implement permissions for add / edit objects (except where group permissions apply)

This commit is contained in:
Sanjay B 2013-05-28 16:23:00 +05:30
parent a93cb0615b
commit e39b9b26ad
5 changed files with 34 additions and 12 deletions

View File

@ -60,6 +60,26 @@ class ItfModel(models.Model):
class Meta: class Meta:
abstract = True abstract = True
#Check if user has permissions on object - if more complex perms required, model should over-ride this method
def user_has_perms(self, user):
if not user.is_authenticated():
return False
if user.is_superuser:
return True
if not hasattr(self, 'added_by'):
if self.user.id == user.id:
return True
else:
return False
else:
if self.added_by.id == user.id:
return True
else:
return False
#Should return the id for the object and the title to display in the left hand list #Should return the id for the object and the title to display in the left hand list
def list_dict(self): def list_dict(self):
return { return {
@ -78,7 +98,7 @@ class ItfModel(models.Model):
return d return d
def info_dict(self): def info_dict(self, request):
''' '''
Ideally you should not over-ride this - over-ride .get_dict() to pass custom data. Ideally you should not over-ride this - over-ride .get_dict() to pass custom data.
''' '''
@ -89,6 +109,7 @@ class ItfModel(models.Model):
try: try:
edit_url = self.get_edit_url() edit_url = self.get_edit_url()
d['edit_url'] = edit_url d['edit_url'] = edit_url
d['user_has_perms'] = self.user_has_perms(request.user)
except: except:
pass pass
return d return d
@ -244,7 +265,7 @@ class ItfModel(models.Model):
Renders the html for this object by taking .info_dict() and rendering it to .get_template_path() . Subclasses should not over-ride this - over-ride .get_dict() ideally to pass custom data. Renders the html for this object by taking .info_dict() and rendering it to .get_template_path() . Subclasses should not over-ride this - over-ride .get_dict() ideally to pass custom data.
''' '''
def insidepage_dict(self, request): def insidepage_dict(self, request):
context = RequestContext(request, self.info_dict()) context = RequestContext(request, self.info_dict(request))
html = render_to_string(self.get_template_path(), context) html = render_to_string(self.get_template_path(), context)
return { return {
'url': self.get_absolute_url(), 'url': self.get_absolute_url(),

View File

@ -19,7 +19,7 @@ def add_object(request, module_slug, tab_slug):
#pdb.set_trace() #pdb.set_trace()
if f.is_valid(): if f.is_valid():
instance = f.save(commit=False) instance = f.save(commit=False)
if instance.__dict__.has_key('added_by_id'): if instance.__dict__.has_key('added_by_id'): #FIXME: add user.is_authenticated() ..
instance.added_by = request.user instance.added_by = request.user
instance.save() instance.save()
inlines = [inline(request.POST, request.FILES, instance=instance) for inline in f.inlines] inlines = [inline(request.POST, request.FILES, instance=instance) for inline in f.inlines]
@ -61,6 +61,7 @@ def edit_object(request, module_slug, tab_slug, object_id):
if request.POST: if request.POST:
f = form(request.POST, request.FILES, instance=obj) f = form(request.POST, request.FILES, instance=obj)
#FIXME: if obj.user_has_perms(request.user): .. else return error ..
inlines = [inline(request.POST, request.FILES, instance=obj) for inline in f.inlines] inlines = [inline(request.POST, request.FILES, instance=obj) for inline in f.inlines]
if f.is_valid(): if f.is_valid():
instance = f.save() instance = f.save()

View File

@ -393,7 +393,7 @@ from scriptbank.models import Script
class Production(ItfModel): class Production(ItfModel):
# user = models.ForeignKey(User) # user = models.ForeignKey(User)
fts_fields = ['name', 'synopsis', 'group__name', 'director__firstname', 'director__lastname', 'playwright__firstname', 'playwright__lastname', 'anecdotes'] fts_fields = ['name', 'synopsis', 'group__name', 'director__first_name', 'director__last_name', 'playwright__first_name', 'playwright__last_name', 'anecdotes']
form_names = ['ProductionForm', 'PopupProductionForm'] form_names = ['ProductionForm', 'PopupProductionForm']
main_form = 'ProductionForm' main_form = 'ProductionForm'
added_by = models.ForeignKey(User) added_by = models.ForeignKey(User)

View File

@ -209,4 +209,4 @@ $(function() {
</script> </script>
<br /> <br />
<a href="{{ edit_url }}">Edit</a> {% if user_has_perms %}<a href="{{ edit_url }}">Edit</a>{% endif %}

View File

@ -95,14 +95,14 @@
<div id="searchInnerDiv"> <div id="searchInnerDiv">
<!--<img src="/static/images/noel/search-inner.png" width="22" height="18" alt="search" class="searchInner">--> <!--<img src="/static/images/noel/search-inner.png" width="22" height="18" alt="search" class="searchInner">-->
<img src="/static/images/noel/about.png" width="22" height="22" id="aboutBtn" alt="About" title="About"> <img src="/static/images/noel/about.png" width="22" height="22" id="aboutBtn" alt="About" title="About">
{% if user.is_authenticated %}
{% if item.get_add_url %}
<a href="{{ item.get_add_url }}">
<img src="/static/images/noel/add.png" width="28" height="20" id="addBtn" alt="About" title="Add">
</a>
{% if item.get_add_url %} {% endif %}
<a href="{{ item.get_add_url }}">
<img src="/static/images/noel/add.png" width="28" height="20" id="addBtn" alt="About" title="Add">
</a>
{% endif %} {% endif %}
{% ifequal title "Best Practices" %} <!-- FIXME!!! --> {% ifequal title "Best Practices" %} <!-- FIXME!!! -->
<a target="_blank" href="/static/upload/bestpractices_downloads/INDIA_THEATRE_FORUM_BOOK-rev-4-4-11.pdf"> <a target="_blank" href="/static/upload/bestpractices_downloads/INDIA_THEATRE_FORUM_BOOK-rev-4-4-11.pdf">
<img src="/static/images/noel/Download-Icon.gif" width="29" height="20" id="downloadBtn" alt="Download" title="Download"> <img src="/static/images/noel/Download-Icon.gif" width="29" height="20" id="downloadBtn" alt="Download" title="Download">