diff --git a/content/views.py b/content/views.py index 601a2e7..703c8ee 100644 --- a/content/views.py +++ b/content/views.py @@ -1,6 +1,7 @@ from django.views import generic from django.urls import reverse, reverse_lazy from django.shortcuts import get_object_or_404 +from django.contrib.auth.mixins import PermissionRequiredMixin, LoginRequiredMixin from .models import Content, Category @@ -24,11 +25,12 @@ class ContentCategoryList(generic.ListView): return context -class CreateCategory(generic.CreateView): +class CreateCategory(PermissionRequiredMixin, generic.CreateView): """Création de catégorie.""" model = Category fields = '__all__' template_name = "edit.html" + permission_required = 'content.add_category' def get_context_data(self, **kwargs): context = super(generic.CreateView, self).get_context_data(**kwargs) @@ -36,25 +38,27 @@ class CreateCategory(generic.CreateView): return context -class DeleteCategory(generic.DeleteView): +class DeleteCategory(PermissionRequiredMixin, generic.DeleteView): """Suppression de catégorie""" model = Category success_url = reverse_lazy('settings:index') template_name = "confirm_delete.html" + permission_required = 'content.del_category' -class EditCategory(generic.UpdateView): +class EditCategory(PermissionRequiredMixin, generic.UpdateView): """Édition de catégorie.""" model = Category fields = '__all__' template_name = "edit.html" + permission_required = 'content.change_category' def get_context_data(self, **kwargs): context = super(generic.UpdateView, self).get_context_data(**kwargs) context['title'] = "Édition de " + self.object.name return context -class CreateContent(generic.CreateView): +class CreateContent(PermissionRequiredMixin, generic.CreateView): """Création de contenu.""" model = Content fields = [ @@ -68,6 +72,9 @@ class CreateContent(generic.CreateView): 'validate' : 'Envoyer' } + def has_permission(self): + return self.request.user.has_perm('users.manage_'+str(self.request.user.userprofile.school.group.pk)) + def get_success_url(self): return self.object.school_owner.get_absolute_url() @@ -77,7 +84,7 @@ class CreateContent(generic.CreateView): return r -class DeleteContent(generic.DeleteView): +class DeleteContent(PermissionRequiredMixin, generic.DeleteView): """Suppression de contenu""" model = Content template_name = "confirm_delete.html" @@ -85,8 +92,12 @@ class DeleteContent(generic.DeleteView): def get_success_url(self): return self.object.school_owner.get_absolute_url() + def has_permission(self): + school = get_object_or_404(Content, pk=self.kwargs['pk']).school_owner + return self.request.user.has_perm('users.manage_'+str(school.group.pk)) -class EditContent(generic.UpdateView): + +class EditContent(PermissionRequiredMixin, generic.UpdateView): """Édition d'un contenu""" model = Content template_name = "edit.html" @@ -104,3 +115,6 @@ class EditContent(generic.UpdateView): def get_success_url(self): return self.object.school_owner.get_absolute_url() + def has_permission(self): + school = get_object_or_404(Content, pk=self.kwargs['pk']).school_owner + return self.request.user.has_perm('users.manage_'+str(school.group.pk))