implement permissions for add / edit objects (except where group permissions apply)
This commit is contained in:
parent
a93cb0615b
commit
e39b9b26ad
|
@ -60,6 +60,26 @@ class ItfModel(models.Model):
|
||||||
class Meta:
|
class Meta:
|
||||||
abstract = True
|
abstract = True
|
||||||
|
|
||||||
|
|
||||||
|
#Check if user has permissions on object - if more complex perms required, model should over-ride this method
|
||||||
|
def user_has_perms(self, user):
|
||||||
|
if not user.is_authenticated():
|
||||||
|
return False
|
||||||
|
if user.is_superuser:
|
||||||
|
return True
|
||||||
|
if not hasattr(self, 'added_by'):
|
||||||
|
if self.user.id == user.id:
|
||||||
|
return True
|
||||||
|
else:
|
||||||
|
return False
|
||||||
|
else:
|
||||||
|
if self.added_by.id == user.id:
|
||||||
|
return True
|
||||||
|
else:
|
||||||
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#Should return the id for the object and the title to display in the left hand list
|
#Should return the id for the object and the title to display in the left hand list
|
||||||
def list_dict(self):
|
def list_dict(self):
|
||||||
return {
|
return {
|
||||||
|
@ -78,7 +98,7 @@ class ItfModel(models.Model):
|
||||||
return d
|
return d
|
||||||
|
|
||||||
|
|
||||||
def info_dict(self):
|
def info_dict(self, request):
|
||||||
'''
|
'''
|
||||||
Ideally you should not over-ride this - over-ride .get_dict() to pass custom data.
|
Ideally you should not over-ride this - over-ride .get_dict() to pass custom data.
|
||||||
'''
|
'''
|
||||||
|
@ -89,6 +109,7 @@ class ItfModel(models.Model):
|
||||||
try:
|
try:
|
||||||
edit_url = self.get_edit_url()
|
edit_url = self.get_edit_url()
|
||||||
d['edit_url'] = edit_url
|
d['edit_url'] = edit_url
|
||||||
|
d['user_has_perms'] = self.user_has_perms(request.user)
|
||||||
except:
|
except:
|
||||||
pass
|
pass
|
||||||
return d
|
return d
|
||||||
|
@ -244,7 +265,7 @@ class ItfModel(models.Model):
|
||||||
Renders the html for this object by taking .info_dict() and rendering it to .get_template_path() . Subclasses should not over-ride this - over-ride .get_dict() ideally to pass custom data.
|
Renders the html for this object by taking .info_dict() and rendering it to .get_template_path() . Subclasses should not over-ride this - over-ride .get_dict() ideally to pass custom data.
|
||||||
'''
|
'''
|
||||||
def insidepage_dict(self, request):
|
def insidepage_dict(self, request):
|
||||||
context = RequestContext(request, self.info_dict())
|
context = RequestContext(request, self.info_dict(request))
|
||||||
html = render_to_string(self.get_template_path(), context)
|
html = render_to_string(self.get_template_path(), context)
|
||||||
return {
|
return {
|
||||||
'url': self.get_absolute_url(),
|
'url': self.get_absolute_url(),
|
||||||
|
|
|
@ -19,7 +19,7 @@ def add_object(request, module_slug, tab_slug):
|
||||||
#pdb.set_trace()
|
#pdb.set_trace()
|
||||||
if f.is_valid():
|
if f.is_valid():
|
||||||
instance = f.save(commit=False)
|
instance = f.save(commit=False)
|
||||||
if instance.__dict__.has_key('added_by_id'):
|
if instance.__dict__.has_key('added_by_id'): #FIXME: add user.is_authenticated() ..
|
||||||
instance.added_by = request.user
|
instance.added_by = request.user
|
||||||
instance.save()
|
instance.save()
|
||||||
inlines = [inline(request.POST, request.FILES, instance=instance) for inline in f.inlines]
|
inlines = [inline(request.POST, request.FILES, instance=instance) for inline in f.inlines]
|
||||||
|
@ -61,6 +61,7 @@ def edit_object(request, module_slug, tab_slug, object_id):
|
||||||
|
|
||||||
if request.POST:
|
if request.POST:
|
||||||
f = form(request.POST, request.FILES, instance=obj)
|
f = form(request.POST, request.FILES, instance=obj)
|
||||||
|
#FIXME: if obj.user_has_perms(request.user): .. else return error ..
|
||||||
inlines = [inline(request.POST, request.FILES, instance=obj) for inline in f.inlines]
|
inlines = [inline(request.POST, request.FILES, instance=obj) for inline in f.inlines]
|
||||||
if f.is_valid():
|
if f.is_valid():
|
||||||
instance = f.save()
|
instance = f.save()
|
||||||
|
|
|
@ -393,7 +393,7 @@ from scriptbank.models import Script
|
||||||
|
|
||||||
class Production(ItfModel):
|
class Production(ItfModel):
|
||||||
# user = models.ForeignKey(User)
|
# user = models.ForeignKey(User)
|
||||||
fts_fields = ['name', 'synopsis', 'group__name', 'director__firstname', 'director__lastname', 'playwright__firstname', 'playwright__lastname', 'anecdotes']
|
fts_fields = ['name', 'synopsis', 'group__name', 'director__first_name', 'director__last_name', 'playwright__first_name', 'playwright__last_name', 'anecdotes']
|
||||||
form_names = ['ProductionForm', 'PopupProductionForm']
|
form_names = ['ProductionForm', 'PopupProductionForm']
|
||||||
main_form = 'ProductionForm'
|
main_form = 'ProductionForm'
|
||||||
added_by = models.ForeignKey(User)
|
added_by = models.ForeignKey(User)
|
||||||
|
|
|
@ -209,4 +209,4 @@ $(function() {
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
<br />
|
<br />
|
||||||
<a href="{{ edit_url }}">Edit</a>
|
{% if user_has_perms %}<a href="{{ edit_url }}">Edit</a>{% endif %}
|
||||||
|
|
|
@ -95,14 +95,14 @@
|
||||||
<div id="searchInnerDiv">
|
<div id="searchInnerDiv">
|
||||||
<!--<img src="/static/images/noel/search-inner.png" width="22" height="18" alt="search" class="searchInner">-->
|
<!--<img src="/static/images/noel/search-inner.png" width="22" height="18" alt="search" class="searchInner">-->
|
||||||
<img src="/static/images/noel/about.png" width="22" height="22" id="aboutBtn" alt="About" title="About">
|
<img src="/static/images/noel/about.png" width="22" height="22" id="aboutBtn" alt="About" title="About">
|
||||||
|
{% if user.is_authenticated %}
|
||||||
{% if item.get_add_url %}
|
{% if item.get_add_url %}
|
||||||
<a href="{{ item.get_add_url }}">
|
<a href="{{ item.get_add_url }}">
|
||||||
<img src="/static/images/noel/add.png" width="28" height="20" id="addBtn" alt="About" title="Add">
|
<img src="/static/images/noel/add.png" width="28" height="20" id="addBtn" alt="About" title="Add">
|
||||||
</a>
|
</a>
|
||||||
|
|
||||||
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% ifequal title "Best Practices" %} <!-- FIXME!!! -->
|
{% ifequal title "Best Practices" %} <!-- FIXME!!! -->
|
||||||
<a target="_blank" href="/static/upload/bestpractices_downloads/INDIA_THEATRE_FORUM_BOOK-rev-4-4-11.pdf">
|
<a target="_blank" href="/static/upload/bestpractices_downloads/INDIA_THEATRE_FORUM_BOOK-rev-4-4-11.pdf">
|
||||||
<img src="/static/images/noel/Download-Icon.gif" width="29" height="20" id="downloadBtn" alt="Download" title="Download">
|
<img src="/static/images/noel/Download-Icon.gif" width="29" height="20" id="downloadBtn" alt="Download" title="Download">
|
||||||
|
|
Loading…
Reference in New Issue
Block a user