storage permission

cookbook/migrations/0004_storage_created_by.py

@@ -0,0 +1,22 @@
+# Generated by Django 3.0 on 2019-12-09 10:30
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('cookbook', '0003_enable_pgtrm'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='storage',
+            name='created_by',
+            field=models.ForeignKey(default=1, on_delete=django.db.models.deletion.PROTECT, to=settings.AUTH_USER_MODEL),
+            preserve_default=False,
+        ),
+    ]

cookbook/models.py

@@ -13,6 +13,7 @@ class Storage(models.Model):
     password = models.CharField(max_length=128, blank=True, null=True)
     token = models.CharField(max_length=512, blank=True, null=True)
     url = models.URLField(blank=True, null=True)
+    created_by = models.ForeignKey(User, on_delete=models.PROTECT)
 
     def __str__(self):
         return self.name

cookbook/views/edit.py

@@ -107,26 +107,14 @@ class KeywordUpdate(LoginRequiredMixin, UpdateView):
         return context
 
 
-class StorageUpdate(LoginRequiredMixin, UpdateView):
-    template_name = "generic/edit_template.html"
-    model = Storage
-    form_class = StorageForm
-
-    # TODO add msg box
-
-    def get_success_url(self):
-        return reverse('edit_storage', kwargs={'pk': self.object.pk})
-
-    def get_context_data(self, **kwargs):
-        context = super(StorageUpdate, self).get_context_data(**kwargs)
-        context['title'] = _("Storage Backend")
-        return context
-
-
 @login_required
 def edit_storage(request, pk):
     instance = get_object_or_404(Storage, pk=pk)
 
+    if not (instance.created_by == request.user or request.user.is_superuser):
+        messages.add_message(request, messages.ERROR, _('You cannot edit this comment!'))
+        return HttpResponseRedirect(reverse('list_storage'))
+
     if request.method == "POST":
         form = StorageForm(request.POST)
         if form.is_valid():
@@ -166,7 +154,7 @@ class CommentUpdate(LoginRequiredMixin, UpdateView):
 
     def dispatch(self, request, *args, **kwargs):
         obj = self.get_object()
-        if not obj.created_by == request.user:
+        if not (obj.created_by == request.user or request.user.is_superuser):
             messages.add_message(request, messages.ERROR, _('You cannot edit this comment!'))
             return HttpResponseRedirect(reverse('view_recipe', args=[obj.recipe.pk]))
         return super(CommentUpdate, self).dispatch(request, *args, **kwargs)

cookbook/views/new.py

@@ -50,6 +50,12 @@ class StorageCreate(LoginRequiredMixin, CreateView):
     form_class = StorageForm
     success_url = reverse_lazy('list_storage')
 
+    def form_valid(self, form):
+        obj = form.save(commit=False)
+        obj.created_by = self.request.user
+        obj.save()
+        return HttpResponseRedirect(reverse('edit_storage', kwargs={'pk': obj.pk}))
+
     def get_context_data(self, **kwargs):
         context = super(StorageCreate, self).get_context_data(**kwargs)
         context['title'] = _("Storage Backend")