implement permissions for add / edit objects (except where group permissions apply)

2013-05-28 16:23:00 +05:30 · 2013-05-28 16:23:00 +05:30 · e39b9b26ad
commit e39b9b26ad
parent a93cb0615b
5 changed files with 34 additions and 12 deletions
--- a/itf/app/models.py
+++ b/itf/app/models.py
@ -60,6 +60,26 @@ class ItfModel(models.Model):
  class Meta:
    abstract = True

+
+  #Check if user has permissions on object - if more complex perms required, model should over-ride this method
+  def user_has_perms(self, user):
+    if not user.is_authenticated():
+      return False
+    if user.is_superuser:
+      return True
+    if not hasattr(self, 'added_by'):
+      if self.user.id == user.id:
+        return True
+      else:
+        return False
+    else:
+      if self.added_by.id == user.id:
+        return True
+      else:
+        return False
+    
+  
+
  #Should return the id for the object and the title to display in the left hand list
  def list_dict(self):
    return {
@ -78,7 +98,7 @@ class ItfModel(models.Model):
    return d

 
-  def info_dict(self):
+  def info_dict(self, request):
    '''
        Ideally you should not over-ride this - over-ride .get_dict() to pass custom data.
    '''
@ -89,6 +109,7 @@ class ItfModel(models.Model):
    try:
      edit_url = self.get_edit_url()
      d['edit_url'] = edit_url
+      d['user_has_perms'] = self.user_has_perms(request.user)
    except:
      pass
    return d
@ -244,7 +265,7 @@ class ItfModel(models.Model):
  Renders the html for this object by taking .info_dict() and rendering it to .get_template_path() . Subclasses should not over-ride this - over-ride .get_dict() ideally to pass custom data.
  '''
  def insidepage_dict(self, request):
-    context = RequestContext(request, self.info_dict())
+    context = RequestContext(request, self.info_dict(request))
    html = render_to_string(self.get_template_path(), context)
    return {
        'url': self.get_absolute_url(),
--- a/itf/insidepages/views.py
+++ b/itf/insidepages/views.py
@ -19,7 +19,7 @@ def add_object(request, module_slug, tab_slug):
        #pdb.set_trace()        
        if f.is_valid():
            instance = f.save(commit=False)
-            if instance.__dict__.has_key('added_by_id'):
+            if instance.__dict__.has_key('added_by_id'): #FIXME: add user.is_authenticated() ..
                instance.added_by = request.user
            instance.save()
            inlines = [inline(request.POST, request.FILES, instance=instance) for inline in f.inlines]
@ -61,6 +61,7 @@ def edit_object(request, module_slug, tab_slug, object_id):
   
    if request.POST:
        f = form(request.POST, request.FILES, instance=obj)
+        #FIXME: if obj.user_has_perms(request.user): .. else return error .. 
        inlines = [inline(request.POST, request.FILES, instance=obj) for inline in f.inlines]
        if f.is_valid():
            instance = f.save()
--- a/itf/itfprofiles/models.py
+++ b/itf/itfprofiles/models.py
@ -393,7 +393,7 @@ from scriptbank.models import Script
  
 class Production(ItfModel):
 #    user = models.ForeignKey(User)
-    fts_fields = ['name', 'synopsis', 'group__name', 'director__firstname', 'director__lastname', 'playwright__firstname', 'playwright__lastname', 'anecdotes']
+    fts_fields = ['name', 'synopsis', 'group__name', 'director__first_name', 'director__last_name', 'playwright__first_name', 'playwright__last_name', 'anecdotes']
    form_names = ['ProductionForm', 'PopupProductionForm']
    main_form = 'ProductionForm'
    added_by = models.ForeignKey(User)
--- a/itf/templates/modules/events/event.html
+++ b/itf/templates/modules/events/event.html
@ -209,4 +209,4 @@ $(function() {
 </script>

 <br />
-<a href="{{ edit_url }}">Edit</a>
+{% if user_has_perms %}<a href="{{ edit_url }}">Edit</a>{% endif %}
--- a/itf/templates/noel/render_object.html
+++ b/itf/templates/noel/render_object.html
@ -95,14 +95,14 @@
        <div id="searchInnerDiv">
            <!--<img src="/static/images/noel/search-inner.png" width="22" height="18" alt="search" class="searchInner">-->	
            <img src="/static/images/noel/about.png" width="22" height="22" id="aboutBtn" alt="About" title="About">
-            
-            {% if item.get_add_url %}
-                <a href="{{ item.get_add_url }}">
-                        <img src="/static/images/noel/add.png" width="28" height="20" id="addBtn" alt="About" title="Add">
-                </a>
-            
+            {% if user.is_authenticated %}
+                {% if item.get_add_url %}
+                    <a href="{{ item.get_add_url }}">
+                            <img src="/static/images/noel/add.png" width="28" height="20" id="addBtn" alt="About" title="Add">
+                    </a>
+                
+                {% endif %}
            {% endif %}
-            
            {% ifequal title "Best Practices" %} <!-- FIXME!!! -->
                <a target="_blank" href="/static/upload/bestpractices_downloads/INDIA_THEATRE_FORUM_BOOK-rev-4-4-11.pdf">
                    <img src="/static/images/noel/Download-Icon.gif" width="29" height="20" id="downloadBtn" alt="Download" title="Download">