modified permissions file from amadeus, so when a subject has no category, it wi…

…ll still work as expected and return False when a category or subject is null

modified permissions file from amadeus, so when a subject has no category, it wi…
…ll still work as expected and return False when a category or subject is null
Felipe Bormann
1 parent c8db7577
Showing 2 changed files with 17 additions and 2 deletions Show diff stats
amadeus/permissions.py
reports/views.py
@@ -30,10 +30,10 @@ def has_subject_permissions(user, subject):
 	if user.is_staff:
 		return True
  
-	if subject.professor.filter(id = user.id).exists():
+	if subject.professor and subject.professor.filter(id = user.id).exists():
 		return True
  
-	if subject.category.coordinators.filter(id = user.id).exists():
+	if subject.category and subject.category.coordinators.filter(id = user.id).exists():
 		return True
  
 	return False
@@ -24,11 +24,26 @@ import math
 from io import BytesIO
 import os
 import copy
+from django.shortcuts import render, get_object_or_404, redirect
+
+from amadeus.permissions import has_category_permissions, has_subject_permissions
  
 class ReportView(LoginRequiredMixin, generic.FormView):
     template_name = "reports/create.html"
     form_class = CreateInteractionReportForm
  
+
+    def dispatch(self, request, *args, **kwargs):
+        params = self.request.GET
+        subject = Subject.objects.get(id=params['subject_id'])
+       
+        if not has_subject_permissions(request.user, subject):
+            return redirect(reverse_lazy('subjects:home'))
+
+        
+
+        return super(ReportView, self).dispatch(request, *args, **kwargs)
+
     def get_initial(self):
         """
         Returns the initial data to use for forms on this view.
...	...	@@ -30,10 +30,10 @@ def has_subject_permissions(user, subject):
30	30	if user.is_staff:
31	31	return True
32	32
33		- if subject.professor.filter(id = user.id).exists():
	33	+ if subject.professor and subject.professor.filter(id = user.id).exists():
34	34	return True
35	35
36		- if subject.category.coordinators.filter(id = user.id).exists():
	36	+ if subject.category and subject.category.coordinators.filter(id = user.id).exists():
37	37	return True
38	38
39	39	return False
...	...
...	...	@@ -24,11 +24,26 @@ import math
24	24	from io import BytesIO
25	25	import os
26	26	import copy
	27	+from django.shortcuts import render, get_object_or_404, redirect
	28	+
	29	+from amadeus.permissions import has_category_permissions, has_subject_permissions
27	30
28	31	class ReportView(LoginRequiredMixin, generic.FormView):
29	32	template_name = "reports/create.html"
30	33	form_class = CreateInteractionReportForm
31	34
	35	+
	36	+ def dispatch(self, request, args, *kwargs):
	37	+ params = self.request.GET
	38	+ subject = Subject.objects.get(id=params['subject_id'])
	39	+
	40	+ if not has_subject_permissions(request.user, subject):
	41	+ return redirect(reverse_lazy('subjects:home'))
	42	+
	43	+
	44	+
	45	+ return super(ReportView, self).dispatch(request, args, *kwargs)
	46	+
32	47	def get_initial(self):
33	48	"""
34	49	Returns the initial data to use for forms on this view.
...	...