Change permissions in file update #128 #129 #130

ailsoncgt
1 parent 2c886a7e
Showing 1 changed file with 8 additions and 3 deletions Show diff stats
files/views.py
@@ -5,7 +5,7 @@ from django.contrib import messages
 from django.core.urlresolvers import reverse_lazy
 from django.contrib.auth.mixins import LoginRequiredMixin
 from rolepermissions.mixins import HasRoleMixin
-from rolepermissions.verifications import has_role
+from rolepermissions.verifications import has_role, has_object_permission
 from .forms import FileForm, UpdateFileForm
 from .models import TopicFile
 from .utils import mime_type_to_material_icons
@@ -179,7 +179,12 @@ class UpdateFile(LoginRequiredMixin, HasRoleMixin, LogMixin, generic.UpdateView)
  
 		return context
  
-	
+	def dispatch(self, *args, **kwargs):
+		file = get_object_or_404(TopicFile, slug = self.kwargs.get('slug'))
+		if(not has_object_permission('edit_file', self.request.user, file) or not(self.request.user in file.topic.subject.professors.all())):
+			return self.handle_no_permission()
+		return super(UpdateFile, self).dispatch(*args, **kwargs)
+
 	def form_valid(self, form):
 		self.object = form.save()
  
@@ -224,7 +229,7 @@ class DeleteFile(LoginRequiredMixin, HasRoleMixin, LogMixin, generic.DeleteView)
  
 	def dispatch(self, *args, **kwargs):
 		file = get_object_or_404(TopicFile, slug = self.kwargs.get('slug'))
-		if(not (file.topic.owner == self.request.user) and not(has_role(self.request.user, 'system_admin')) ):
+		if(not(self.request.user in file.topic.subject.professors.all()) and not(has_role(self.request.user, 'system_admin'))):
 			return self.handle_no_permission()
 		return super(DeleteFile, self).dispatch(*args, **kwargs)
...	...	@@ -5,7 +5,7 @@ from django.contrib import messages
5	5	from django.core.urlresolvers import reverse_lazy
6	6	from django.contrib.auth.mixins import LoginRequiredMixin
7	7	from rolepermissions.mixins import HasRoleMixin
8		-from rolepermissions.verifications import has_role
	8	+from rolepermissions.verifications import has_role, has_object_permission
9	9	from .forms import FileForm, UpdateFileForm
10	10	from .models import TopicFile
11	11	from .utils import mime_type_to_material_icons
...	...	@@ -179,7 +179,12 @@ class UpdateFile(LoginRequiredMixin, HasRoleMixin, LogMixin, generic.UpdateView)
179	179
180	180	return context
181	181
182		-
	182	+ def dispatch(self, args, *kwargs):
	183	+ file = get_object_or_404(TopicFile, slug = self.kwargs.get('slug'))
	184	+ if(not has_object_permission('edit_file', self.request.user, file) or not(self.request.user in file.topic.subject.professors.all())):
	185	+ return self.handle_no_permission()
	186	+ return super(UpdateFile, self).dispatch(args, *kwargs)
	187	+
183	188	def form_valid(self, form):
184	189	self.object = form.save()
185	190
...	...	@@ -224,7 +229,7 @@ class DeleteFile(LoginRequiredMixin, HasRoleMixin, LogMixin, generic.DeleteView)
224	229
225	230	def dispatch(self, args, *kwargs):
226	231	file = get_object_or_404(TopicFile, slug = self.kwargs.get('slug'))
227		- if(not (file.topic.owner == self.request.user) and not(has_role(self.request.user, 'system_admin')) ):
	232	+ if(not(self.request.user in file.topic.subject.professors.all()) and not(has_role(self.request.user, 'system_admin'))):
228	233	return self.handle_no_permission()
229	234	return super(DeleteFile, self).dispatch(args, *kwargs)
230	235
...	...