storage permission

2026-01-01 04:10:06 -05:00 · 2019-12-09 11:34:44 +01:00
parent 590e083b14
commit a4a62af3d2
4 changed files with 34 additions and 17 deletions
--- a/cookbook/views/edit.py
+++ b/cookbook/views/edit.py
@@ -107,26 +107,14 @@ class KeywordUpdate(LoginRequiredMixin, UpdateView):
        return context


-class StorageUpdate(LoginRequiredMixin, UpdateView):
-    template_name = "generic/edit_template.html"
-    model = Storage
-    form_class = StorageForm
-
-    # TODO add msg box
-
-    def get_success_url(self):
-        return reverse('edit_storage', kwargs={'pk': self.object.pk})
-
-    def get_context_data(self, **kwargs):
-        context = super(StorageUpdate, self).get_context_data(**kwargs)
-        context['title'] = _("Storage Backend")
-        return context
-
-
@login_required
 def edit_storage(request, pk):
    instance = get_object_or_404(Storage, pk=pk)

+    if not (instance.created_by == request.user or request.user.is_superuser):
+        messages.add_message(request, messages.ERROR, _('You cannot edit this comment!'))
+        return HttpResponseRedirect(reverse('list_storage'))
+
    if request.method == "POST":
        form = StorageForm(request.POST)
        if form.is_valid():
@@ -166,7 +154,7 @@ class CommentUpdate(LoginRequiredMixin, UpdateView):

    def dispatch(self, request, *args, **kwargs):
        obj = self.get_object()
-        if not obj.created_by == request.user:
+        if not (obj.created_by == request.user or request.user.is_superuser):
            messages.add_message(request, messages.ERROR, _('You cannot edit this comment!'))
            return HttpResponseRedirect(reverse('view_recipe', args=[obj.recipe.pk]))
        return super(CommentUpdate, self).dispatch(request, *args, **kwargs)
--- a/cookbook/views/new.py
+++ b/cookbook/views/new.py
@@ -50,6 +50,12 @@ class StorageCreate(LoginRequiredMixin, CreateView):
    form_class = StorageForm
    success_url = reverse_lazy('list_storage')

+    def form_valid(self, form):
+        obj = form.save(commit=False)
+        obj.created_by = self.request.user
+        obj.save()
+        return HttpResponseRedirect(reverse('edit_storage', kwargs={'pk': obj.pk}))
+
    def get_context_data(self, **kwargs):
        context = super(StorageCreate, self).get_context_data(**kwargs)
        context['title'] = _("Storage Backend")