From a4a62af3d2849313d9ff36bf430245a08bb332f3 Mon Sep 17 00:00:00 2001 From: vabene1111 Date: Mon, 9 Dec 2019 11:34:44 +0100 Subject: [PATCH] storage permission --- .../migrations/0004_storage_created_by.py | 22 +++++++++++++++++++ cookbook/models.py | 1 + cookbook/views/edit.py | 22 +++++-------------- cookbook/views/new.py | 6 +++++ 4 files changed, 34 insertions(+), 17 deletions(-) create mode 100644 cookbook/migrations/0004_storage_created_by.py diff --git a/cookbook/migrations/0004_storage_created_by.py b/cookbook/migrations/0004_storage_created_by.py new file mode 100644 index 000000000..cce09db48 --- /dev/null +++ b/cookbook/migrations/0004_storage_created_by.py @@ -0,0 +1,22 @@ +# Generated by Django 3.0 on 2019-12-09 10:30 + +from django.conf import settings +from django.db import migrations, models +import django.db.models.deletion + + +class Migration(migrations.Migration): + + dependencies = [ + migrations.swappable_dependency(settings.AUTH_USER_MODEL), + ('cookbook', '0003_enable_pgtrm'), + ] + + operations = [ + migrations.AddField( + model_name='storage', + name='created_by', + field=models.ForeignKey(default=1, on_delete=django.db.models.deletion.PROTECT, to=settings.AUTH_USER_MODEL), + preserve_default=False, + ), + ] diff --git a/cookbook/models.py b/cookbook/models.py index a080ae26f..e284d0328 100644 --- a/cookbook/models.py +++ b/cookbook/models.py @@ -13,6 +13,7 @@ class Storage(models.Model): password = models.CharField(max_length=128, blank=True, null=True) token = models.CharField(max_length=512, blank=True, null=True) url = models.URLField(blank=True, null=True) + created_by = models.ForeignKey(User, on_delete=models.PROTECT) def __str__(self): return self.name diff --git a/cookbook/views/edit.py b/cookbook/views/edit.py index 125740149..d15a4cf60 100644 --- a/cookbook/views/edit.py +++ b/cookbook/views/edit.py @@ -107,26 +107,14 @@ class KeywordUpdate(LoginRequiredMixin, UpdateView): return context -class StorageUpdate(LoginRequiredMixin, UpdateView): - template_name = "generic/edit_template.html" - model = Storage - form_class = StorageForm - - # TODO add msg box - - def get_success_url(self): - return reverse('edit_storage', kwargs={'pk': self.object.pk}) - - def get_context_data(self, **kwargs): - context = super(StorageUpdate, self).get_context_data(**kwargs) - context['title'] = _("Storage Backend") - return context - - @login_required def edit_storage(request, pk): instance = get_object_or_404(Storage, pk=pk) + if not (instance.created_by == request.user or request.user.is_superuser): + messages.add_message(request, messages.ERROR, _('You cannot edit this comment!')) + return HttpResponseRedirect(reverse('list_storage')) + if request.method == "POST": form = StorageForm(request.POST) if form.is_valid(): @@ -166,7 +154,7 @@ class CommentUpdate(LoginRequiredMixin, UpdateView): def dispatch(self, request, *args, **kwargs): obj = self.get_object() - if not obj.created_by == request.user: + if not (obj.created_by == request.user or request.user.is_superuser): messages.add_message(request, messages.ERROR, _('You cannot edit this comment!')) return HttpResponseRedirect(reverse('view_recipe', args=[obj.recipe.pk])) return super(CommentUpdate, self).dispatch(request, *args, **kwargs) diff --git a/cookbook/views/new.py b/cookbook/views/new.py index 5ffa26b0f..61451c0fb 100644 --- a/cookbook/views/new.py +++ b/cookbook/views/new.py @@ -50,6 +50,12 @@ class StorageCreate(LoginRequiredMixin, CreateView): form_class = StorageForm success_url = reverse_lazy('list_storage') + def form_valid(self, form): + obj = form.save(commit=False) + obj.created_by = self.request.user + obj.save() + return HttpResponseRedirect(reverse('edit_storage', kwargs={'pk': obj.pk})) + def get_context_data(self, **kwargs): context = super(StorageCreate, self).get_context_data(**kwargs) context['title'] = _("Storage Backend")