diff options
| author | Étienne Loks <etienne.loks@iggdrasil.net> | 2018-04-19 18:22:21 +0200 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@iggdrasil.net> | 2018-06-12 08:43:31 +0200 |
| commit | 8f73502c249f8b190a7638dfdd94535f987aeefc (patch) | |
| tree | bc1e1f4349a10489a489a5b52d515c196d20fda9 /ishtar_common/wizards.py | |
| parent | 149adde9e905380bfc6d633dd379be323a098dd4 (diff) | |
| download | Ishtar-8f73502c249f8b190a7638dfdd94535f987aeefc.tar.bz2 Ishtar-8f73502c249f8b190a7638dfdd94535f987aeefc.zip | |
Manage own permissions with areas for operations
Diffstat (limited to 'ishtar_common/wizards.py')
| -rw-r--r-- | ishtar_common/wizards.py | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/ishtar_common/wizards.py b/ishtar_common/wizards.py index 5f3da1130..9e77a0dda 100644 --- a/ishtar_common/wizards.py +++ b/ishtar_common/wizards.py @@ -43,7 +43,8 @@ from django.utils.safestring import mark_safe from ishtar_common import models from ishtar_common.forms import CustomForm, reverse_lazy -from ishtar_common.utils import get_all_field_names, MultiValueDict +from ishtar_common.utils import get_all_field_names, MultiValueDict, \ + put_session_message logger = logging.getLogger(__name__) @@ -69,6 +70,11 @@ def check_rights(rights=[], redirect_url='/'): request.session): kwargs['current_right'] = right return view_func(request, *args, **kwargs) + put_session_message( + request.session.session_key, + _(u"You don't have sufficient permissions to do this action."), + 'warning' + ) return HttpResponseRedirect(redirect_url) return _wrapped_view return decorator @@ -110,6 +116,8 @@ def _check_right(step, condition=True): def filter_no_fields_form(form, other_check=None): def func(self): + if not hasattr(self.request.user, 'ishtaruser'): + return False if issubclass(form, CustomForm): enabled, exc = form.check_availability_and_excluded_fields( self.request.user.ishtaruser) @@ -184,9 +192,11 @@ class Wizard(NamedUrlWizardView): self.steps = StepsHelper(self) current_object = self.get_current_object() + ishtaruser = request.user.ishtaruser \ + if hasattr(request.user, 'ishtaruser') else None # not the fisrt step and current object is not owned if self.steps and self.steps.first != step and\ - current_object and not current_object.is_own(request.user): + current_object and not current_object.is_own(ishtaruser): self.session_reset(request, self.url_name) return HttpResponseRedirect('/') # extra filter on forms @@ -206,8 +216,8 @@ class Wizard(NamedUrlWizardView): def get_prefix(self, request, *args, **kwargs): """As the class name can interfere when reused prefix with the url_name """ - return self.url_name + super(Wizard, self).get_prefix( - request, *args, **kwargs) + return self.url_name + super(Wizard, self).get_prefix(request, *args, + **kwargs) def get_wizard_name(self): """As the class name can interfere when reused, use the url_name""" |