Basket: list view, better sheet, allow basket sharing (db and right management)

author: Étienne Loks <etienne.loks@iggdrasil.net> 2018-10-18 17:56:55 +0200
committer: Étienne Loks <etienne.loks@iggdrasil.net> 2018-10-24 12:06:09 +0200
commit: bef385bdb038c6f4f00ca8ba176c8f3d4ef5c5ed (patch)
tree: 1f7dcecec02273235224cbaa86f8d4dee35068ec /archaeological_finds/views.py
parent: 923bce0f14bc6ce436a44f31c6e716ef8876cb69 (diff)
download: Ishtar-bef385bdb038c6f4f00ca8ba176c8f3d4ef5c5ed.tar.bz2
Ishtar-bef385bdb038c6f4f00ca8ba176c8f3d4ef5c5ed.zip
1 files changed, 36 insertions, 18 deletions
diff --git a/archaeological_finds/views.py b/archaeological_finds/views.py
index 7855b5099..7523df145 100644
--- a/archaeological_finds/views.py
+++ b/archaeological_finds/views.py
@@ -113,6 +113,16 @@ show_findbasket = show_item(models.FindBasket, 'findbasket')
 display_findbasket = display_item(models.FindBasket,
                                   show_url='show-find/basket-')
 
+get_find_basket = get_item(
+    models.FindBasket, 'get_findbasket', 'findbasket',
+)
+
+basket_search_wizard = FindBasketSearch.as_view(
+    [('general-basket_search', FindBasketFormSelection)],
+    label=_(u"Basket search"),
+    url_name='find_basket_search',
+)
+
 
 def check_preservation_module(self):
     return get_current_profile().preservation
@@ -234,6 +244,16 @@ class NewFindBasketView(IshtarMixin, LoginRequiredMixin, CreateView):
         return HttpResponseRedirect(self.get_success_url())
 
 
+class OwnBasket(object):
+    def get_basket(self, user, pk):
+        try:
+            return models.FindBasket.objects.filter(
+                Q(user=user) | Q(shared_with=user)
+            ).get(pk=pk)
+        except models.FindBasket.DoesNotExist:
+            raise PermissionDenied
+
+
 class SelectBasketForManagement(IshtarMixin, LoginRequiredMixin, FormView):
     template_name = 'ishtar/form.html'
     form_class = SelectFindBasketForm
@@ -255,7 +275,8 @@ class SelectBasketForManagement(IshtarMixin, LoginRequiredMixin, FormView):
             form.cleaned_data['basket']))
 
 
-class SelectItemsInBasket(IshtarMixin, LoginRequiredMixin, TemplateView):
+class SelectItemsInBasket(OwnBasket, IshtarMixin, LoginRequiredMixin,
+                          TemplateView):
     template_name = 'ishtar/manage_basket.html'
     page_name = _(u"Manage basket")
 
@@ -263,11 +284,9 @@ class SelectItemsInBasket(IshtarMixin, LoginRequiredMixin, TemplateView):
         context = super(SelectItemsInBasket, self).get_context_data(
             *args, **kwargs)
         self.user = IshtarUser.objects.get(pk=self.request.user.pk)
-        try:
-            self.basket = models.FindBasket.objects.get(
-                pk=self.kwargs['pk'], user=self.user)
-        except models.FindBasket.DoesNotExist:
-            raise PermissionDenied
+        self.basket = self.get_basket(
+            user=self.user, pk=self.kwargs['pk']
+        )
         context['basket'] = self.basket
         if get_current_profile().warehouse:
             context['form'] = MultipleFindFormSelectionWarehouseModule()
@@ -296,18 +315,17 @@ class FindBasketAddItemView(IshtarMixin, LoginRequiredMixin, FormView):
         return HttpResponseRedirect(self.get_success_url(basket))
 
 
-class FindBasketListView(IshtarMixin, LoginRequiredMixin, TemplateView):
+class FindBasketListView(OwnBasket, IshtarMixin, LoginRequiredMixin,
+                         TemplateView):
     template_name = 'ishtar/basket_list.html'
 
     def get_context_data(self, *args, **kwargs):
         context = super(FindBasketListView, self).get_context_data(
             *args, **kwargs)
         self.user = IshtarUser.objects.get(pk=self.request.user.pk)
-        try:
-            self.basket = models.FindBasket.objects.get(
-                pk=self.kwargs['pk'], user=self.user)
-        except models.FindBasket.DoesNotExist:
-            raise PermissionDenied
+        self.basket = self.get_basket(
+            user=self.user, pk=self.kwargs['pk']
+        )
         context['basket'] = self.basket
         context['item_url'] = '/'.join(
             reverse(models.Find.SHOW_URL, args=[1]).split('/')[:-1])
@@ -316,7 +334,8 @@ class FindBasketListView(IshtarMixin, LoginRequiredMixin, TemplateView):
         return context
 
 
-class FindBasketDeleteItemView(IshtarMixin, LoginRequiredMixin, TemplateView):
+class FindBasketDeleteItemView(OwnBasket, IshtarMixin, LoginRequiredMixin,
+                               TemplateView):
     template_name = 'ishtar/simple_form.html'
 
     def get_success_url(self, basket):
@@ -330,11 +349,10 @@ class FindBasketDeleteItemView(IshtarMixin, LoginRequiredMixin, TemplateView):
                 pk=self.kwargs['find_pk'])
         except models.Find.DoesNotExist:
             raise PermissionDenied
-        try:
-            basket = models.FindBasket.objects.get(
-                pk=self.kwargs['basket'], user=ishtaruser)
-        except models.FindBasket.DoesNotExist:
-            raise PermissionDenied
+
+        basket = self.get_basket(
+            user=ishtaruser, pk=self.kwargs['basket']
+        )
         if not user.is_superuser and \
                 not ishtaruser.has_right('view_find') and \
                 not (ishtaruser.has_right('view_own_find')
author	Étienne Loks <etienne.loks@iggdrasil.net>	2018-10-18 17:56:55 +0200
committer	Étienne Loks <etienne.loks@iggdrasil.net>	2018-10-24 12:06:09 +0200
commit	bef385bdb038c6f4f00ca8ba176c8f3d4ef5c5ed (patch)
tree	1f7dcecec02273235224cbaa86f8d4dee35068ec /archaeological_finds/views.py
parent	923bce0f14bc6ce436a44f31c6e716ef8876cb69 (diff)
download	Ishtar-bef385bdb038c6f4f00ca8ba176c8f3d4ef5c5ed.tar.bz2 Ishtar-bef385bdb038c6f4f00ca8ba176c8f3d4ef5c5ed.zip