Views security updated

Gustavo
1 parent f3a41508
Showing 1 changed file with 15 additions and 0 deletions Show diff stats
news/views.py
@@ -78,6 +78,11 @@ class CreateNewsView(LoginRequiredMixin,LogMixin,generic.edit.CreateView):
     template_name = 'news/create.html'
     form_class = NewsForm
  
+    def dispatch(self, request, *args, **kwargs):
+        if not request.user.is_staff:
+            return redirect(reverse_lazy('subjects:home'))
+        return super(CreateNewsView, self).dispatch(request, *args, **kwargs)
+
     def form_valid(self, form):
         self.object = form.save(commit = False)
         creator = self.request.user
@@ -117,6 +122,11 @@ class UpdateNewsView(LoginRequiredMixin,LogMixin,generic.UpdateView):
     form_class = NewsForm
     model = News
  
+    def dispatch(self, request, *args, **kwargs):
+        if not request.user.is_staff:
+            return redirect(reverse_lazy('subjects:home'))
+        return super(UpdateNewsView, self).dispatch(request, *args, **kwargs)
+
     def get_success_url(self):
         messages.success(self.request, _('News successfully created!'))
  
@@ -198,6 +208,11 @@ class DeleteNewsView(LoginRequiredMixin,LogMixin,generic.DeleteView):
     model = News
     template_name = 'news/delete.html'
  
+    def dispatch(self, request, *args, **kwargs):
+        if not request.user.is_staff:
+            return redirect(reverse_lazy('subjects:home'))
+        return super(DeleteNewsView, self).dispatch(request, *args, **kwargs)
+
     def delete(self, request, *args, **kwargs):
         news = get_object_or_404(News, slug = self.kwargs.get('slug'))
         return super(DeleteNewsView, self).delete(self, request, *args, **kwargs)
...	...	@@ -78,6 +78,11 @@ class CreateNewsView(LoginRequiredMixin,LogMixin,generic.edit.CreateView):
78	78	template_name = 'news/create.html'
79	79	form_class = NewsForm
80	80
	81	+ def dispatch(self, request, args, *kwargs):
	82	+ if not request.user.is_staff:
	83	+ return redirect(reverse_lazy('subjects:home'))
	84	+ return super(CreateNewsView, self).dispatch(request, args, *kwargs)
	85	+
81	86	def form_valid(self, form):
82	87	self.object = form.save(commit = False)
83	88	creator = self.request.user
...	...	@@ -117,6 +122,11 @@ class UpdateNewsView(LoginRequiredMixin,LogMixin,generic.UpdateView):
117	122	form_class = NewsForm
118	123	model = News
119	124
	125	+ def dispatch(self, request, args, *kwargs):
	126	+ if not request.user.is_staff:
	127	+ return redirect(reverse_lazy('subjects:home'))
	128	+ return super(UpdateNewsView, self).dispatch(request, args, *kwargs)
	129	+
120	130	def get_success_url(self):
121	131	messages.success(self.request, _('News successfully created!'))
122	132
...	...	@@ -198,6 +208,11 @@ class DeleteNewsView(LoginRequiredMixin,LogMixin,generic.DeleteView):
198	208	model = News
199	209	template_name = 'news/delete.html'
200	210
	211	+ def dispatch(self, request, args, *kwargs):
	212	+ if not request.user.is_staff:
	213	+ return redirect(reverse_lazy('subjects:home'))
	214	+ return super(DeleteNewsView, self).dispatch(request, args, *kwargs)
	215	+
201	216	def delete(self, request, args, *kwargs):
202	217	news = get_object_or_404(News, slug = self.kwargs.get('slug'))
203	218	return super(DeleteNewsView, self).delete(self, request, args, *kwargs)
...	...