diff --git a/cookbook/templates/space.html b/cookbook/templates/space.html index f37d3fdc3..8174a16db 100644 --- a/cookbook/templates/space.html +++ b/cookbook/templates/space.html @@ -7,6 +7,8 @@ {% block extra_head %} {{ form.media }} + + {% include 'include/vue_base.html' %} {% endblock %} {% block content %} @@ -70,24 +72,72 @@
{% if space_users %} + + + + + + + {% for u in space_users %} + {% endfor %}
{% trans 'User' %}{% trans 'Groups' %}{% trans 'Edit' %}
{{ u.user.username }} - {% trans 'Remove' %} + {{ u.user.groups.all |join:", " }} + +
+ + +
+ + {% trans 'Update' %} +
+
+ +
- {% else %}

{% trans 'There are no members in your space yet!' %}

{% endif %}
+{% endblock %} +{% block script %} + + {% endblock %} \ No newline at end of file diff --git a/cookbook/urls.py b/cookbook/urls.py index cc2bff178..9ff9ae98b 100644 --- a/cookbook/urls.py +++ b/cookbook/urls.py @@ -42,6 +42,7 @@ urlpatterns = [ path('', views.index, name='index'), path('setup/', views.setup, name='view_setup'), path('space/', views.space, name='view_space'), + path('space/member///', views.space_change_member, name='change_space_member'), path('no-group', views.no_groups, name='view_no_group'), path('no-space', views.no_space, name='view_no_space'), path('no-perm', views.no_perm, name='view_no_perm'), diff --git a/cookbook/views/views.py b/cookbook/views/views.py index d6bcbe223..a00acfda1 100644 --- a/cookbook/views/views.py +++ b/cookbook/views/views.py @@ -431,6 +431,7 @@ def signup(request, token): link.used_by = request.user link.save() + request.user.groups.clear() request.user.groups.add(link.group) request.user.userpreference.space = link.space @@ -461,6 +462,8 @@ def signup(request, token): link.used_by = user link.save() + + request.user.groups.clear() user.groups.add(link.group) user.userpreference.space = link.space @@ -501,6 +504,34 @@ def space(request): return render(request, 'space.html', {'space_users': space_users, 'counts': counts}) +# TODO super hacky and quick solution, safe but needs rework +# TODO move group settings to space to prevent permissions from one space to move to another +@group_required('admin') +def space_change_member(request, user_id, space_id, group): + m_space = get_object_or_404(Space, pk=space_id) + m_user = get_object_or_404(User, pk=user_id) + if request.user == m_space.created_by and m_user != m_space.created_by: + if m_user.userpreference.space == m_space: + if group == 'admin': + m_user.groups.clear() + m_user.groups.add(Group.objects.get(name='admin')) + return HttpResponseRedirect(reverse('view_space')) + if group == 'user': + m_user.groups.clear() + m_user.groups.add(Group.objects.get(name='user')) + return HttpResponseRedirect(reverse('view_space')) + if group == 'guest': + m_user.groups.clear() + m_user.groups.add(Group.objects.get(name='guest')) + return HttpResponseRedirect(reverse('view_space')) + if group == 'remove': + m_user.groups.clear() + m_user.userpreference.space = None + m_user.userpreference.save() + return HttpResponseRedirect(reverse('view_space')) + return HttpResponseRedirect(reverse('view_space')) + + def markdown_info(request): return render(request, 'markdown_info.html', {})