implement permissions for add / edit objects (except where group permissions apply)
This commit is contained in:
parent
a93cb0615b
commit
e39b9b26ad
|
@ -60,6 +60,26 @@ class ItfModel(models.Model):
|
|||
class Meta:
|
||||
abstract = True
|
||||
|
||||
|
||||
#Check if user has permissions on object - if more complex perms required, model should over-ride this method
|
||||
def user_has_perms(self, user):
|
||||
if not user.is_authenticated():
|
||||
return False
|
||||
if user.is_superuser:
|
||||
return True
|
||||
if not hasattr(self, 'added_by'):
|
||||
if self.user.id == user.id:
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
else:
|
||||
if self.added_by.id == user.id:
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
|
||||
|
||||
|
||||
#Should return the id for the object and the title to display in the left hand list
|
||||
def list_dict(self):
|
||||
return {
|
||||
|
@ -78,7 +98,7 @@ class ItfModel(models.Model):
|
|||
return d
|
||||
|
||||
|
||||
def info_dict(self):
|
||||
def info_dict(self, request):
|
||||
'''
|
||||
Ideally you should not over-ride this - over-ride .get_dict() to pass custom data.
|
||||
'''
|
||||
|
@ -89,6 +109,7 @@ class ItfModel(models.Model):
|
|||
try:
|
||||
edit_url = self.get_edit_url()
|
||||
d['edit_url'] = edit_url
|
||||
d['user_has_perms'] = self.user_has_perms(request.user)
|
||||
except:
|
||||
pass
|
||||
return d
|
||||
|
@ -244,7 +265,7 @@ class ItfModel(models.Model):
|
|||
Renders the html for this object by taking .info_dict() and rendering it to .get_template_path() . Subclasses should not over-ride this - over-ride .get_dict() ideally to pass custom data.
|
||||
'''
|
||||
def insidepage_dict(self, request):
|
||||
context = RequestContext(request, self.info_dict())
|
||||
context = RequestContext(request, self.info_dict(request))
|
||||
html = render_to_string(self.get_template_path(), context)
|
||||
return {
|
||||
'url': self.get_absolute_url(),
|
||||
|
|
|
@ -19,7 +19,7 @@ def add_object(request, module_slug, tab_slug):
|
|||
#pdb.set_trace()
|
||||
if f.is_valid():
|
||||
instance = f.save(commit=False)
|
||||
if instance.__dict__.has_key('added_by_id'):
|
||||
if instance.__dict__.has_key('added_by_id'): #FIXME: add user.is_authenticated() ..
|
||||
instance.added_by = request.user
|
||||
instance.save()
|
||||
inlines = [inline(request.POST, request.FILES, instance=instance) for inline in f.inlines]
|
||||
|
@ -61,6 +61,7 @@ def edit_object(request, module_slug, tab_slug, object_id):
|
|||
|
||||
if request.POST:
|
||||
f = form(request.POST, request.FILES, instance=obj)
|
||||
#FIXME: if obj.user_has_perms(request.user): .. else return error ..
|
||||
inlines = [inline(request.POST, request.FILES, instance=obj) for inline in f.inlines]
|
||||
if f.is_valid():
|
||||
instance = f.save()
|
||||
|
|
|
@ -393,7 +393,7 @@ from scriptbank.models import Script
|
|||
|
||||
class Production(ItfModel):
|
||||
# user = models.ForeignKey(User)
|
||||
fts_fields = ['name', 'synopsis', 'group__name', 'director__firstname', 'director__lastname', 'playwright__firstname', 'playwright__lastname', 'anecdotes']
|
||||
fts_fields = ['name', 'synopsis', 'group__name', 'director__first_name', 'director__last_name', 'playwright__first_name', 'playwright__last_name', 'anecdotes']
|
||||
form_names = ['ProductionForm', 'PopupProductionForm']
|
||||
main_form = 'ProductionForm'
|
||||
added_by = models.ForeignKey(User)
|
||||
|
|
|
@ -209,4 +209,4 @@ $(function() {
|
|||
</script>
|
||||
|
||||
<br />
|
||||
<a href="{{ edit_url }}">Edit</a>
|
||||
{% if user_has_perms %}<a href="{{ edit_url }}">Edit</a>{% endif %}
|
||||
|
|
|
@ -95,14 +95,14 @@
|
|||
<div id="searchInnerDiv">
|
||||
<!--<img src="/static/images/noel/search-inner.png" width="22" height="18" alt="search" class="searchInner">-->
|
||||
<img src="/static/images/noel/about.png" width="22" height="22" id="aboutBtn" alt="About" title="About">
|
||||
{% if user.is_authenticated %}
|
||||
{% if item.get_add_url %}
|
||||
<a href="{{ item.get_add_url }}">
|
||||
<img src="/static/images/noel/add.png" width="28" height="20" id="addBtn" alt="About" title="Add">
|
||||
</a>
|
||||
|
||||
{% if item.get_add_url %}
|
||||
<a href="{{ item.get_add_url }}">
|
||||
<img src="/static/images/noel/add.png" width="28" height="20" id="addBtn" alt="About" title="Add">
|
||||
</a>
|
||||
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% ifequal title "Best Practices" %} <!-- FIXME!!! -->
|
||||
<a target="_blank" href="/static/upload/bestpractices_downloads/INDIA_THEATRE_FORUM_BOOK-rev-4-4-11.pdf">
|
||||
<img src="/static/images/noel/Download-Icon.gif" width="29" height="20" id="downloadBtn" alt="Download" title="Download">
|
||||
|
|
Loading…
Reference in New Issue
Block a user