Commit 8a1d0aaaf5ad598cb3c6cdbe90447c599102177a
1 parent
fd7a26cd
Exists in
master
and in
3 other branches
Adding file to store permission functions
Showing
2 changed files
with
30 additions
and
0 deletions
Show diff stats
| @@ -0,0 +1,19 @@ | @@ -0,0 +1,19 @@ | ||
| 1 | +# File used to store functions to handle permissions | ||
| 2 | + | ||
| 3 | +""" | ||
| 4 | + Function to know if a user has permission to: | ||
| 5 | + - Edit Subject | ||
| 6 | + - Delete Subject | ||
| 7 | + - Create Topic inside Subject | ||
| 8 | +""" | ||
| 9 | +def has_subject_permissions(user, subject): | ||
| 10 | + if user.is_staff: | ||
| 11 | + return True | ||
| 12 | + | ||
| 13 | + if user in subject.professor.all(): | ||
| 14 | + return True | ||
| 15 | + | ||
| 16 | + if user in subject.category.coordinators.all(): | ||
| 17 | + return True | ||
| 18 | + | ||
| 19 | + return False |
topics/views.py
| @@ -5,6 +5,8 @@ from django.core.urlresolvers import reverse, reverse_lazy | @@ -5,6 +5,8 @@ from django.core.urlresolvers import reverse, reverse_lazy | ||
| 5 | from django.utils.translation import ugettext_lazy as _ | 5 | from django.utils.translation import ugettext_lazy as _ |
| 6 | from django.contrib.auth.mixins import LoginRequiredMixin | 6 | from django.contrib.auth.mixins import LoginRequiredMixin |
| 7 | 7 | ||
| 8 | +from amadeus.permissions import has_subject_permissions | ||
| 9 | + | ||
| 8 | from subjects.models import Subject | 10 | from subjects.models import Subject |
| 9 | 11 | ||
| 10 | from .models import Topic | 12 | from .models import Topic |
| @@ -17,6 +19,15 @@ class CreateView(LoginRequiredMixin, generic.edit.CreateView): | @@ -17,6 +19,15 @@ class CreateView(LoginRequiredMixin, generic.edit.CreateView): | ||
| 17 | template_name = 'topics/create.html' | 19 | template_name = 'topics/create.html' |
| 18 | form_class = TopicForm | 20 | form_class = TopicForm |
| 19 | 21 | ||
| 22 | + def dispatch(self, request, *args, **kwargs): | ||
| 23 | + slug = self.kwargs.get('slug', '') | ||
| 24 | + subject = get_object_or_404(Subject, slug = slug) | ||
| 25 | + | ||
| 26 | + if not has_subject_permissions(request.user, subject): | ||
| 27 | + return redirect(reverse_lazy('subjects:home')) | ||
| 28 | + | ||
| 29 | + return super(CreateView, self).dispatch(request, *args, **kwargs) | ||
| 30 | + | ||
| 20 | def get_initial(self): | 31 | def get_initial(self): |
| 21 | initial = super(CreateView, self).get_initial() | 32 | initial = super(CreateView, self).get_initial() |
| 22 | 33 |