storage permission

2019-12-09 11:34:44 +01:00 · 2019-12-09 11:34:44 +01:00 · a4a62af3d2
commit a4a62af3d2
parent 590e083b14
4 changed files with 34 additions and 17 deletions
--- a/cookbook/migrations/0004_storage_created_by.py
+++ b/cookbook/migrations/0004_storage_created_by.py
@ -0,0 +1,22 @@
+# Generated by Django 3.0 on 2019-12-09 10:30
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('cookbook', '0003_enable_pgtrm'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='storage',
+            name='created_by',
+            field=models.ForeignKey(default=1, on_delete=django.db.models.deletion.PROTECT, to=settings.AUTH_USER_MODEL),
+            preserve_default=False,
+        ),
+    ]
--- a/cookbook/models.py
+++ b/cookbook/models.py
@ -13,6 +13,7 @@ class Storage(models.Model):
    password = models.CharField(max_length=128, blank=True, null=True)
    token = models.CharField(max_length=512, blank=True, null=True)
    url = models.URLField(blank=True, null=True)
+    created_by = models.ForeignKey(User, on_delete=models.PROTECT)

    def __str__(self):
        return self.name
--- a/cookbook/views/edit.py
+++ b/cookbook/views/edit.py
@ -107,26 +107,14 @@ class KeywordUpdate(LoginRequiredMixin, UpdateView):
        return context


-class StorageUpdate(LoginRequiredMixin, UpdateView):
-    template_name = "generic/edit_template.html"
-    model = Storage
-    form_class = StorageForm
-
-    # TODO add msg box
-
-    def get_success_url(self):
-        return reverse('edit_storage', kwargs={'pk': self.object.pk})
-
-    def get_context_data(self, **kwargs):
-        context = super(StorageUpdate, self).get_context_data(**kwargs)
-        context['title'] = _("Storage Backend")
-        return context
-
-
@login_required
 def edit_storage(request, pk):
    instance = get_object_or_404(Storage, pk=pk)

+    if not (instance.created_by == request.user or request.user.is_superuser):
+        messages.add_message(request, messages.ERROR, _('You cannot edit this comment!'))
+        return HttpResponseRedirect(reverse('list_storage'))
+
    if request.method == "POST":
        form = StorageForm(request.POST)
        if form.is_valid():
@ -166,7 +154,7 @@ class CommentUpdate(LoginRequiredMixin, UpdateView):

    def dispatch(self, request, *args, **kwargs):
        obj = self.get_object()
-        if not obj.created_by == request.user:
+        if not (obj.created_by == request.user or request.user.is_superuser):
            messages.add_message(request, messages.ERROR, _('You cannot edit this comment!'))
            return HttpResponseRedirect(reverse('view_recipe', args=[obj.recipe.pk]))
        return super(CommentUpdate, self).dispatch(request, *args, **kwargs)
--- a/cookbook/views/new.py
+++ b/cookbook/views/new.py
@ -50,6 +50,12 @@ class StorageCreate(LoginRequiredMixin, CreateView):
    form_class = StorageForm
    success_url = reverse_lazy('list_storage')

+    def form_valid(self, form):
+        obj = form.save(commit=False)
+        obj.created_by = self.request.user
+        obj.save()
+        return HttpResponseRedirect(reverse('edit_storage', kwargs={'pk': obj.pk}))
+
    def get_context_data(self, **kwargs):
        context = super(StorageCreate, self).get_context_data(**kwargs)
        context['title'] = _("Storage Backend")