(request):
|
||||
return render(request, 'hello_world.html', {'text':'Hello World!'})
|
||||
|
||||
class HomeView(View):
|
||||
def get(self, request, *args, **kwargs):
|
||||
place_list = Place.objects.all().order_by('submitted_when')[:10]
|
||||
@ -41,7 +59,7 @@ class HomeView(View):
|
||||
}
|
||||
return render(request, 'home.html', context)
|
||||
|
||||
class PlaceUpdateView(UpdateView):
|
||||
class PlaceUpdateView(IsAuthenticated, IsSubmitter, UpdateView):
|
||||
template_name = 'place/place_update.html'
|
||||
model = Place
|
||||
form_class = PlaceForm
|
||||
@ -49,7 +67,7 @@ class PlaceUpdateView(UpdateView):
|
||||
def get_success_url(self):
|
||||
return reverse_lazy('place_detail', kwargs={'pk':self.get_object().pk})
|
||||
|
||||
class PlaceCreateView(View):
|
||||
class PlaceCreateView(IsAuthenticated, View):
|
||||
|
||||
def get(self, request, *args, **kwargs):
|
||||
place_image_form = PlaceImageCreateForm()
|
||||
@ -97,22 +115,8 @@ class PlaceCreateView(View):
|
||||
)
|
||||
place_image.save()
|
||||
|
||||
class PlaceDeleteView(UserPassesTestMixin, DeleteView):
|
||||
class PlaceDeleteView(IsAuthenticated, IsSubmitter, DeleteView):
|
||||
template_name = 'place/place_delete.html'
|
||||
model = Place
|
||||
success_url = reverse_lazy('place_list')
|
||||
|
||||
def test_func(self):
|
||||
""" Check if user is eligible to delete place. """
|
||||
if self.request.user.is_superuser:
|
||||
return True
|
||||
|
||||
# Check if currently logged in user was the submitter
|
||||
place_obj = self.get_object()
|
||||
|
||||
if self.request.user == place_obj.submitted_by:
|
||||
return True
|
||||
|
||||
messages.error(
|
||||
self.request, 'You do not have permission to delete this place.')
|
||||
return False
|
@ -1,9 +1,16 @@
|
||||
{% extends 'global.html'%}
|
||||
|
||||
{% block title %}Forbidden{% endblock %}
|
||||
{% block additional_head %}
|
||||
{% if request.META.HTTP_REFERER %}
|
||||
<p class="LP-Headline"><a href="{{ request.META.HTTP_REFERER }}" class="LP-Link">Go Back</a></p>
|
||||
<meta http-equiv="refresh" content="5;url={{ request.META.HTTP_REFERER }}" />
|
||||
{% endif %}
|
||||
|
||||
{% endblock additional_head %}
|
||||
|
||||
{% block maincontent %}
|
||||
{% if request.META.HTTP_REFERER %}
|
||||
<p class="LP-Headline"><a href="{{ request.META.HTTP_REFERER }}" class="LP-Link">Go Back</a></p>
|
||||
<p class="LP-Headline">You will be redirected in 5 seconds</p><p class="LP-Headline"><a href="{{ request.META.HTTP_REFERER }}" class="LP-Link">Go Back</a></p>
|
||||
{% endif %}
|
||||
{% endblock maincontent %}
|
Loading…
Reference in New Issue
Block a user