added fast checking to views, still has the delete view to work on, then all views are protected

Felipe Henrique de Almeida Bormann
1 parent 56cc5632
Showing 1 changed file with 53 additions and 4 deletions Show diff stats
subjects/views.py
@@ -176,12 +176,40 @@ class SubjectCreateView(LoginRequiredMixin, CreateView):
  
     success_url = reverse_lazy('subject:index')
  
+    def dispatch(self, request, *args, **kwargs):
+        user = request.user
+        pk = user.pk 
+        if kwargs.get('subject_slug'):
+            Subject.objects.filter((Q(professor__pk=pk) | Q(category__coordinators__pk=pk)) & Q(slug = kwargs.get('subject_slug')))
+            if not user.is_staff:
+                if subject.count() == 0:
+                    if request.META.get('HTTP_REFERER'):
+                        return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
+                    else:
+                        return redirect('subjects:index')
+    
+
+        if kwargs.get('slug'):
+            subject = Subject.objects.filter((Q(professor__pk=pk) | Q(category__coordinators__pk=pk)) & Q(slug = kwargs.get('slug')))
+            if not user.is_staff:
+                if subject.count() == 0:
+                        if request.META.get('HTTP_REFERER'):
+                            return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
+                        else:
+                            return redirect('subjects:index')               
+        if request.method.lower() in self.http_method_names:
+            handler = getattr(self, request.method.lower(), self.http_method_not_allowed)
+        else:
+            handler = self.http_method_not_allowed
+        return handler(request, *args, **kwargs)
+   
+
     def get_initial(self):
         initial = super(SubjectCreateView, self).get_initial()
         if self.kwargs.get('slug'): #when the user creates a subject
             initial['category'] = Category.objects.all().filter(slug=self.kwargs['slug'])
  
-        if self.kwargs.get('subject_slug'): #when the user updates a subject
+        if self.kwargs.get('subject_slug'): #when the user replicate a subject
             subject = get_object_or_404(Subject, slug = self.kwargs['subject_slug'])
             initial = initial.copy()
             initial['category'] = subject.category
@@ -249,11 +277,12 @@ class SubjectUpdateView(LoginRequiredMixin, LogMixin, UpdateView):
  
     def dispatch(self, request, *args, **kwargs):
         user = self.request.user
-        subject = get_object_or_404(Subject, slug = kwargs['slug'])
  
-        if not user.is_staff:
-            if not user in subject.professor.all() and not user in subject.category.coordinators.all():
+        pk = user.pk
  
+        subject = Subject.objects.filter((Q(professor__pk=pk) | Q(category__coordinators__pk=pk)) & Q(slug = kwargs.get('slug')))
+        if not user.is_staff:
+            if subject.count() == 0:
                 if request.META.get('HTTP_REFERER'):
                     return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
                 else:
@@ -334,6 +363,26 @@ class SubjectDetailView(LoginRequiredMixin, DetailView):
     template_name = 'subjects/view.html'
     context_object_name = 'subject'
  
+    def dispatch(self, request, *args,**kwargs):
+        user = request.user
+        pk = user.pk
+        if kwargs.get('slug') and not user.is_staff:
+            subject = get_object_or_404(Subject, slug = kwargs.get('slug'))
+
+            subject = Subject.objects.filter((Q(students__pk=pk) | Q(professor__pk=pk) | Q(category__coordinators__pk=pk)) & Q(slug = kwargs.get('slug')))
+            
+            if subject.count() == 0:
+                if request.META.get('HTTP_REFERER'):
+                    return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
+                else:
+                    return redirect('subjects:home')
+                            
+        if request.method.lower() in self.http_method_names:
+            handler = getattr(self, request.method.lower(), self.http_method_not_allowed)
+        else:
+            handler = self.http_method_not_allowed
+        return handler(request, *args, **kwargs)
+
     def get_context_data(self, **kwargs):
         context = super(SubjectDetailView, self).get_context_data(**kwargs)
         context['title'] = self.object.name
...	...	@@ -176,12 +176,40 @@ class SubjectCreateView(LoginRequiredMixin, CreateView):
176	176
177	177	success_url = reverse_lazy('subject:index')
178	178
	179	+ def dispatch(self, request, args, *kwargs):
	180	+ user = request.user
	181	+ pk = user.pk
	182	+ if kwargs.get('subject_slug'):
	183	+ Subject.objects.filter((Q(professor__pk=pk) \| Q(category__coordinators__pk=pk)) & Q(slug = kwargs.get('subject_slug')))
	184	+ if not user.is_staff:
	185	+ if subject.count() == 0:
	186	+ if request.META.get('HTTP_REFERER'):
	187	+ return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
	188	+ else:
	189	+ return redirect('subjects:index')
	190	+
	191	+
	192	+ if kwargs.get('slug'):
	193	+ subject = Subject.objects.filter((Q(professor__pk=pk) \| Q(category__coordinators__pk=pk)) & Q(slug = kwargs.get('slug')))
	194	+ if not user.is_staff:
	195	+ if subject.count() == 0:
	196	+ if request.META.get('HTTP_REFERER'):
	197	+ return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
	198	+ else:
	199	+ return redirect('subjects:index')
	200	+ if request.method.lower() in self.http_method_names:
	201	+ handler = getattr(self, request.method.lower(), self.http_method_not_allowed)
	202	+ else:
	203	+ handler = self.http_method_not_allowed
	204	+ return handler(request, args, *kwargs)
	205	+
	206	+
179	207	def get_initial(self):
180	208	initial = super(SubjectCreateView, self).get_initial()
181	209	if self.kwargs.get('slug'): #when the user creates a subject
182	210	initial['category'] = Category.objects.all().filter(slug=self.kwargs['slug'])
183	211
184		- if self.kwargs.get('subject_slug'): #when the user updates a subject
	212	+ if self.kwargs.get('subject_slug'): #when the user replicate a subject
185	213	subject = get_object_or_404(Subject, slug = self.kwargs['subject_slug'])
186	214	initial = initial.copy()
187	215	initial['category'] = subject.category
...	...	@@ -249,11 +277,12 @@ class SubjectUpdateView(LoginRequiredMixin, LogMixin, UpdateView):
249	277
250	278	def dispatch(self, request, args, *kwargs):
251	279	user = self.request.user
252		- subject = get_object_or_404(Subject, slug = kwargs['slug'])
253	280
254		- if not user.is_staff:
255		- if not user in subject.professor.all() and not user in subject.category.coordinators.all():
	281	+ pk = user.pk
256	282
	283	+ subject = Subject.objects.filter((Q(professor__pk=pk) \| Q(category__coordinators__pk=pk)) & Q(slug = kwargs.get('slug')))
	284	+ if not user.is_staff:
	285	+ if subject.count() == 0:
257	286	if request.META.get('HTTP_REFERER'):
258	287	return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
259	288	else:
...	...	@@ -334,6 +363,26 @@ class SubjectDetailView(LoginRequiredMixin, DetailView):
334	363	template_name = 'subjects/view.html'
335	364	context_object_name = 'subject'
336	365
	366	+ def dispatch(self, request, args,*kwargs):
	367	+ user = request.user
	368	+ pk = user.pk
	369	+ if kwargs.get('slug') and not user.is_staff:
	370	+ subject = get_object_or_404(Subject, slug = kwargs.get('slug'))
	371	+
	372	+ subject = Subject.objects.filter((Q(students__pk=pk) \| Q(professor__pk=pk) \| Q(category__coordinators__pk=pk)) & Q(slug = kwargs.get('slug')))
	373	+
	374	+ if subject.count() == 0:
	375	+ if request.META.get('HTTP_REFERER'):
	376	+ return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
	377	+ else:
	378	+ return redirect('subjects:home')
	379	+
	380	+ if request.method.lower() in self.http_method_names:
	381	+ handler = getattr(self, request.method.lower(), self.http_method_not_allowed)
	382	+ else:
	383	+ handler = self.http_method_not_allowed
	384	+ return handler(request, args, *kwargs)
	385	+
337	386	def get_context_data(self, **kwargs):
338	387	context = super(SubjectDetailView, self).get_context_data(**kwargs)
339	388	context['title'] = self.object.name
...	...