modified permissions file from amadeus, so when a subject has no category, it wi…

…ll still work as expected and return False when a category or subject is null

modified permissions file from amadeus, so when a subject has no category, it wi…
…ll still work as expected and return False when a category or subject is null
Felipe Bormann
1 parent c8db7577
Showing 2 changed files with 17 additions and 2 deletions Show diff stats
amadeus/permissions.py
reports/views.py
@@ -30,10 +30,10 @@ def has_subject_permissions(user, subject):
 	if user.is_staff:
 		return True
-	if subject.professor.filter(id = user.id).exists():
+	if subject.professor and subject.professor.filter(id = user.id).exists():
 		return True
-	if subject.category.coordinators.filter(id = user.id).exists():
+	if subject.category and subject.category.coordinators.filter(id = user.id).exists():
 		return True
 	return False
@@ -24,11 +24,26 @@ import math
 from io import BytesIO
 import os
 import copy
+from django.shortcuts import render, get_object_or_404, redirect
+
+from amadeus.permissions import has_category_permissions, has_subject_permissions
 class ReportView(LoginRequiredMixin, generic.FormView):
     template_name = "reports/create.html"
     form_class = CreateInteractionReportForm
+
+    def dispatch(self, request, *args, **kwargs):
+        params = self.request.GET
+        subject = Subject.objects.get(id=params['subject_id'])
+       
+        if not has_subject_permissions(request.user, subject):
+            return redirect(reverse_lazy('subjects:home'))
+
+        
+
+        return super(ReportView, self).dispatch(request, *args, **kwargs)
+
     def get_initial(self):
         """
         Returns the initial data to use for forms on this view.
	@@ -30,10 +30,10 @@ def has_subject_permissions(user, subject):		@@ -30,10 +30,10 @@ def has_subject_permissions(user, subject):
30	if user.is_staff:	30	if user.is_staff:
31	return True	31	return True
32		32
33	- if subject.professor.filter(id = user.id).exists():	33	+ if subject.professor and subject.professor.filter(id = user.id).exists():
34	return True	34	return True
35		35
36	- if subject.category.coordinators.filter(id = user.id).exists():	36	+ if subject.category and subject.category.coordinators.filter(id = user.id).exists():
37	return True	37	return True
38		38
39	return False	39	return False
	@@ -24,11 +24,26 @@ import math		@@ -24,11 +24,26 @@ import math
24	from io import BytesIO	24	from io import BytesIO
25	import os	25	import os
26	import copy	26	import copy
		27	+from django.shortcuts import render, get_object_or_404, redirect
		28	+
		29	+from amadeus.permissions import has_category_permissions, has_subject_permissions
27		30
28	class ReportView(LoginRequiredMixin, generic.FormView):	31	class ReportView(LoginRequiredMixin, generic.FormView):
29	template_name = "reports/create.html"	32	template_name = "reports/create.html"
30	form_class = CreateInteractionReportForm	33	form_class = CreateInteractionReportForm
31		34
		35	+
		36	+ def dispatch(self, request, args, *kwargs):
		37	+ params = self.request.GET
		38	+ subject = Subject.objects.get(id=params['subject_id'])
		39	+
		40	+ if not has_subject_permissions(request.user, subject):
		41	+ return redirect(reverse_lazy('subjects:home'))
		42	+
		43	+
		44	+
		45	+ return super(ReportView, self).dispatch(request, args, *kwargs)
		46	+
32	def get_initial(self):	47	def get_initial(self):
33	"""	48	"""
34	Returns the initial data to use for forms on this view.	49	Returns the initial data to use for forms on this view.