From f8ad92902aff78263238331dec0f31036d45af37 Mon Sep 17 00:00:00 2001 From: Sanj Date: Wed, 6 Jul 2011 03:08:08 +0530 Subject: [PATCH] implemented some editor permissions; added theme for article; DB CHANGE --- edgware/editor/models.py | 55 ++++++++++++++++++++++++++++++++++++---- edgware/editor/views.py | 9 ++++++- 2 files changed, 58 insertions(+), 6 deletions(-) diff --git a/edgware/editor/models.py b/edgware/editor/models.py index 93376c0..c8ccde9 100644 --- a/edgware/editor/models.py +++ b/edgware/editor/models.py @@ -170,6 +170,21 @@ def saveRevision(r): rev.save() return rev.id + +class ArticleTheme(models.Model): + name = models.CharField(max_length=255) + description = models.TextField(blank=True, null=True) + + def __unicode__(self): + return self.name + + def get_dict(self): + return { + 'id': self.id, + 'name': self.name + } + + class Article(models.Model): ''' Each page references an article. A single page cannot reference more than one article. The article is what people comment on (and potentially what audio & video are attached to). @@ -187,29 +202,59 @@ class Article(models.Model): published = models.BooleanField(default=False) users = models.ManyToManyField(User, related_name='article_user', blank=True) groups = models.ManyToManyField(Group, blank=True) - + theme = models.ForeignKey(ArticleTheme, blank=True, null=True) ''' - Return boolean for whether user can access article or not - must be passed a valid User object. + Return boolean for whether user can edit article on tool or not - must be passed a valid User object. ''' def can_edit(self, user): if user.is_anonymous(): return False + if self.locked: + return False if user.is_superuser: return True if self.owner == user: return True - if self.locked: - return False for u in self.users.iterator(): if u == User: return True for g in self.groups.iterator(): for u in g.users.iterator(): - if u == User: + if u == user: return True return False + def is_owner(self, user): + if self.owner == user or user.is_superuser: + return True + else: + return False + + def can_view(self, user): + if self.published == True or self.owner == user or user.is_superuser or user in self.users.iterator(): + return True + for g in self.groups.iterator(): + for u in g.users.iterator(): + if u == user: + return True + return False + + + @classmethod + def get_published_list(kls, user, qset=False): + if not qset: + qset = kls.objects.all() + return qset.objects.filter(published=True) + + + @classmethod + def fts(kls, search, qset=False): + if not qset: + qset = kls.objects.all() + return qset.objects.filter(name__icontains=search) + + def get_copy(self): a = Article() diff --git a/edgware/editor/views.py b/edgware/editor/views.py index 3f894b8..35613e8 100644 --- a/edgware/editor/views.py +++ b/edgware/editor/views.py @@ -1,4 +1,4 @@ -# Create your s here. + from models import * from files.models import * from django.http import HttpResponse, HttpResponseRedirect @@ -18,6 +18,8 @@ from PIL import Image import os from print_pdf import print_url_list import math +from utils.decorators import user_passes_test_json + @login_required def editor(request): @@ -87,6 +89,9 @@ def add_srt(request): def edit_article(request, id): c = Category.objects.all() a = Article.objects.get(pk=id) + user = request.user + if not a.can_edit(user): + return HttpResponse("sorry, you cannot edit this article. you either do not have permissions, or it is locked.") p = a.product if p is not None: frontend_url = "/edit/article_frontend/%d/%d/" % (p.id, a.order) @@ -111,6 +116,8 @@ def image_rotate(request, id): else: degrees = 0 image_obj = File.objects.get(pk=image_id) + + if ImageBox.objects.filter(file=image_obj).filter(is_displayed=True).count() > 0: return HttpResponse("This image is being used on a page. Cannot rotate") else: