Compare commits

..

2 Commits

3 changed files with 52 additions and 12 deletions

View File

@ -85,6 +85,13 @@ class Explorer(models.Model):
def get_places_eligible_to_see(self): def get_places_eligible_to_see(self):
return Place.objects.all().filter(level__lte=self.level) return Place.objects.all().filter(level__lte=self.level)
def is_eligible_to_see(self, place):
return (
self.user.is_superuser or
place.submitted_by == self or
place in self.get_places_eligible_to_see()
)
def __str__(self): def __str__(self):
return self.user.username return self.user.username

View File

@ -27,7 +27,8 @@ class IsAuthenticatedMixin(LoginRequiredMixin, View):
permission_denied_message = _('Please login to proceed') permission_denied_message = _('Please login to proceed')
def handle_no_permission(self): def handle_no_permission(self):
messages.error(self.request, self.permission_denied_message) if not self.request.user.is_authenticated:
messages.error(self.request, self.permission_denied_message)
return super().handle_no_permission() return super().handle_no_permission()
class IsPlaceSubmitterMixin(UserPassesTestMixin, View): class IsPlaceSubmitterMixin(UserPassesTestMixin, View):
@ -61,6 +62,23 @@ class IsPlaceSubmitterMixin(UserPassesTestMixin, View):
messages.error(self.request, self.place_submitter_error_message) messages.error(self.request, self.place_submitter_error_message)
return False return False
class IsEligibleToSeePlaceMixin(UserPassesTestMixin):
not_eligible_to_see_message = None
def get_place(self):
pass
def test_func(self):
if not hasattr(self.request, 'user'):
return False
if self.request.user.explorer.is_eligible_to_see(self.get_place()):
return True
if self.not_eligible_to_see_message:
messages.error(self.request, self.not_eligible_to_see_message)
return False
class PlaceAssetCreateView(IsAuthenticatedMixin, SuccessMessageMixin, CreateView): class PlaceAssetCreateView(IsAuthenticatedMixin, SuccessMessageMixin, CreateView):
""" """
Abstract View for creating a place asset (i.e. PlaceImage) Abstract View for creating a place asset (i.e. PlaceImage)

View File

@ -18,7 +18,8 @@ from lostplaces.models import Place, PlaceImage
from lostplaces.views.base_views import ( from lostplaces.views.base_views import (
IsAuthenticatedMixin, IsAuthenticatedMixin,
IsPlaceSubmitterMixin, IsPlaceSubmitterMixin,
LevelCapPlaceListView LevelCapPlaceListView,
IsEligibleToSeePlaceMixin
) )
from lostplaces.views.place_image_views import MultiplePlaceImageUploadMixin from lostplaces.views.place_image_views import MultiplePlaceImageUploadMixin
from lostplaces.forms import PlaceForm, PlaceImageForm, TagSubmitForm from lostplaces.forms import PlaceForm, PlaceImageForm, TagSubmitForm
@ -39,9 +40,15 @@ class PlaceListView(IsAuthenticatedMixin, LevelCapPlaceListView):
} }
return context return context
class PlaceDetailView(IsAuthenticatedMixin, View): class PlaceDetailView(IsAuthenticatedMixin, IsEligibleToSeePlaceMixin, View):
not_eligible_to_see_message = _('You\'r not allowed to see this place')
def get_place(self):
return get_object_or_404(Place, pk=self.kwargs['pk'])
def get(self, request, pk): def get(self, request, pk):
place = get_object_or_404(Place, pk=pk) place = self.get_place()
context = { context = {
'place': place, 'place': place,
'mapping_config': { 'mapping_config': {
@ -131,10 +138,14 @@ class PlaceDeleteView(IsAuthenticatedMixin, IsPlaceSubmitterMixin, DeleteView):
def get_place(self): def get_place(self):
return self.get_object() return self.get_object()
class PlaceFavoriteView(IsAuthenticatedMixin, View): class PlaceFavoriteView(IsAuthenticatedMixin, IsEligibleToSeePlaceMixin, View):
not_eligible_to_see_message = _('You\'r not allowed to favorite this place')
def get_place(self):
return get_object_or_404(Place, pk=self.kwargs['place_id'])
def get(self, request, place_id): def get(self, request, place_id):
place = get_object_or_404(Place, id=place_id) place = self.get_place()
if request.user is not None: if request.user is not None:
request.user.explorer.favorite_places.add(place) request.user.explorer.favorite_places.add(place)
request.user.explorer.save() request.user.explorer.save()
@ -151,10 +162,14 @@ class PlaceUnfavoriteView(IsAuthenticatedMixin, View):
return redirect_referer_or(request, reverse('place_detail', kwargs={'pk': place.pk})) return redirect_referer_or(request, reverse('place_detail', kwargs={'pk': place.pk}))
class PlaceVisitCreateView(IsAuthenticatedMixin, View): class PlaceVisitCreateView(IsAuthenticatedMixin, IsEligibleToSeePlaceMixin, View):
not_eligible_to_see_message = _('You\'r not allowed to visit this place :P (Now please stop trying out URL\'s)')
def get_place(self):
return get_object_or_404(Place, pk=self.kwargs['place_id'])
def get(self, request, place_id): def get(self, request, place_id):
place = get_object_or_404(Place, id=place_id) place = self.get_place()
if request.user is not None: if request.user is not None:
request.user.explorer.visited_places.add(place) request.user.explorer.visited_places.add(place)
request.user.explorer.save() request.user.explorer.save()