Commit 8a1d0aaaf5ad598cb3c6cdbe90447c599102177a
1 parent
fd7a26cd
Exists in
master
and in
3 other branches
Adding file to store permission functions
Showing
2 changed files
with
30 additions
and
0 deletions
Show diff stats
| ... | ... | @@ -0,0 +1,19 @@ |
| 1 | +# File used to store functions to handle permissions | |
| 2 | + | |
| 3 | +""" | |
| 4 | + Function to know if a user has permission to: | |
| 5 | + - Edit Subject | |
| 6 | + - Delete Subject | |
| 7 | + - Create Topic inside Subject | |
| 8 | +""" | |
| 9 | +def has_subject_permissions(user, subject): | |
| 10 | + if user.is_staff: | |
| 11 | + return True | |
| 12 | + | |
| 13 | + if user in subject.professor.all(): | |
| 14 | + return True | |
| 15 | + | |
| 16 | + if user in subject.category.coordinators.all(): | |
| 17 | + return True | |
| 18 | + | |
| 19 | + return False | ... | ... |
topics/views.py
| ... | ... | @@ -5,6 +5,8 @@ from django.core.urlresolvers import reverse, reverse_lazy |
| 5 | 5 | from django.utils.translation import ugettext_lazy as _ |
| 6 | 6 | from django.contrib.auth.mixins import LoginRequiredMixin |
| 7 | 7 | |
| 8 | +from amadeus.permissions import has_subject_permissions | |
| 9 | + | |
| 8 | 10 | from subjects.models import Subject |
| 9 | 11 | |
| 10 | 12 | from .models import Topic |
| ... | ... | @@ -17,6 +19,15 @@ class CreateView(LoginRequiredMixin, generic.edit.CreateView): |
| 17 | 19 | template_name = 'topics/create.html' |
| 18 | 20 | form_class = TopicForm |
| 19 | 21 | |
| 22 | + def dispatch(self, request, *args, **kwargs): | |
| 23 | + slug = self.kwargs.get('slug', '') | |
| 24 | + subject = get_object_or_404(Subject, slug = slug) | |
| 25 | + | |
| 26 | + if not has_subject_permissions(request.user, subject): | |
| 27 | + return redirect(reverse_lazy('subjects:home')) | |
| 28 | + | |
| 29 | + return super(CreateView, self).dispatch(request, *args, **kwargs) | |
| 30 | + | |
| 20 | 31 | def get_initial(self): |
| 21 | 32 | initial = super(CreateView, self).get_initial() |
| 22 | 33 | ... | ... |