DAV-KA/django-dav-events
1
0
Fork 0
Code Issues 24 Pull Requests Actions Releases Wiki Activity

mostly auth stuff.

Browse Source
This commit is contained in:
heinzel
2018-01-19 16:16:39 +01:00
parent b72b5a519f
commit 3f9cc11dbd
9 changed files with 174 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
dav_events/views.py
View File

@@ -3,12 +3,14 @@ import os
from django.contrib.auth import login, views as auth_views
from django.contrib.auth.decorators import login_required
from django.core.exceptions import SuspiciousOperation
from django.core.exceptions import PermissionDenied, SuspiciousOperation
from django.db.models import Q
from django.http import HttpResponseRedirect
from django.urls import reverse, reverse_lazy
from django.utils.decorators import method_decorator
from django.views import generic
from . import config
from . import forms
from . import models
@@ -45,15 +47,85 @@ class SetPasswordView(auth_views.PasswordChangeView):
class EventListView(generic.ListView):
model = models.Event
queryset = models.Event.objects.all()
def get_queryset(self):
user = self.request.user
if user.is_superuser:
qs = self.model.objects.all()
elif user.groups.filter(name=config.MANAGE_ALL_GROUP).count():
qs = self.model.objects.all()
else:
user_sports_list = list()
for k in ['W', 'S', 'M', 'K', 'B']:
group_name_var = 'MANAGE_{}_GROUP'.format(k)
group_name = getattr(config, group_name_var, None)
if group_name and user.groups.filter(name=group_name).count():
user_sports_list.append(k)
qs = self.model.objects.filter(Q(owner=user) | Q(sport__in=user_sports_list))
return qs
@method_decorator(login_required)
def dispatch(self, request, *args, **kwargs):
return super(EventListView, self).dispatch(request, *args, **kwargs)
class EventDetailView(generic.DetailView):
class EventPermissionMixin(object):
permission = 'view'
def has_permission(self, permission, obj):
user = self.request.user
if user.is_superuser:
return True
if permission == 'view':
if obj.owner == user:
return True
if user.groups.filter(name=config.MANAGE_ALL_GROUP).count():
return True
group_name_var = 'MANAGE_{}_GROUP'.format(obj.sport)
group_name = getattr(config, group_name_var, None)
if group_name and user.groups.filter(name=group_name).count():
return True
elif permission in ('edit', 'accept'):
if user.groups.filter(name=config.MANAGE_ALL_GROUP).count():
return True
group_name_var = 'MANAGE_{}_GROUP'.format(obj.sport)
group_name = getattr(config, group_name_var, None)
if group_name and user.groups.filter(name=group_name).count():
return True
return False
def enforce_permission(self, obj):
permission = self.permission
if not self.has_permission(permission, obj):
raise PermissionDenied()
class EventDetailView(EventPermissionMixin, generic.DetailView):
model = models.Event
def get_object(self, queryset=None):
obj = super(EventDetailView, self).get_object(queryset=queryset)
self.enforce_permission(obj)
return obj
class EventAcceptView(generic.DetailView):
model = models.Event
def get_context_data(self, **kwargs):
context = super(EventDetailView, self).get_context_data(**kwargs)
obj = context.get('event')
context['has_permission_accept'] = self.has_permission('accept', obj)
context['has_permission_edit'] = self.has_permission('edit', obj)
return context
@method_decorator(login_required)
def dispatch(self, request, *args, **kwargs):
return super(EventDetailView, self).dispatch(request, *args, **kwargs)
class EventAcceptView(EventDetailView):
permission = 'accept'
def accept(self):
event = self.get_object()
@@ -118,7 +190,7 @@ class EventCreateView(generic.FormView):
next_url = reverse('dav_events:event_list')
else:
login(self.request, owner)
next_url = reverse('dav_events:set_password', kwargs={'pk': owner.pk})
next_url = reverse('dav_events:set_password')
return HttpResponseRedirect(next_url)
def clean_session_data(self, session=None):