made right procedure on redirecting not allowed user on update subject view

Felipe Henrique de Almeida Bormann
1 parent 02bfc940
Showing 1 changed file with 23 additions and 1 deletions Show diff stats
subjects/views.py
-from django.shortcuts import render, get_object_or_404
+from django.shortcuts import render, get_object_or_404, redirect
 from django.views.generic import ListView, CreateView, DeleteView, UpdateView, TemplateView, DetailView
 from categories.models import Category
 from django.core.urlresolvers import reverse_lazy
@@ -247,6 +247,28 @@ class SubjectUpdateView(LoginRequiredMixin, LogMixin, UpdateView):
     login_url = reverse_lazy("users:login")
     redirect_field_name = 'next'
+    def dispatch(self, request, *args, **kwargs):
+        user = self.request.user
+        subject = get_object_or_404(Subject, slug = kwargs['slug'])
+        
+        if not user.is_staff:
+            if not user in subject.professor.all() and not user in subject.category.coordinators.all():
+
+                if request.META.get('HTTP_REFERER'):
+                    return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
+                else:
+                    
+                    return redirect('subjects:index')
+                
+
+
+
+        if request.method.lower() in self.http_method_names:
+            handler = getattr(self, request.method.lower(), self.http_method_not_allowed)
+        else:
+            handler = self.http_method_not_allowed
+        return handler(request, *args, **kwargs)
+
     def get_context_data(self, **kwargs):
         context = super(SubjectUpdateView, self).get_context_data(**kwargs)
         context['title'] = _('Update Subject')
1		1
2	-from django.shortcuts import render, get_object_or_404	2	+from django.shortcuts import render, get_object_or_404, redirect
3	from django.views.generic import ListView, CreateView, DeleteView, UpdateView, TemplateView, DetailView	3	from django.views.generic import ListView, CreateView, DeleteView, UpdateView, TemplateView, DetailView
4	from categories.models import Category	4	from categories.models import Category
5	from django.core.urlresolvers import reverse_lazy	5	from django.core.urlresolvers import reverse_lazy
	@@ -247,6 +247,28 @@ class SubjectUpdateView(LoginRequiredMixin, LogMixin, UpdateView):		@@ -247,6 +247,28 @@ class SubjectUpdateView(LoginRequiredMixin, LogMixin, UpdateView):
247	login_url = reverse_lazy("users:login")	247	login_url = reverse_lazy("users:login")
248	redirect_field_name = 'next'	248	redirect_field_name = 'next'
249		249
		250	+ def dispatch(self, request, args, *kwargs):
		251	+ user = self.request.user
		252	+ subject = get_object_or_404(Subject, slug = kwargs['slug'])
		253	+
		254	+ if not user.is_staff:
		255	+ if not user in subject.professor.all() and not user in subject.category.coordinators.all():
		256	+
		257	+ if request.META.get('HTTP_REFERER'):
		258	+ return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
		259	+ else:
		260	+
		261	+ return redirect('subjects:index')
		262	+
		263	+
		264	+
		265	+
		266	+ if request.method.lower() in self.http_method_names:
		267	+ handler = getattr(self, request.method.lower(), self.http_method_not_allowed)
		268	+ else:
		269	+ handler = self.http_method_not_allowed
		270	+ return handler(request, args, *kwargs)
		271	+
250	def get_context_data(self, **kwargs):	272	def get_context_data(self, **kwargs):
251	context = super(SubjectUpdateView, self).get_context_data(**kwargs)	273	context = super(SubjectUpdateView, self).get_context_data(**kwargs)
252	context['title'] = _('Update Subject')	274	context['title'] = _('Update Subject')