diff options
Diffstat (limited to 'ishtar_common')
| -rw-r--r-- | ishtar_common/models.py | 2 | ||||
| -rw-r--r-- | ishtar_common/wizards.py | 51 |
2 files changed, 51 insertions, 2 deletions
diff --git a/ishtar_common/models.py b/ishtar_common/models.py index c4dcd4c44..73e5f82b1 100644 --- a/ishtar_common/models.py +++ b/ishtar_common/models.py @@ -222,7 +222,7 @@ class OwnPerms: if not query: return False query = query & Q(pk=self.pk) - return self.objects.filter(query).count() + return self.__class__.objects.filter(query).count() @classmethod def has_item_of(cls, user): diff --git a/ishtar_common/wizards.py b/ishtar_common/wizards.py index 908a84a46..222d2a5db 100644 --- a/ishtar_common/wizards.py +++ b/ishtar_common/wizards.py @@ -18,17 +18,19 @@ # See the file COPYING for details. import datetime +# from functools import wraps from django.conf import settings from django.contrib.formtools.wizard.storage import get_storage from django.contrib.formtools.wizard.views import NamedUrlWizardView, \ - normalize_name + normalize_name, get_storage, StepsHelper from django.contrib.sites.models import Site from django.core.exceptions import ObjectDoesNotExist from django.core.files.images import ImageFile from django.core.mail import send_mail from django.db.models.fields.files import FileField from django.db.models.fields.related import ManyToManyField +from django.http import HttpResponseRedirect from django.forms import ValidationError from django.shortcuts import render_to_response from django.template import Context, RequestContext, loader @@ -49,6 +51,32 @@ class MultiValueDict(BaseMultiValueDict): return v +def check_rights(rights=[], redirect_url='/'): + """ + Decorator that checks the rights to access the view. + """ + + def decorator(view_func): + def _wrapped_view(request, *args, **kwargs): + if not rights: + return view_func(request, *args, **kwargs) + if hasattr(request.user, 'ishtaruser'): + if request.user.ishtaruser.has_right('administrator', + request.session): + kwargs['current_right'] = 'administrator' + return view_func(request, *args, **kwargs) + for right in rights: + # be careful to put the more permissive rights first + # if granted it can allow more + if request.user.ishtaruser.has_right(right, + request.session): + kwargs['current_right'] = right + return view_func(request, *args, **kwargs) + return HttpResponseRedirect(redirect_url) + return _wrapped_view + return decorator + + class Wizard(NamedUrlWizardView): model = None label = '' @@ -88,6 +116,27 @@ class Wizard(NamedUrlWizardView): cond = self._check_right(form_key, condition) self.condition_dict[form_key] = cond + def dispatch(self, request, *args, **kwargs): + self.current_right = kwargs.get('current_right', None) + + # check that the current object is really owned by the current user + if self.current_right and '_own_' in self.current_right: + # reinit default dispatch of a wizard - not clean... + self.request = request + self.session = request.session + self.prefix = self.get_prefix(*args, **kwargs) + self.storage = get_storage(self.storage_name, self.prefix, request, + getattr(self, 'file_storage', None)) + self.steps = StepsHelper(self) + + current_object = self.get_current_object() + if current_object and not current_object.is_own(request.user): + main_form_key = 'selec-' + self.url_name + self.session_reset(request, main_form_key) + return HttpResponseRedirect('/') + + return super(Wizard, self).dispatch(request, *args, **kwargs) + def get_prefix(self, *args, **kwargs): """As the class name can interfere when reused prefix with the url_name """ |