Compare commits
No commits in common. "87efccf6c9d345781493b2ca4e80c8fd9f898fe9" and "10d96c7c8fba9486afae219190b66efb8061b2ae" have entirely different histories.
87efccf6c9
...
10d96c7c8f
@ -9,9 +9,6 @@
|
||||
<title>
|
||||
{% block title %}Urban Exploration{% endblock %}
|
||||
</title>
|
||||
|
||||
{% block additional_head %}
|
||||
{% endblock additional_head %}
|
||||
</head>
|
||||
|
||||
<body>
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
from django.urls import path
|
||||
from .views import (
|
||||
hello_world,
|
||||
HomeView,
|
||||
place_detail_view,
|
||||
place_list_view,
|
||||
@ -10,6 +11,7 @@ from .views import (
|
||||
)
|
||||
|
||||
urlpatterns = [
|
||||
path('hello_world/', hello_world), # You know what this is :P
|
||||
path('', HomeView.as_view(), name='home'),
|
||||
path('signup/', SignUpView.as_view(), name='signup'),
|
||||
path('place/<int:pk>/', place_detail_view, name='place_detail'),
|
||||
|
||||
@ -8,7 +8,7 @@ from django.views.generic.edit import CreateView, UpdateView, DeleteView
|
||||
from django.views import View
|
||||
from django.http import Http404
|
||||
from django.contrib import messages
|
||||
from django.contrib.auth.mixins import UserPassesTestMixin, LoginRequiredMixin
|
||||
from django.contrib.auth.mixins import UserPassesTestMixin
|
||||
|
||||
from .forms import (
|
||||
ExplorerCreationForm,
|
||||
@ -19,27 +19,6 @@ from .models import Place, PlaceImage, Voucher
|
||||
|
||||
# Create your views here.
|
||||
|
||||
# BaseView that checks if user is logged in.
|
||||
class IsAuthenticated(LoginRequiredMixin, View):
|
||||
redirect_field_name = 'redirect_to'
|
||||
|
||||
# BaseView that checks if logged in user is submitter of place.
|
||||
class IsSubmitter(UserPassesTestMixin, View):
|
||||
def test_func(self):
|
||||
""" Check if user is eligible to modify place. """
|
||||
if self.request.user.is_superuser:
|
||||
return True
|
||||
|
||||
# Check if currently logged in user was the submitter
|
||||
place_obj = self.get_object()
|
||||
|
||||
if self.request.user == place_obj.submitted_by:
|
||||
return True
|
||||
|
||||
messages.error(
|
||||
self.request, 'You do not have permission to do this.')
|
||||
return False
|
||||
|
||||
class SignUpView(CreateView):
|
||||
form_class = ExplorerCreationForm
|
||||
success_url = reverse_lazy('login')
|
||||
@ -51,6 +30,9 @@ def place_list_view(request,):
|
||||
def place_detail_view(request, pk):
|
||||
return render(request, 'place/place_detail.html', {'place':Place.objects.get(pk=pk)})
|
||||
|
||||
def hello_world(request):
|
||||
return render(request, 'hello_world.html', {'text':'Hello World!'})
|
||||
|
||||
class HomeView(View):
|
||||
def get(self, request, *args, **kwargs):
|
||||
place_list = Place.objects.all().order_by('submitted_when')[:10]
|
||||
@ -59,7 +41,7 @@ class HomeView(View):
|
||||
}
|
||||
return render(request, 'home.html', context)
|
||||
|
||||
class PlaceUpdateView(IsAuthenticated, IsSubmitter, UpdateView):
|
||||
class PlaceUpdateView(UpdateView):
|
||||
template_name = 'place/place_update.html'
|
||||
model = Place
|
||||
form_class = PlaceForm
|
||||
@ -67,7 +49,7 @@ class PlaceUpdateView(IsAuthenticated, IsSubmitter, UpdateView):
|
||||
def get_success_url(self):
|
||||
return reverse_lazy('place_detail', kwargs={'pk':self.get_object().pk})
|
||||
|
||||
class PlaceCreateView(IsAuthenticated, View):
|
||||
class PlaceCreateView(View):
|
||||
|
||||
def get(self, request, *args, **kwargs):
|
||||
place_image_form = PlaceImageCreateForm()
|
||||
@ -115,8 +97,22 @@ class PlaceCreateView(IsAuthenticated, View):
|
||||
)
|
||||
place_image.save()
|
||||
|
||||
class PlaceDeleteView(IsAuthenticated, IsSubmitter, DeleteView):
|
||||
class PlaceDeleteView(UserPassesTestMixin, DeleteView):
|
||||
template_name = 'place/place_delete.html'
|
||||
model = Place
|
||||
success_url = reverse_lazy('place_list')
|
||||
|
||||
def test_func(self):
|
||||
""" Check if user is eligible to delete place. """
|
||||
if self.request.user.is_superuser:
|
||||
return True
|
||||
|
||||
# Check if currently logged in user was the submitter
|
||||
place_obj = self.get_object()
|
||||
|
||||
if self.request.user == place_obj.submitted_by:
|
||||
return True
|
||||
|
||||
messages.error(
|
||||
self.request, 'You do not have permission to delete this place.')
|
||||
return False
|
||||
@ -1,16 +1,9 @@
|
||||
{% extends 'global.html'%}
|
||||
|
||||
{% block title %}Forbidden{% endblock %}
|
||||
{% block additional_head %}
|
||||
{% if request.META.HTTP_REFERER %}
|
||||
<p class="LP-Headline"><a href="{{ request.META.HTTP_REFERER }}" class="LP-Link">Go Back</a></p>
|
||||
<meta http-equiv="refresh" content="5;url={{ request.META.HTTP_REFERER }}" />
|
||||
{% endif %}
|
||||
|
||||
{% endblock additional_head %}
|
||||
|
||||
{% block maincontent %}
|
||||
{% if request.META.HTTP_REFERER %}
|
||||
<p class="LP-Headline">You will be redirected in 5 seconds</p><p class="LP-Headline"><a href="{{ request.META.HTTP_REFERER }}" class="LP-Link">Go Back</a></p>
|
||||
<p class="LP-Headline"><a href="{{ request.META.HTTP_REFERER }}" class="LP-Link">Go Back</a></p>
|
||||
{% endif %}
|
||||
{% endblock maincontent %}
|
||||
Loading…
Reference in New Issue
Block a user