From 1aec42d850192a226231a297fc834031feedb8aa Mon Sep 17 00:00:00 2001 From: Felipe Bormann Date: Fri, 28 Apr 2017 19:23:45 -0300 Subject: [PATCH] modified permissions file from amadeus, so when a subject has no category, it will still work as expected and return False when a category or subject is null --- amadeus/permissions.py | 4 ++-- reports/views.py | 15 +++++++++++++++ 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/amadeus/permissions.py b/amadeus/permissions.py index dd9b244..a0aec4b 100644 --- a/amadeus/permissions.py +++ b/amadeus/permissions.py @@ -30,10 +30,10 @@ def has_subject_permissions(user, subject): if user.is_staff: return True - if subject.professor.filter(id = user.id).exists(): + if subject.professor and subject.professor.filter(id = user.id).exists(): return True - if subject.category.coordinators.filter(id = user.id).exists(): + if subject.category and subject.category.coordinators.filter(id = user.id).exists(): return True return False diff --git a/reports/views.py b/reports/views.py index 7bd9d1a..9ceafd2 100644 --- a/reports/views.py +++ b/reports/views.py @@ -24,11 +24,26 @@ import math from io import BytesIO import os import copy +from django.shortcuts import render, get_object_or_404, redirect + +from amadeus.permissions import has_category_permissions, has_subject_permissions class ReportView(LoginRequiredMixin, generic.FormView): template_name = "reports/create.html" form_class = CreateInteractionReportForm + + def dispatch(self, request, *args, **kwargs): + params = self.request.GET + subject = Subject.objects.get(id=params['subject_id']) + + if not has_subject_permissions(request.user, subject): + return redirect(reverse_lazy('subjects:home')) + + + + return super(ReportView, self).dispatch(request, *args, **kwargs) + def get_initial(self): """ Returns the initial data to use for forms on this view. -- libgit2 0.21.2