added fast checking to views, still has the delete view to work on, then all views are protected

Felipe Henrique de Almeida Bormann
1 parent 56cc5632
Showing 1 changed file with 53 additions and 4 deletions Show diff stats
subjects/views.py
@@ -176,12 +176,40 @@ class SubjectCreateView(LoginRequiredMixin, CreateView):
     success_url = reverse_lazy('subject:index')
+    def dispatch(self, request, *args, **kwargs):
+        user = request.user
+        pk = user.pk 
+        if kwargs.get('subject_slug'):
+            Subject.objects.filter((Q(professor__pk=pk) | Q(category__coordinators__pk=pk)) & Q(slug = kwargs.get('subject_slug')))
+            if not user.is_staff:
+                if subject.count() == 0:
+                    if request.META.get('HTTP_REFERER'):
+                        return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
+                    else:
+                        return redirect('subjects:index')
+    
+
+        if kwargs.get('slug'):
+            subject = Subject.objects.filter((Q(professor__pk=pk) | Q(category__coordinators__pk=pk)) & Q(slug = kwargs.get('slug')))
+            if not user.is_staff:
+                if subject.count() == 0:
+                        if request.META.get('HTTP_REFERER'):
+                            return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
+                        else:
+                            return redirect('subjects:index')               
+        if request.method.lower() in self.http_method_names:
+            handler = getattr(self, request.method.lower(), self.http_method_not_allowed)
+        else:
+            handler = self.http_method_not_allowed
+        return handler(request, *args, **kwargs)
+   
+
     def get_initial(self):
         initial = super(SubjectCreateView, self).get_initial()
         if self.kwargs.get('slug'): #when the user creates a subject
             initial['category'] = Category.objects.all().filter(slug=self.kwargs['slug'])
-        if self.kwargs.get('subject_slug'): #when the user updates a subject
+        if self.kwargs.get('subject_slug'): #when the user replicate a subject
             subject = get_object_or_404(Subject, slug = self.kwargs['subject_slug'])
             initial = initial.copy()
             initial['category'] = subject.category
@@ -249,11 +277,12 @@ class SubjectUpdateView(LoginRequiredMixin, LogMixin, UpdateView):
     def dispatch(self, request, *args, **kwargs):
         user = self.request.user
-        subject = get_object_or_404(Subject, slug = kwargs['slug'])
-        if not user.is_staff:
-            if not user in subject.professor.all() and not user in subject.category.coordinators.all():
+        pk = user.pk
+        subject = Subject.objects.filter((Q(professor__pk=pk) | Q(category__coordinators__pk=pk)) & Q(slug = kwargs.get('slug')))
+        if not user.is_staff:
+            if subject.count() == 0:
                 if request.META.get('HTTP_REFERER'):
                     return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
                 else:
@@ -334,6 +363,26 @@ class SubjectDetailView(LoginRequiredMixin, DetailView):
     template_name = 'subjects/view.html'
     context_object_name = 'subject'
+    def dispatch(self, request, *args,**kwargs):
+        user = request.user
+        pk = user.pk
+        if kwargs.get('slug') and not user.is_staff:
+            subject = get_object_or_404(Subject, slug = kwargs.get('slug'))
+
+            subject = Subject.objects.filter((Q(students__pk=pk) | Q(professor__pk=pk) | Q(category__coordinators__pk=pk)) & Q(slug = kwargs.get('slug')))
+            
+            if subject.count() == 0:
+                if request.META.get('HTTP_REFERER'):
+                    return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
+                else:
+                    return redirect('subjects:home')
+                            
+        if request.method.lower() in self.http_method_names:
+            handler = getattr(self, request.method.lower(), self.http_method_not_allowed)
+        else:
+            handler = self.http_method_not_allowed
+        return handler(request, *args, **kwargs)
+
     def get_context_data(self, **kwargs):
         context = super(SubjectDetailView, self).get_context_data(**kwargs)
         context['title'] = self.object.name
	@@ -176,12 +176,40 @@ class SubjectCreateView(LoginRequiredMixin, CreateView):		@@ -176,12 +176,40 @@ class SubjectCreateView(LoginRequiredMixin, CreateView):
176		176
177	success_url = reverse_lazy('subject:index')	177	success_url = reverse_lazy('subject:index')
178		178
		179	+ def dispatch(self, request, args, *kwargs):
		180	+ user = request.user
		181	+ pk = user.pk
		182	+ if kwargs.get('subject_slug'):
		183	+ Subject.objects.filter((Q(professor__pk=pk) \| Q(category__coordinators__pk=pk)) & Q(slug = kwargs.get('subject_slug')))
		184	+ if not user.is_staff:
		185	+ if subject.count() == 0:
		186	+ if request.META.get('HTTP_REFERER'):
		187	+ return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
		188	+ else:
		189	+ return redirect('subjects:index')
		190	+
		191	+
		192	+ if kwargs.get('slug'):
		193	+ subject = Subject.objects.filter((Q(professor__pk=pk) \| Q(category__coordinators__pk=pk)) & Q(slug = kwargs.get('slug')))
		194	+ if not user.is_staff:
		195	+ if subject.count() == 0:
		196	+ if request.META.get('HTTP_REFERER'):
		197	+ return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
		198	+ else:
		199	+ return redirect('subjects:index')
		200	+ if request.method.lower() in self.http_method_names:
		201	+ handler = getattr(self, request.method.lower(), self.http_method_not_allowed)
		202	+ else:
		203	+ handler = self.http_method_not_allowed
		204	+ return handler(request, args, *kwargs)
		205	+
		206	+
179	def get_initial(self):	207	def get_initial(self):
180	initial = super(SubjectCreateView, self).get_initial()	208	initial = super(SubjectCreateView, self).get_initial()
181	if self.kwargs.get('slug'): #when the user creates a subject	209	if self.kwargs.get('slug'): #when the user creates a subject
182	initial['category'] = Category.objects.all().filter(slug=self.kwargs['slug'])	210	initial['category'] = Category.objects.all().filter(slug=self.kwargs['slug'])
183		211
184	- if self.kwargs.get('subject_slug'): #when the user updates a subject	212	+ if self.kwargs.get('subject_slug'): #when the user replicate a subject
185	subject = get_object_or_404(Subject, slug = self.kwargs['subject_slug'])	213	subject = get_object_or_404(Subject, slug = self.kwargs['subject_slug'])
186	initial = initial.copy()	214	initial = initial.copy()
187	initial['category'] = subject.category	215	initial['category'] = subject.category
	@@ -249,11 +277,12 @@ class SubjectUpdateView(LoginRequiredMixin, LogMixin, UpdateView):		@@ -249,11 +277,12 @@ class SubjectUpdateView(LoginRequiredMixin, LogMixin, UpdateView):
249		277
250	def dispatch(self, request, args, *kwargs):	278	def dispatch(self, request, args, *kwargs):
251	user = self.request.user	279	user = self.request.user
252	- subject = get_object_or_404(Subject, slug = kwargs['slug'])
253		280
254	- if not user.is_staff:
255	- if not user in subject.professor.all() and not user in subject.category.coordinators.all():	281	+ pk = user.pk
256		282
		283	+ subject = Subject.objects.filter((Q(professor__pk=pk) \| Q(category__coordinators__pk=pk)) & Q(slug = kwargs.get('slug')))
		284	+ if not user.is_staff:
		285	+ if subject.count() == 0:
257	if request.META.get('HTTP_REFERER'):	286	if request.META.get('HTTP_REFERER'):
258	return HttpResponseRedirect(request.META.get('HTTP_REFERER'))	287	return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
259	else:	288	else:
	@@ -334,6 +363,26 @@ class SubjectDetailView(LoginRequiredMixin, DetailView):		@@ -334,6 +363,26 @@ class SubjectDetailView(LoginRequiredMixin, DetailView):
334	template_name = 'subjects/view.html'	363	template_name = 'subjects/view.html'
335	context_object_name = 'subject'	364	context_object_name = 'subject'
336		365
		366	+ def dispatch(self, request, args,*kwargs):
		367	+ user = request.user
		368	+ pk = user.pk
		369	+ if kwargs.get('slug') and not user.is_staff:
		370	+ subject = get_object_or_404(Subject, slug = kwargs.get('slug'))
		371	+
		372	+ subject = Subject.objects.filter((Q(students__pk=pk) \| Q(professor__pk=pk) \| Q(category__coordinators__pk=pk)) & Q(slug = kwargs.get('slug')))
		373	+
		374	+ if subject.count() == 0:
		375	+ if request.META.get('HTTP_REFERER'):
		376	+ return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
		377	+ else:
		378	+ return redirect('subjects:home')
		379	+
		380	+ if request.method.lower() in self.http_method_names:
		381	+ handler = getattr(self, request.method.lower(), self.http_method_not_allowed)
		382	+ else:
		383	+ handler = self.http_method_not_allowed
		384	+ return handler(request, args, *kwargs)
		385	+
337	def get_context_data(self, **kwargs):	386	def get_context_data(self, **kwargs):
338	context = super(SubjectDetailView, self).get_context_data(**kwargs)	387	context = super(SubjectDetailView, self).get_context_data(**kwargs)
339	context['title'] = self.object.name	388	context['title'] = self.object.name