Adjusting too many redirections problem in subject

Zambom
1 parent 428ed258
Showing 2 changed files with 41 additions and 65 deletions Show diff stats
amadeus/permissions.py
subjects/views.py
 # File used to store functions to handle permissions
  
+from categories.models import Category
 from subjects.models import Subject
 from topics.models import Resource
  
 """
 	Function to know if a user has permission to:
+		- Edit Category
+		- Delete Category
+		- Create Subject
+		- Replicate Subject
+"""
+def has_category_permissions(user, category):
+	if user.is_staff:
+		return True
+
+	if category.coordinators.filter(id = user.id).exists():
+		return True
+
+	return False
+
+"""
+	Function to know if a user has permission to:
 		- Edit Subject
 		- Delete Subject
 		- Create Topic inside Subject 
@@ -30,6 +30,7 @@ from .utils import has_student_profile, has_professor_profile, count_subjects, g
 from users.models import User
 from topics.models import Resource
  
+from amadeus.permissions import has_category_permissions, has_subject_permissions, has_subject_view_permissions
  
 class HomeView(LoginRequiredMixin, ListView):
     login_url = reverse_lazy("users:login")
@@ -234,32 +235,19 @@ class SubjectCreateView(LoginRequiredMixin, LogMixin, CreateView):
     success_url = reverse_lazy('subject:index')
  
     def dispatch(self, request, *args, **kwargs):
-        user = request.user
-        pk = user.pk 
-        
         if kwargs.get('subject_slug'):
-            subject = Subject.objects.filter((Q(professor__pk=pk) | Q(category__coordinators__pk=pk)) & Q(slug = kwargs.get('subject_slug')))
-            if not user.is_staff:
-                if subject.count() == 0:
-                    if request.META.get('HTTP_REFERER'):
-                        return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
-                    else:
-                        return redirect('subjects:index')
-    
+            subject = get_object_or_404(Subject, slug = kwargs.get('subject_slug', ''))
+            
+            if not has_category_permissions(request.user, subject.category):
+                return redirect(reverse_lazy('subjects:home'))
  
         if kwargs.get('slug'):
-            if not user.is_staff:
-                category = Category.objects.filter(Q(coordinators__pk=pk) & Q(slug= kwargs.get('slug')))
-                if category.count() == 0:
-                        if request.META.get('HTTP_REFERER'):
-                            return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
-                        else:
-                            return redirect('subjects:index')               
-        if request.method.lower() in self.http_method_names:
-            handler = getattr(self, request.method.lower(), self.http_method_not_allowed)
-        else:
-            handler = self.http_method_not_allowed
-        return handler(request, *args, **kwargs)
+            category = get_object_or_404(Category, slug = kwargs.get('slug', ''))
+
+            if not has_category_permissions(request.user, category):
+                return redirect(reverse_lazy('subjects:home'))
+            
+        return super(SubjectCreateView, self).dispatch(request, *args, **kwargs)
  
  
     def get_initial(self):
@@ -357,23 +345,12 @@ class SubjectUpdateView(LoginRequiredMixin, LogMixin, UpdateView):
     redirect_field_name = 'next'
  
     def dispatch(self, request, *args, **kwargs):
-        user = self.request.user
+        subject = get_object_or_404(Subject, slug = kwargs.get('slug', ''))
  
-        pk = user.pk
-
-        subject = Subject.objects.filter((Q(professor__pk=pk) | Q(category__coordinators__pk=pk)) & Q(slug = kwargs.get('slug')))
-        if not user.is_staff:
-            if subject.count() == 0:
-                if request.META.get('HTTP_REFERER'):
-                    return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
-                else:
-                    return redirect('subjects:index')
+        if not has_subject_permissions(request.user, subject):
+            return redirect(reverse_lazy('subjects:home'))
  
-        if request.method.lower() in self.http_method_names:
-            handler = getattr(self, request.method.lower(), self.http_method_not_allowed)
-        else:
-            handler = self.http_method_not_allowed
-        return handler(request, *args, **kwargs)
+        return super(SubjectUpdateView, self).dispatch(request, *args, **kwargs)
  
     def get_context_data(self, **kwargs):
         context = super(SubjectUpdateView, self).get_context_data(**kwargs)
@@ -413,17 +390,11 @@ class SubjectDeleteView(LoginRequiredMixin, LogMixin, DeleteView):
     template_name = 'subjects/delete.html'
  
     def dispatch(self, request, *args, **kwargs):
-        user = self.request.user
+        subject = get_object_or_404(Subject, slug = kwargs.get('slug', ''))
  
-        pk = user.pk
-
-        subject = Subject.objects.filter((Q(professor__pk=pk) | Q(category__coordinators__pk=pk)) & Q(slug = kwargs.get('slug')))
-        if not user.is_staff:
-            if subject.count() == 0:
-                if request.META.get('HTTP_REFERER'):
-                    return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
-                else:
-                    return redirect('subjects:index')
+        if not has_subject_permissions(request.user, subject):
+            return redirect(reverse_lazy('subjects:home'))
+
         return super(SubjectDeleteView, self).dispatch(request, *args, **kwargs)
  
     def get(self, request, *args, **kwargs):
@@ -480,24 +451,12 @@ class SubjectDetailView(LoginRequiredMixin, LogMixin, DetailView):
     context_object_name = 'subject'
  
     def dispatch(self, request, *args,**kwargs):
-        user = request.user
-        pk = user.pk
-        if kwargs.get('slug') and not user.is_staff:
-            subject = get_object_or_404(Subject, slug = kwargs.get('slug'))
+        subject = get_object_or_404(Subject, slug = kwargs.get('slug', ''))
  
-            subject = Subject.objects.filter((Q(students__pk=pk) | Q(professor__pk=pk) | Q(category__coordinators__pk=pk)) & Q(slug = kwargs.get('slug')))
-            
-            if subject.count() == 0:
-                if request.META.get('HTTP_REFERER'):
-                    return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
-                else:
-                    return redirect('subjects:home')
-                            
-        if request.method.lower() in self.http_method_names:
-            handler = getattr(self, request.method.lower(), self.http_method_not_allowed)
-        else:
-            handler = self.http_method_not_allowed
-        return handler(request, *args, **kwargs)
+        if not has_subject_view_permissions(request.user, subject):
+            return redirect(reverse_lazy('subjects:home'))
+
+        return super(SubjectDetailView, self).dispatch(request, *args, **kwargs)
  
     def get_context_data(self, **kwargs):
         context = super(SubjectDetailView, self).get_context_data(**kwargs)
1	1	# File used to store functions to handle permissions
2	2
	3	+from categories.models import Category
3	4	from subjects.models import Subject
4	5	from topics.models import Resource
5	6
6	7	"""
7	8	Function to know if a user has permission to:
	9	+ - Edit Category
	10	+ - Delete Category
	11	+ - Create Subject
	12	+ - Replicate Subject
	13	+"""
	14	+def has_category_permissions(user, category):
	15	+ if user.is_staff:
	16	+ return True
	17	+
	18	+ if category.coordinators.filter(id = user.id).exists():
	19	+ return True
	20	+
	21	+ return False
	22	+
	23	+"""
	24	+ Function to know if a user has permission to:
8	25	- Edit Subject
9	26	- Delete Subject
10	27	- Create Topic inside Subject
...	...
...	...	@@ -30,6 +30,7 @@ from .utils import has_student_profile, has_professor_profile, count_subjects, g
30	30	from users.models import User
31	31	from topics.models import Resource
32	32
	33	+from amadeus.permissions import has_category_permissions, has_subject_permissions, has_subject_view_permissions
33	34
34	35	class HomeView(LoginRequiredMixin, ListView):
35	36	login_url = reverse_lazy("users:login")
...	...	@@ -234,32 +235,19 @@ class SubjectCreateView(LoginRequiredMixin, LogMixin, CreateView):
234	235	success_url = reverse_lazy('subject:index')
235	236
236	237	def dispatch(self, request, args, *kwargs):
237		- user = request.user
238		- pk = user.pk
239		-
240	238	if kwargs.get('subject_slug'):
241		- subject = Subject.objects.filter((Q(professor__pk=pk) \| Q(category__coordinators__pk=pk)) & Q(slug = kwargs.get('subject_slug')))
242		- if not user.is_staff:
243		- if subject.count() == 0:
244		- if request.META.get('HTTP_REFERER'):
245		- return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
246		- else:
247		- return redirect('subjects:index')
248		-
	239	+ subject = get_object_or_404(Subject, slug = kwargs.get('subject_slug', ''))
	240	+
	241	+ if not has_category_permissions(request.user, subject.category):
	242	+ return redirect(reverse_lazy('subjects:home'))
249	243
250	244	if kwargs.get('slug'):
251		- if not user.is_staff:
252		- category = Category.objects.filter(Q(coordinators__pk=pk) & Q(slug= kwargs.get('slug')))
253		- if category.count() == 0:
254		- if request.META.get('HTTP_REFERER'):
255		- return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
256		- else:
257		- return redirect('subjects:index')
258		- if request.method.lower() in self.http_method_names:
259		- handler = getattr(self, request.method.lower(), self.http_method_not_allowed)
260		- else:
261		- handler = self.http_method_not_allowed
262		- return handler(request, args, *kwargs)
	245	+ category = get_object_or_404(Category, slug = kwargs.get('slug', ''))
	246	+
	247	+ if not has_category_permissions(request.user, category):
	248	+ return redirect(reverse_lazy('subjects:home'))
	249	+
	250	+ return super(SubjectCreateView, self).dispatch(request, args, *kwargs)
263	251
264	252
265	253	def get_initial(self):
...	...	@@ -357,23 +345,12 @@ class SubjectUpdateView(LoginRequiredMixin, LogMixin, UpdateView):
357	345	redirect_field_name = 'next'
358	346
359	347	def dispatch(self, request, args, *kwargs):
360		- user = self.request.user
	348	+ subject = get_object_or_404(Subject, slug = kwargs.get('slug', ''))
361	349
362		- pk = user.pk
363		-
364		- subject = Subject.objects.filter((Q(professor__pk=pk) \| Q(category__coordinators__pk=pk)) & Q(slug = kwargs.get('slug')))
365		- if not user.is_staff:
366		- if subject.count() == 0:
367		- if request.META.get('HTTP_REFERER'):
368		- return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
369		- else:
370		- return redirect('subjects:index')
	350	+ if not has_subject_permissions(request.user, subject):
	351	+ return redirect(reverse_lazy('subjects:home'))
371	352
372		- if request.method.lower() in self.http_method_names:
373		- handler = getattr(self, request.method.lower(), self.http_method_not_allowed)
374		- else:
375		- handler = self.http_method_not_allowed
376		- return handler(request, args, *kwargs)
	353	+ return super(SubjectUpdateView, self).dispatch(request, args, *kwargs)
377	354
378	355	def get_context_data(self, **kwargs):
379	356	context = super(SubjectUpdateView, self).get_context_data(**kwargs)
...	...	@@ -413,17 +390,11 @@ class SubjectDeleteView(LoginRequiredMixin, LogMixin, DeleteView):
413	390	template_name = 'subjects/delete.html'
414	391
415	392	def dispatch(self, request, args, *kwargs):
416		- user = self.request.user
	393	+ subject = get_object_or_404(Subject, slug = kwargs.get('slug', ''))
417	394
418		- pk = user.pk
419		-
420		- subject = Subject.objects.filter((Q(professor__pk=pk) \| Q(category__coordinators__pk=pk)) & Q(slug = kwargs.get('slug')))
421		- if not user.is_staff:
422		- if subject.count() == 0:
423		- if request.META.get('HTTP_REFERER'):
424		- return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
425		- else:
426		- return redirect('subjects:index')
	395	+ if not has_subject_permissions(request.user, subject):
	396	+ return redirect(reverse_lazy('subjects:home'))
	397	+
427	398	return super(SubjectDeleteView, self).dispatch(request, args, *kwargs)
428	399
429	400	def get(self, request, args, *kwargs):
...	...	@@ -480,24 +451,12 @@ class SubjectDetailView(LoginRequiredMixin, LogMixin, DetailView):
480	451	context_object_name = 'subject'
481	452
482	453	def dispatch(self, request, args,*kwargs):
483		- user = request.user
484		- pk = user.pk
485		- if kwargs.get('slug') and not user.is_staff:
486		- subject = get_object_or_404(Subject, slug = kwargs.get('slug'))
	454	+ subject = get_object_or_404(Subject, slug = kwargs.get('slug', ''))
487	455
488		- subject = Subject.objects.filter((Q(students__pk=pk) \| Q(professor__pk=pk) \| Q(category__coordinators__pk=pk)) & Q(slug = kwargs.get('slug')))
489		-
490		- if subject.count() == 0:
491		- if request.META.get('HTTP_REFERER'):
492		- return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
493		- else:
494		- return redirect('subjects:home')
495		-
496		- if request.method.lower() in self.http_method_names:
497		- handler = getattr(self, request.method.lower(), self.http_method_not_allowed)
498		- else:
499		- handler = self.http_method_not_allowed
500		- return handler(request, args, *kwargs)
	456	+ if not has_subject_view_permissions(request.user, subject):
	457	+ return redirect(reverse_lazy('subjects:home'))
	458	+
	459	+ return super(SubjectDetailView, self).dispatch(request, args, *kwargs)
501	460
502	461	def get_context_data(self, **kwargs):
503	462	context = super(SubjectDetailView, self).get_context_data(**kwargs)
...	...