Commit 1938eae61316e9ddc2efcd20ba4283c857a7e659
1 parent
428ed258
Exists in
master
and in
3 other branches
Adjusting too many redirections problem in subject
Showing
2 changed files
with
41 additions
and
65 deletions
Show diff stats
amadeus/permissions.py
| 1 | # File used to store functions to handle permissions | 1 | # File used to store functions to handle permissions |
| 2 | 2 | ||
| 3 | +from categories.models import Category | ||
| 3 | from subjects.models import Subject | 4 | from subjects.models import Subject |
| 4 | from topics.models import Resource | 5 | from topics.models import Resource |
| 5 | 6 | ||
| 6 | """ | 7 | """ |
| 7 | Function to know if a user has permission to: | 8 | Function to know if a user has permission to: |
| 9 | + - Edit Category | ||
| 10 | + - Delete Category | ||
| 11 | + - Create Subject | ||
| 12 | + - Replicate Subject | ||
| 13 | +""" | ||
| 14 | +def has_category_permissions(user, category): | ||
| 15 | + if user.is_staff: | ||
| 16 | + return True | ||
| 17 | + | ||
| 18 | + if category.coordinators.filter(id = user.id).exists(): | ||
| 19 | + return True | ||
| 20 | + | ||
| 21 | + return False | ||
| 22 | + | ||
| 23 | +""" | ||
| 24 | + Function to know if a user has permission to: | ||
| 8 | - Edit Subject | 25 | - Edit Subject |
| 9 | - Delete Subject | 26 | - Delete Subject |
| 10 | - Create Topic inside Subject | 27 | - Create Topic inside Subject |
subjects/views.py
| @@ -30,6 +30,7 @@ from .utils import has_student_profile, has_professor_profile, count_subjects, g | @@ -30,6 +30,7 @@ from .utils import has_student_profile, has_professor_profile, count_subjects, g | ||
| 30 | from users.models import User | 30 | from users.models import User |
| 31 | from topics.models import Resource | 31 | from topics.models import Resource |
| 32 | 32 | ||
| 33 | +from amadeus.permissions import has_category_permissions, has_subject_permissions, has_subject_view_permissions | ||
| 33 | 34 | ||
| 34 | class HomeView(LoginRequiredMixin, ListView): | 35 | class HomeView(LoginRequiredMixin, ListView): |
| 35 | login_url = reverse_lazy("users:login") | 36 | login_url = reverse_lazy("users:login") |
| @@ -234,32 +235,19 @@ class SubjectCreateView(LoginRequiredMixin, LogMixin, CreateView): | @@ -234,32 +235,19 @@ class SubjectCreateView(LoginRequiredMixin, LogMixin, CreateView): | ||
| 234 | success_url = reverse_lazy('subject:index') | 235 | success_url = reverse_lazy('subject:index') |
| 235 | 236 | ||
| 236 | def dispatch(self, request, *args, **kwargs): | 237 | def dispatch(self, request, *args, **kwargs): |
| 237 | - user = request.user | ||
| 238 | - pk = user.pk | ||
| 239 | - | ||
| 240 | if kwargs.get('subject_slug'): | 238 | if kwargs.get('subject_slug'): |
| 241 | - subject = Subject.objects.filter((Q(professor__pk=pk) | Q(category__coordinators__pk=pk)) & Q(slug = kwargs.get('subject_slug'))) | ||
| 242 | - if not user.is_staff: | ||
| 243 | - if subject.count() == 0: | ||
| 244 | - if request.META.get('HTTP_REFERER'): | ||
| 245 | - return HttpResponseRedirect(request.META.get('HTTP_REFERER')) | ||
| 246 | - else: | ||
| 247 | - return redirect('subjects:index') | ||
| 248 | - | 239 | + subject = get_object_or_404(Subject, slug = kwargs.get('subject_slug', '')) |
| 240 | + | ||
| 241 | + if not has_category_permissions(request.user, subject.category): | ||
| 242 | + return redirect(reverse_lazy('subjects:home')) | ||
| 249 | 243 | ||
| 250 | if kwargs.get('slug'): | 244 | if kwargs.get('slug'): |
| 251 | - if not user.is_staff: | ||
| 252 | - category = Category.objects.filter(Q(coordinators__pk=pk) & Q(slug= kwargs.get('slug'))) | ||
| 253 | - if category.count() == 0: | ||
| 254 | - if request.META.get('HTTP_REFERER'): | ||
| 255 | - return HttpResponseRedirect(request.META.get('HTTP_REFERER')) | ||
| 256 | - else: | ||
| 257 | - return redirect('subjects:index') | ||
| 258 | - if request.method.lower() in self.http_method_names: | ||
| 259 | - handler = getattr(self, request.method.lower(), self.http_method_not_allowed) | ||
| 260 | - else: | ||
| 261 | - handler = self.http_method_not_allowed | ||
| 262 | - return handler(request, *args, **kwargs) | 245 | + category = get_object_or_404(Category, slug = kwargs.get('slug', '')) |
| 246 | + | ||
| 247 | + if not has_category_permissions(request.user, category): | ||
| 248 | + return redirect(reverse_lazy('subjects:home')) | ||
| 249 | + | ||
| 250 | + return super(SubjectCreateView, self).dispatch(request, *args, **kwargs) | ||
| 263 | 251 | ||
| 264 | 252 | ||
| 265 | def get_initial(self): | 253 | def get_initial(self): |
| @@ -357,23 +345,12 @@ class SubjectUpdateView(LoginRequiredMixin, LogMixin, UpdateView): | @@ -357,23 +345,12 @@ class SubjectUpdateView(LoginRequiredMixin, LogMixin, UpdateView): | ||
| 357 | redirect_field_name = 'next' | 345 | redirect_field_name = 'next' |
| 358 | 346 | ||
| 359 | def dispatch(self, request, *args, **kwargs): | 347 | def dispatch(self, request, *args, **kwargs): |
| 360 | - user = self.request.user | 348 | + subject = get_object_or_404(Subject, slug = kwargs.get('slug', '')) |
| 361 | 349 | ||
| 362 | - pk = user.pk | ||
| 363 | - | ||
| 364 | - subject = Subject.objects.filter((Q(professor__pk=pk) | Q(category__coordinators__pk=pk)) & Q(slug = kwargs.get('slug'))) | ||
| 365 | - if not user.is_staff: | ||
| 366 | - if subject.count() == 0: | ||
| 367 | - if request.META.get('HTTP_REFERER'): | ||
| 368 | - return HttpResponseRedirect(request.META.get('HTTP_REFERER')) | ||
| 369 | - else: | ||
| 370 | - return redirect('subjects:index') | 350 | + if not has_subject_permissions(request.user, subject): |
| 351 | + return redirect(reverse_lazy('subjects:home')) | ||
| 371 | 352 | ||
| 372 | - if request.method.lower() in self.http_method_names: | ||
| 373 | - handler = getattr(self, request.method.lower(), self.http_method_not_allowed) | ||
| 374 | - else: | ||
| 375 | - handler = self.http_method_not_allowed | ||
| 376 | - return handler(request, *args, **kwargs) | 353 | + return super(SubjectUpdateView, self).dispatch(request, *args, **kwargs) |
| 377 | 354 | ||
| 378 | def get_context_data(self, **kwargs): | 355 | def get_context_data(self, **kwargs): |
| 379 | context = super(SubjectUpdateView, self).get_context_data(**kwargs) | 356 | context = super(SubjectUpdateView, self).get_context_data(**kwargs) |
| @@ -413,17 +390,11 @@ class SubjectDeleteView(LoginRequiredMixin, LogMixin, DeleteView): | @@ -413,17 +390,11 @@ class SubjectDeleteView(LoginRequiredMixin, LogMixin, DeleteView): | ||
| 413 | template_name = 'subjects/delete.html' | 390 | template_name = 'subjects/delete.html' |
| 414 | 391 | ||
| 415 | def dispatch(self, request, *args, **kwargs): | 392 | def dispatch(self, request, *args, **kwargs): |
| 416 | - user = self.request.user | 393 | + subject = get_object_or_404(Subject, slug = kwargs.get('slug', '')) |
| 417 | 394 | ||
| 418 | - pk = user.pk | ||
| 419 | - | ||
| 420 | - subject = Subject.objects.filter((Q(professor__pk=pk) | Q(category__coordinators__pk=pk)) & Q(slug = kwargs.get('slug'))) | ||
| 421 | - if not user.is_staff: | ||
| 422 | - if subject.count() == 0: | ||
| 423 | - if request.META.get('HTTP_REFERER'): | ||
| 424 | - return HttpResponseRedirect(request.META.get('HTTP_REFERER')) | ||
| 425 | - else: | ||
| 426 | - return redirect('subjects:index') | 395 | + if not has_subject_permissions(request.user, subject): |
| 396 | + return redirect(reverse_lazy('subjects:home')) | ||
| 397 | + | ||
| 427 | return super(SubjectDeleteView, self).dispatch(request, *args, **kwargs) | 398 | return super(SubjectDeleteView, self).dispatch(request, *args, **kwargs) |
| 428 | 399 | ||
| 429 | def get(self, request, *args, **kwargs): | 400 | def get(self, request, *args, **kwargs): |
| @@ -480,24 +451,12 @@ class SubjectDetailView(LoginRequiredMixin, LogMixin, DetailView): | @@ -480,24 +451,12 @@ class SubjectDetailView(LoginRequiredMixin, LogMixin, DetailView): | ||
| 480 | context_object_name = 'subject' | 451 | context_object_name = 'subject' |
| 481 | 452 | ||
| 482 | def dispatch(self, request, *args,**kwargs): | 453 | def dispatch(self, request, *args,**kwargs): |
| 483 | - user = request.user | ||
| 484 | - pk = user.pk | ||
| 485 | - if kwargs.get('slug') and not user.is_staff: | ||
| 486 | - subject = get_object_or_404(Subject, slug = kwargs.get('slug')) | 454 | + subject = get_object_or_404(Subject, slug = kwargs.get('slug', '')) |
| 487 | 455 | ||
| 488 | - subject = Subject.objects.filter((Q(students__pk=pk) | Q(professor__pk=pk) | Q(category__coordinators__pk=pk)) & Q(slug = kwargs.get('slug'))) | ||
| 489 | - | ||
| 490 | - if subject.count() == 0: | ||
| 491 | - if request.META.get('HTTP_REFERER'): | ||
| 492 | - return HttpResponseRedirect(request.META.get('HTTP_REFERER')) | ||
| 493 | - else: | ||
| 494 | - return redirect('subjects:home') | ||
| 495 | - | ||
| 496 | - if request.method.lower() in self.http_method_names: | ||
| 497 | - handler = getattr(self, request.method.lower(), self.http_method_not_allowed) | ||
| 498 | - else: | ||
| 499 | - handler = self.http_method_not_allowed | ||
| 500 | - return handler(request, *args, **kwargs) | 456 | + if not has_subject_view_permissions(request.user, subject): |
| 457 | + return redirect(reverse_lazy('subjects:home')) | ||
| 458 | + | ||
| 459 | + return super(SubjectDetailView, self).dispatch(request, *args, **kwargs) | ||
| 501 | 460 | ||
| 502 | def get_context_data(self, **kwargs): | 461 | def get_context_data(self, **kwargs): |
| 503 | context = super(SubjectDetailView, self).get_context_data(**kwargs) | 462 | context = super(SubjectDetailView, self).get_context_data(**kwargs) |