Download as
Browse Code »

Commit 217976ba53aee88c9a721972719eea6c9f1f8610

Authored by Zambom
1 parent 115b23d9
Exists in master and in 5 other branches amadeus_univasf, dev, image-crop, pdf_file_html, refactoring

Editing forum permissions

Showing 3 changed files with 69 additions and 4 deletions   Show diff stats
forum/permissions.py 0 → 100644
  Diff comments   View file @217976b
@@ -0,0 +1,32 @@ @@ -0,0 +1,32 @@
  1 +from rolepermissions.permissions import register_object_checker
  2 +from amadeus.roles import SystemAdmin
  3 +
  4 +@register_object_checker()
  5 +def view_forum(role, user, forum):
  6 + if (role == SystemAdmin):
  7 + return True
  8 +
  9 + if (user in forum.topic.subject.professors.all() or user in forum.topic.subject.students.all()):
  10 + return True
  11 +
  12 + return False
  13 +
  14 +@register_object_checker()
  15 +def edit_forum(role, user, forum):
  16 + if (role == SystemAdmin):
  17 + return True
  18 +
  19 + if (user in forum.topic.subject.professors.all()):
  20 + return True
  21 +
  22 + return False
  23 +
  24 +@register_object_checker()
  25 +def delete_forum(role, user, forum):
  26 + if (role == SystemAdmin):
  27 + return True
  28 +
  29 + if (user in forum.topic.subject.professors.all()):
  30 + return True
  31 +
  32 + return False
forum/templates/forum/forum_view.html
  Diff comments   View file @217976b
@@ -34,7 +34,7 @@ @@ -34,7 +34,7 @@
34 </div> 34 </div>
35 </div> 35 </div>
36 36
37 - {% if request.user|has_role:'system_admin' or request.user|has_role:'professor' and request.user == post.user %} 37 + {% if request.user|has_role:'system_admin' or request.user|has_role:'professor' and request.user in forum.topic.subject.professors.all %}
38 <div class="panel panel-primary navigation"> 38 <div class="panel panel-primary navigation">
39 <div class="panel-heading"> 39 <div class="panel-heading">
40 <h3 class="panel-title">{% trans 'Actions' %}</h3> 40 <h3 class="panel-title">{% trans 'Actions' %}</h3>
forum/views.py
  Diff comments   View file @217976b
@@ -9,6 +9,9 @@ from django.http import Http404, JsonResponse @@ -9,6 +9,9 @@ from django.http import Http404, JsonResponse
9 from django.urls import reverse 9 from django.urls import reverse
10 from django.template.loader import render_to_string 10 from django.template.loader import render_to_string
11 11
  12 +from rolepermissions.mixins import HasRoleMixin
  13 +from rolepermissions.verifications import has_object_permission
  14 +
12 from .models import Forum, Post, PostAnswer 15 from .models import Forum, Post, PostAnswer
13 from courses.models import Topic 16 from courses.models import Topic
14 from core.models import Action, Resource 17 from core.models import Action, Resource
@@ -41,7 +44,9 @@ class ForumIndex(LoginRequiredMixin, generic.ListView): @@ -41,7 +44,9 @@ class ForumIndex(LoginRequiredMixin, generic.ListView):
41 44
42 return context 45 return context
43 46
44 -class CreateForumView(LoginRequiredMixin, generic.edit.CreateView, NotificationMixin): 47 +class CreateForumView(LoginRequiredMixin, HasRoleMixin, generic.edit.CreateView, NotificationMixin):
  48 + allowed_roles = ['professor', 'system_admin']
  49 +
45 login_url = reverse_lazy("core:home") 50 login_url = reverse_lazy("core:home")
46 redirect_field_name = 'next' 51 redirect_field_name = 'next'
47 52
@@ -69,7 +74,9 @@ def render_forum(request, forum): @@ -69,7 +74,9 @@ def render_forum(request, forum):
69 74
70 return JsonResponse({'url': str(reverse_lazy('course:forum:view', args = (), kwargs = {'slug': last_forum.slug})), 'forum_id': str(forum), 'name': str(last_forum.name)}) 75 return JsonResponse({'url': str(reverse_lazy('course:forum:view', args = (), kwargs = {'slug': last_forum.slug})), 'forum_id': str(forum), 'name': str(last_forum.name)})
71 76
72 -class UpdateForumView(LoginRequiredMixin, generic.UpdateView): 77 +class UpdateForumView(LoginRequiredMixin, HasRoleMixin, generic.UpdateView):
  78 + allowed_roles = ['professor', 'system_admin']
  79 +
73 login_url = reverse_lazy("core:home") 80 login_url = reverse_lazy("core:home")
74 redirect_field_name = 'next' 81 redirect_field_name = 'next'
75 82
@@ -77,6 +84,14 @@ class UpdateForumView(LoginRequiredMixin, generic.UpdateView): @@ -77,6 +84,14 @@ class UpdateForumView(LoginRequiredMixin, generic.UpdateView):
77 form_class = ForumForm 84 form_class = ForumForm
78 model = Forum 85 model = Forum
79 86
  87 + def dispatch(self, *args, **kwargs):
  88 + forum = get_object_or_404(Forum, id = self.kwargs.get('pk'))
  89 +
  90 + if(not has_object_permission('edit_forum', self.request.user, forum)):
  91 + return self.handle_no_permission()
  92 +
  93 + return super(UpdateForumView, self).dispatch(*args, **kwargs)
  94 +
80 def form_invalid(self, form): 95 def form_invalid(self, form):
81 return self.render_to_response(self.get_context_data(form = form), status = 400) 96 return self.render_to_response(self.get_context_data(form = form), status = 400)
82 97
@@ -93,7 +108,9 @@ def render_edit_forum(request, forum): @@ -93,7 +108,9 @@ def render_edit_forum(request, forum):
93 108
94 return render(request, 'forum/render_forum.html', context) 109 return render(request, 'forum/render_forum.html', context)
95 110
96 -class ForumDeleteView(LoginRequiredMixin, generic.DeleteView): 111 +class ForumDeleteView(LoginRequiredMixin, HasRoleMixin, generic.DeleteView):
  112 + allowed_roles = ['professor', 'system_admin']
  113 +
97 login_url = reverse_lazy("core:home") 114 login_url = reverse_lazy("core:home")
98 redirect_field_name = 'next' 115 redirect_field_name = 'next'
99 116
@@ -101,6 +118,14 @@ class ForumDeleteView(LoginRequiredMixin, generic.DeleteView): @@ -101,6 +118,14 @@ class ForumDeleteView(LoginRequiredMixin, generic.DeleteView):
101 pk_url_kwarg = 'pk' 118 pk_url_kwarg = 'pk'
102 success_url = reverse_lazy('course:forum:deleted_forum') 119 success_url = reverse_lazy('course:forum:deleted_forum')
103 120
  121 + def dispatch(self, *args, **kwargs):
  122 + forum = get_object_or_404(Forum, id = self.kwargs.get('pk'))
  123 +
  124 + if(not has_object_permission('delete_forum', self.request.user, forum)):
  125 + return self.handle_no_permission()
  126 +
  127 + return super(ForumDeleteView, self).dispatch(*args, **kwargs)
  128 +
104 def forum_deleted(request): 129 def forum_deleted(request):
105 return HttpResponse(_("Forum deleted successfully.")) 130 return HttpResponse(_("Forum deleted successfully."))
106 131
@@ -112,6 +137,14 @@ class ForumDetailView(LoginRequiredMixin, generic.DetailView): @@ -112,6 +137,14 @@ class ForumDetailView(LoginRequiredMixin, generic.DetailView):
112 template_name = 'forum/forum_view.html' 137 template_name = 'forum/forum_view.html'
113 context_object_name = 'forum' 138 context_object_name = 'forum'
114 139
  140 + def dispatch(self, *args, **kwargs):
  141 + forum = get_object_or_404(Forum, slug = self.kwargs.get('slug'))
  142 +
  143 + if(not has_object_permission('view_forum', self.request.user, forum)):
  144 + return self.handle_no_permission()
  145 +
  146 + return super(ForumDetailView, self).dispatch(*args, **kwargs)
  147 +
115 def get_context_data(self, **kwargs): 148 def get_context_data(self, **kwargs):
116 context = super(ForumDetailView, self).get_context_data(**kwargs) 149 context = super(ForumDetailView, self).get_context_data(**kwargs)
117 forum = get_object_or_404(Forum, slug = self.kwargs.get('slug')) 150 forum = get_object_or_404(Forum, slug = self.kwargs.get('slug'))