Download as
Browse Code »

Commit d0b7c6046f176500cc771148a96e6229fe966b5a

Authored by Zambom
1 parent 9f5eee53
Exists in master and in 3 other branches amadeus_univasf, image-crop, refactoring

Prevent not admin users to access users app

Showing 1 changed file with 7 additions and 5 deletions   Show diff stats
users/views.py
  Diff comments   View file @d0b7c60
@@ -7,6 +7,8 @@ from django.core.urlresolvers import reverse, reverse_lazy @@ -7,6 +7,8 @@ from django.core.urlresolvers import reverse, reverse_lazy
7 from django.utils.translation import ugettext_lazy as _ 7 from django.utils.translation import ugettext_lazy as _
8 from django.db.models import Q 8 from django.db.models import Q
9 9
  10 +from braces import views as braces_mixins
  11 +
10 from .models import User 12 from .models import User
11 from .forms import RegisterUserForm, ProfileForm, UserForm, ChangePassForm, PassResetRequest, SetPasswordForm 13 from .forms import RegisterUserForm, ProfileForm, UserForm, ChangePassForm, PassResetRequest, SetPasswordForm
12 14
@@ -24,7 +26,7 @@ from .serializers import UserSerializer @@ -24,7 +26,7 @@ from .serializers import UserSerializer
24 from rest_framework.permissions import IsAuthenticated, IsAuthenticatedOrReadOnly 26 from rest_framework.permissions import IsAuthenticated, IsAuthenticatedOrReadOnly
25 27
26 # ================ ADMIN ======================= 28 # ================ ADMIN =======================
27 -class UsersListView(LoginRequiredMixin, generic.ListView): 29 +class UsersListView(braces_mixins.LoginRequiredMixin, braces_mixins.StaffuserRequiredMixin, generic.ListView):
28 login_url = reverse_lazy("users:login") 30 login_url = reverse_lazy("users:login")
29 redirect_field_name = 'next' 31 redirect_field_name = 'next'
30 32
@@ -43,7 +45,7 @@ class UsersListView(LoginRequiredMixin, generic.ListView): @@ -43,7 +45,7 @@ class UsersListView(LoginRequiredMixin, generic.ListView):
43 45
44 return context 46 return context
45 47
46 -class SearchView(LoginRequiredMixin, generic.ListView): 48 +class SearchView(braces_mixins.LoginRequiredMixin, braces_mixins.StaffuserRequiredMixin, generic.ListView):
47 login_url = reverse_lazy("users:login") 49 login_url = reverse_lazy("users:login")
48 redirect_field_name = 'next' 50 redirect_field_name = 'next'
49 51
@@ -73,7 +75,7 @@ class SearchView(LoginRequiredMixin, generic.ListView): @@ -73,7 +75,7 @@ class SearchView(LoginRequiredMixin, generic.ListView):
73 75
74 return context 76 return context
75 77
76 -class CreateView(LoginRequiredMixin, generic.edit.CreateView): 78 +class CreateView(braces_mixins.LoginRequiredMixin, braces_mixins.StaffuserRequiredMixin, generic.edit.CreateView):
77 login_url = reverse_lazy("users:login") 79 login_url = reverse_lazy("users:login")
78 redirect_field_name = 'next' 80 redirect_field_name = 'next'
79 81
@@ -97,7 +99,7 @@ class CreateView(LoginRequiredMixin, generic.edit.CreateView): @@ -97,7 +99,7 @@ class CreateView(LoginRequiredMixin, generic.edit.CreateView):
97 99
98 return context 100 return context
99 101
100 -class UpdateView(LoginRequiredMixin, generic.UpdateView): 102 +class UpdateView(braces_mixins.LoginRequiredMixin, braces_mixins.StaffuserRequiredMixin, generic.UpdateView):
101 login_url = reverse_lazy("users:login") 103 login_url = reverse_lazy("users:login")
102 redirect_field_name = 'next' 104 redirect_field_name = 'next'
103 105
@@ -133,7 +135,7 @@ class UpdateView(LoginRequiredMixin, generic.UpdateView): @@ -133,7 +135,7 @@ class UpdateView(LoginRequiredMixin, generic.UpdateView):
133 135
134 return context 136 return context
135 137
136 -class DeleteView(LoginRequiredMixin, generic.DeleteView): 138 +class DeleteView(braces_mixins.LoginRequiredMixin, braces_mixins.StaffuserRequiredMixin, generic.DeleteView):
137 login_url = reverse_lazy("users:login") 139 login_url = reverse_lazy("users:login")
138 redirect_field_name = 'next' 140 redirect_field_name = 'next'
139 141