Commit 56cc5632de11c20e8a9fb6bc60c8f06ce40604c8
1 parent
02bfc940
Exists in
master
and in
3 other branches
made right procedure on redirecting not allowed user on update subject view
Showing
1 changed file
with
23 additions
and
1 deletions
Show diff stats
subjects/views.py
| 1 | 1 | |
| 2 | -from django.shortcuts import render, get_object_or_404 | |
| 2 | +from django.shortcuts import render, get_object_or_404, redirect | |
| 3 | 3 | from django.views.generic import ListView, CreateView, DeleteView, UpdateView, TemplateView, DetailView |
| 4 | 4 | from categories.models import Category |
| 5 | 5 | from django.core.urlresolvers import reverse_lazy |
| ... | ... | @@ -247,6 +247,28 @@ class SubjectUpdateView(LoginRequiredMixin, LogMixin, UpdateView): |
| 247 | 247 | login_url = reverse_lazy("users:login") |
| 248 | 248 | redirect_field_name = 'next' |
| 249 | 249 | |
| 250 | + def dispatch(self, request, *args, **kwargs): | |
| 251 | + user = self.request.user | |
| 252 | + subject = get_object_or_404(Subject, slug = kwargs['slug']) | |
| 253 | + | |
| 254 | + if not user.is_staff: | |
| 255 | + if not user in subject.professor.all() and not user in subject.category.coordinators.all(): | |
| 256 | + | |
| 257 | + if request.META.get('HTTP_REFERER'): | |
| 258 | + return HttpResponseRedirect(request.META.get('HTTP_REFERER')) | |
| 259 | + else: | |
| 260 | + | |
| 261 | + return redirect('subjects:index') | |
| 262 | + | |
| 263 | + | |
| 264 | + | |
| 265 | + | |
| 266 | + if request.method.lower() in self.http_method_names: | |
| 267 | + handler = getattr(self, request.method.lower(), self.http_method_not_allowed) | |
| 268 | + else: | |
| 269 | + handler = self.http_method_not_allowed | |
| 270 | + return handler(request, *args, **kwargs) | |
| 271 | + | |
| 250 | 272 | def get_context_data(self, **kwargs): |
| 251 | 273 | context = super(SubjectUpdateView, self).get_context_data(**kwargs) |
| 252 | 274 | context['title'] = _('Update Subject') | ... | ... |