Download as
Browse Code »

Commit e6db2cc6eb6a8a4751ea105734e328ffd7f16327

Authored by Jailson Dias
1 parent 86c2739f
Exists in master and in 5 other branches amadeus_univasf, dev, image-crop, pdf_file_html, refactoring

Ajustes no acesso unitario de subjects e topics (issues #35 e #36)

Showing 2 changed files with 54 additions and 2 deletions   Show diff stats
courses/permissions.py 0 → 100644
  Diff comments   View file @e6db2cc
@@ -0,0 +1,32 @@ @@ -0,0 +1,32 @@
  1 +from rolepermissions.permissions import register_object_checker
  2 +from amadeus.roles import SystemAdmin
  3 +
  4 +@register_object_checker()
  5 +def edit_topic(role, user, topic):
  6 + if (role == SystemAdmin):
  7 + return True
  8 +
  9 + if (user == topic.owner):
  10 + return True
  11 +
  12 + return False
  13 +
  14 +@register_object_checker()
  15 +def edit_subject(role, user, subject):
  16 + if (role == SystemAdmin):
  17 + return True
  18 +
  19 + if (user in subject.professors.all()):
  20 + return True
  21 +
  22 + return False
  23 +
  24 +@register_object_checker()
  25 +def delete_subject(role, user, subject):
  26 + if (role == SystemAdmin):
  27 + return True
  28 +
  29 + if (user in subject.professors.all()):
  30 + return True
  31 +
  32 + return False
courses/views.py
  Diff comments   View file @e6db2cc
@@ -10,6 +10,7 @@ from django.utils.translation import ugettext_lazy as _ @@ -10,6 +10,7 @@ from django.utils.translation import ugettext_lazy as _
10 from slugify import slugify 10 from slugify import slugify
11 from rolepermissions.verifications import has_role 11 from rolepermissions.verifications import has_role
12 from django.db.models import Q 12 from django.db.models import Q
  13 +from rolepermissions.verifications import has_object_permission
13 14
14 from .forms import CourseForm, CategoryForm, SubjectForm,TopicForm 15 from .forms import CourseForm, CategoryForm, SubjectForm,TopicForm
15 from .models import Course, Subject, Category,Topic 16 from .models import Course, Subject, Category,Topic
@@ -223,7 +224,7 @@ class SubjectsView(LoginRequiredMixin, generic.ListView): @@ -223,7 +224,7 @@ class SubjectsView(LoginRequiredMixin, generic.ListView):
223 224
224 class CreateTopicView(LoginRequiredMixin, HasRoleMixin, NotificationMixin, generic.edit.CreateView): 225 class CreateTopicView(LoginRequiredMixin, HasRoleMixin, NotificationMixin, generic.edit.CreateView):
225 226
226 - allowed_roles = ['professor', 'system_admin','student'] 227 + allowed_roles = ['professor', 'system_admin']
227 login_url = reverse_lazy("core:home") 228 login_url = reverse_lazy("core:home")
228 redirect_field_name = 'next' 229 redirect_field_name = 'next'
229 template_name = 'topic/create.html' 230 template_name = 'topic/create.html'
@@ -254,12 +255,18 @@ class CreateTopicView(LoginRequiredMixin, HasRoleMixin, NotificationMixin, gener @@ -254,12 +255,18 @@ class CreateTopicView(LoginRequiredMixin, HasRoleMixin, NotificationMixin, gener
254 255
255 class UpdateTopicView(LoginRequiredMixin, HasRoleMixin, generic.UpdateView): 256 class UpdateTopicView(LoginRequiredMixin, HasRoleMixin, generic.UpdateView):
256 257
257 - allowed_roles = ['professor', 'system_admin','student'] 258 + allowed_roles = ['professor','system_admin']
258 login_url = reverse_lazy("core:home") 259 login_url = reverse_lazy("core:home")
259 redirect_field_name = 'next' 260 redirect_field_name = 'next'
260 template_name = 'topic/update.html' 261 template_name = 'topic/update.html'
261 form_class = TopicForm 262 form_class = TopicForm
262 263
  264 + def dispatch(self, *args, **kwargs):
  265 + topic = get_object_or_404(Topic, slug = self.kwargs.get('slug'))
  266 + if(not has_object_permission('edit_topic', self.request.user, topic)):
  267 + return self.handle_no_permission()
  268 + return super(UpdateTopicView, self).dispatch(*args, **kwargs)
  269 +
263 def get_object(self, queryset=None): 270 def get_object(self, queryset=None):
264 return get_object_or_404(Topic, slug = self.kwargs.get('slug')) 271 return get_object_or_404(Topic, slug = self.kwargs.get('slug'))
265 272
@@ -315,6 +322,12 @@ class UpdateSubjectView(LoginRequiredMixin, HasRoleMixin, generic.UpdateView): @@ -315,6 +322,12 @@ class UpdateSubjectView(LoginRequiredMixin, HasRoleMixin, generic.UpdateView):
315 template_name = 'subject/update.html' 322 template_name = 'subject/update.html'
316 form_class = SubjectForm 323 form_class = SubjectForm
317 324
  325 + def dispatch(self, *args, **kwargs):
  326 + subject = get_object_or_404(Subject, slug = self.kwargs.get('slug'))
  327 + if(not has_object_permission('edit_subject', self.request.user, subject)):
  328 + return self.handle_no_permission()
  329 + return super(UpdateSubjectView, self).dispatch(*args, **kwargs)
  330 +
318 def get_object(self, queryset=None): 331 def get_object(self, queryset=None):
319 context = get_object_or_404(Subject, slug = self.kwargs.get('slug')) 332 context = get_object_or_404(Subject, slug = self.kwargs.get('slug'))
320 return context 333 return context
@@ -339,6 +352,13 @@ class DeleteSubjectView(LoginRequiredMixin, HasRoleMixin, generic.DeleteView): @@ -339,6 +352,13 @@ class DeleteSubjectView(LoginRequiredMixin, HasRoleMixin, generic.DeleteView):
339 model = Subject 352 model = Subject
340 template_name = 'subject/delete.html' 353 template_name = 'subject/delete.html'
341 354
  355 + def dispatch(self, *args, **kwargs):
  356 + subject = get_object_or_404(Subject, slug = self.kwargs.get('slug'))
  357 + if(not has_object_permission('delete_subject', self.request.user, subject)):
  358 + return self.handle_no_permission()
  359 + return super(DeleteSubjectView, self).dispatch(*args, **kwargs)
  360 +
  361 +
342 def get_context_data(self, **kwargs): 362 def get_context_data(self, **kwargs):
343 context = super(DeleteSubjectView, self).get_context_data(**kwargs) 363 context = super(DeleteSubjectView, self).get_context_data(**kwargs)
344 context['course'] = self.object.course 364 context['course'] = self.object.course