Prevent not admin users to access users app

Zambom
1 parent 9f5eee53
Showing 1 changed file with 7 additions and 5 deletions Show diff stats
users/views.py
@@ -7,6 +7,8 @@ from django.core.urlresolvers import reverse, reverse_lazy
 from django.utils.translation import ugettext_lazy as _
 from django.db.models import Q
  
+from braces import views as braces_mixins
+
 from .models import User
 from .forms import RegisterUserForm, ProfileForm, UserForm, ChangePassForm, PassResetRequest, SetPasswordForm
  
@@ -24,7 +26,7 @@ from .serializers import UserSerializer
 from rest_framework.permissions import IsAuthenticated, IsAuthenticatedOrReadOnly
  
 # ================ ADMIN =======================
-class UsersListView(LoginRequiredMixin, generic.ListView):
+class UsersListView(braces_mixins.LoginRequiredMixin, braces_mixins.StaffuserRequiredMixin, generic.ListView):
 	login_url = reverse_lazy("users:login")
 	redirect_field_name = 'next'
  
@@ -43,7 +45,7 @@ class UsersListView(LoginRequiredMixin, generic.ListView):
  
 		return context
  
-class SearchView(LoginRequiredMixin, generic.ListView):
+class SearchView(braces_mixins.LoginRequiredMixin, braces_mixins.StaffuserRequiredMixin, generic.ListView):
 	login_url = reverse_lazy("users:login")
 	redirect_field_name = 'next'
  
@@ -73,7 +75,7 @@ class SearchView(LoginRequiredMixin, generic.ListView):
  
 		return context
  
-class CreateView(LoginRequiredMixin, generic.edit.CreateView):
+class CreateView(braces_mixins.LoginRequiredMixin, braces_mixins.StaffuserRequiredMixin, generic.edit.CreateView):
 	login_url = reverse_lazy("users:login")
 	redirect_field_name = 'next'
  
@@ -97,7 +99,7 @@ class CreateView(LoginRequiredMixin, generic.edit.CreateView):
  
 		return context
  
-class UpdateView(LoginRequiredMixin, generic.UpdateView):
+class UpdateView(braces_mixins.LoginRequiredMixin, braces_mixins.StaffuserRequiredMixin, generic.UpdateView):
 	login_url = reverse_lazy("users:login")
 	redirect_field_name = 'next'
  
@@ -133,7 +135,7 @@ class UpdateView(LoginRequiredMixin, generic.UpdateView):
  
 		return context
  
-class DeleteView(LoginRequiredMixin, generic.DeleteView):
+class DeleteView(braces_mixins.LoginRequiredMixin, braces_mixins.StaffuserRequiredMixin, generic.DeleteView):
 	login_url = reverse_lazy("users:login")
 	redirect_field_name = 'next'
...	...	@@ -7,6 +7,8 @@ from django.core.urlresolvers import reverse, reverse_lazy
7	7	from django.utils.translation import ugettext_lazy as _
8	8	from django.db.models import Q
9	9
	10	+from braces import views as braces_mixins
	11	+
10	12	from .models import User
11	13	from .forms import RegisterUserForm, ProfileForm, UserForm, ChangePassForm, PassResetRequest, SetPasswordForm
12	14
...	...	@@ -24,7 +26,7 @@ from .serializers import UserSerializer
24	26	from rest_framework.permissions import IsAuthenticated, IsAuthenticatedOrReadOnly
25	27
26	28	# ================ ADMIN =======================
27		-class UsersListView(LoginRequiredMixin, generic.ListView):
	29	+class UsersListView(braces_mixins.LoginRequiredMixin, braces_mixins.StaffuserRequiredMixin, generic.ListView):
28	30	login_url = reverse_lazy("users:login")
29	31	redirect_field_name = 'next'
30	32
...	...	@@ -43,7 +45,7 @@ class UsersListView(LoginRequiredMixin, generic.ListView):
43	45
44	46	return context
45	47
46		-class SearchView(LoginRequiredMixin, generic.ListView):
	48	+class SearchView(braces_mixins.LoginRequiredMixin, braces_mixins.StaffuserRequiredMixin, generic.ListView):
47	49	login_url = reverse_lazy("users:login")
48	50	redirect_field_name = 'next'
49	51
...	...	@@ -73,7 +75,7 @@ class SearchView(LoginRequiredMixin, generic.ListView):
73	75
74	76	return context
75	77
76		-class CreateView(LoginRequiredMixin, generic.edit.CreateView):
	78	+class CreateView(braces_mixins.LoginRequiredMixin, braces_mixins.StaffuserRequiredMixin, generic.edit.CreateView):
77	79	login_url = reverse_lazy("users:login")
78	80	redirect_field_name = 'next'
79	81
...	...	@@ -97,7 +99,7 @@ class CreateView(LoginRequiredMixin, generic.edit.CreateView):
97	99
98	100	return context
99	101
100		-class UpdateView(LoginRequiredMixin, generic.UpdateView):
	102	+class UpdateView(braces_mixins.LoginRequiredMixin, braces_mixins.StaffuserRequiredMixin, generic.UpdateView):
101	103	login_url = reverse_lazy("users:login")
102	104	redirect_field_name = 'next'
103	105
...	...	@@ -133,7 +135,7 @@ class UpdateView(LoginRequiredMixin, generic.UpdateView):
133	135
134	136	return context
135	137
136		-class DeleteView(LoginRequiredMixin, generic.DeleteView):
	138	+class DeleteView(braces_mixins.LoginRequiredMixin, braces_mixins.StaffuserRequiredMixin, generic.DeleteView):
137	139	login_url = reverse_lazy("users:login")
138	140	redirect_field_name = 'next'
139	141
...	...