FIX: dav_event_office: use has_global_permission instead of has_role to

give access to super users.
2019-07-03 15:27:31 +02:00
parent 7540a3ae7a
commit c62eba67f6
2 changed files with 9 additions and 7 deletions
--- a/dav_event_office/views.py
+++ b/dav_event_office/views.py
@@ -9,8 +9,8 @@ from django.utils.decorators import method_decorator
 from django.views import generic

 from dav_events.models import Participant
-from dav_events.roles import has_role
 from dav_events.views.events import EventListView as _EventListView, EventRegistrationsView as _EventRegistrationsView
+from dav_events.workflow import DefaultWorkflow


 class HomeView(generic.TemplateView):
@@ -22,8 +22,8 @@ class EventListView(_EventListView):

    @method_decorator(login_required)
    def dispatch(self, request, *args, **kwargs):
-        if not has_role(request.user, 'office'):
-            raise PermissionDenied('Zugang nur für die Geschäftsstelle')
+        if not DefaultWorkflow.has_global_permission(request.user, 'payment'):
+            raise PermissionDenied('payment')
        return super(EventListView, self).dispatch(request, *args, **kwargs)


@@ -32,8 +32,8 @@ class EventDetailView(_EventRegistrationsView):

    @method_decorator(login_required)
    def dispatch(self, request, *args, **kwargs):
-        if not has_role(request.user, 'office'):
-            raise PermissionDenied('Zugang nur für die Geschäftsstelle')
+        if not DefaultWorkflow.has_global_permission(request.user, 'payment'):
+            raise PermissionDenied('payment')
        return super(EventDetailView, self).dispatch(request, *args, **kwargs)


@@ -59,6 +59,6 @@ class ParticipantListView(generic.ListView):

    @method_decorator(login_required)
    def dispatch(self, request, *args, **kwargs):
-        if not has_role(request.user, 'office'):
-            raise PermissionDenied('Zugang nur für die Geschäftsstelle')
+        if not DefaultWorkflow.has_global_permission(request.user, 'payment'):
+            raise PermissionDenied('payment')
        return super(ParticipantListView, self).dispatch(request, *args, **kwargs)
--- a/dav_events/workflow.py
+++ b/dav_events/workflow.py
@@ -475,6 +475,8 @@ class BasicWorkflow(object):

        if permission == 'export':
            return has_role(user, 'publisher')
+        elif permission == 'payment':
+            return has_role(user, 'office')
        return False

    #