mirror of
https://gitlab.crans.org/bde/nk20
synced 2024-11-30 04:13:01 +00:00
Ensure that the user is authenticated before that it has the permission to see page
This commit is contained in:
parent
b16871d925
commit
4997a37058
@ -20,7 +20,7 @@ from .models import Activity, Entry, Guest
|
|||||||
from .tables import ActivityTable, EntryTable, GuestTable
|
from .tables import ActivityTable, EntryTable, GuestTable
|
||||||
|
|
||||||
|
|
||||||
class ActivityCreateView(LoginRequiredMixin, ProtectedCreateView):
|
class ActivityCreateView(ProtectedCreateView):
|
||||||
model = Activity
|
model = Activity
|
||||||
form_class = ActivityForm
|
form_class = ActivityForm
|
||||||
extra_context = {"title": _("Create new activity")}
|
extra_context = {"title": _("Create new activity")}
|
||||||
@ -98,7 +98,7 @@ class ActivityUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
|
|||||||
return reverse_lazy('activity:activity_detail', kwargs={"pk": self.kwargs["pk"]})
|
return reverse_lazy('activity:activity_detail', kwargs={"pk": self.kwargs["pk"]})
|
||||||
|
|
||||||
|
|
||||||
class ActivityInviteView(ProtectQuerysetMixin, LoginRequiredMixin, ProtectedCreateView):
|
class ActivityInviteView(ProtectQuerysetMixin, ProtectedCreateView):
|
||||||
model = Guest
|
model = Guest
|
||||||
form_class = GuestForm
|
form_class = GuestForm
|
||||||
template_name = "activity/activity_invite.html"
|
template_name = "activity/activity_invite.html"
|
||||||
|
@ -295,7 +295,7 @@ class ManageAuthTokens(LoginRequiredMixin, TemplateView):
|
|||||||
# ******************************* #
|
# ******************************* #
|
||||||
|
|
||||||
|
|
||||||
class ClubCreateView(ProtectQuerysetMixin, LoginRequiredMixin, ProtectedCreateView):
|
class ClubCreateView(ProtectQuerysetMixin, ProtectedCreateView):
|
||||||
"""
|
"""
|
||||||
Create Club
|
Create Club
|
||||||
"""
|
"""
|
||||||
@ -446,7 +446,7 @@ class ClubPictureUpdateView(PictureUpdateView):
|
|||||||
return reverse_lazy('member:club_detail', kwargs={'pk': self.object.id})
|
return reverse_lazy('member:club_detail', kwargs={'pk': self.object.id})
|
||||||
|
|
||||||
|
|
||||||
class ClubAddMemberView(ProtectQuerysetMixin, LoginRequiredMixin, ProtectedCreateView):
|
class ClubAddMemberView(ProtectQuerysetMixin, ProtectedCreateView):
|
||||||
"""
|
"""
|
||||||
Add a membership to a club.
|
Add a membership to a club.
|
||||||
"""
|
"""
|
||||||
|
@ -156,6 +156,10 @@ class ConsoView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
|
|||||||
table_class = HistoryTable
|
table_class = HistoryTable
|
||||||
|
|
||||||
def dispatch(self, request, *args, **kwargs):
|
def dispatch(self, request, *args, **kwargs):
|
||||||
|
# Check that the user is authenticated
|
||||||
|
if not request.user.is_authenticated:
|
||||||
|
return self.handle_no_permission()
|
||||||
|
|
||||||
templates = TransactionTemplate.objects.filter(
|
templates = TransactionTemplate.objects.filter(
|
||||||
PermissionBackend().filter_queryset(self.request.user, TransactionTemplate, "view")
|
PermissionBackend().filter_queryset(self.request.user, TransactionTemplate, "view")
|
||||||
)
|
)
|
||||||
|
@ -3,6 +3,7 @@
|
|||||||
|
|
||||||
from datetime import date
|
from datetime import date
|
||||||
|
|
||||||
|
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||||
from django.core.exceptions import PermissionDenied
|
from django.core.exceptions import PermissionDenied
|
||||||
from django.db.models import Q
|
from django.db.models import Q
|
||||||
from django.forms import HiddenInput
|
from django.forms import HiddenInput
|
||||||
@ -44,7 +45,7 @@ class ProtectQuerysetMixin:
|
|||||||
return form
|
return form
|
||||||
|
|
||||||
|
|
||||||
class ProtectedCreateView(CreateView):
|
class ProtectedCreateView(LoginRequiredMixin, CreateView):
|
||||||
"""
|
"""
|
||||||
Extends a CreateView to check is the user has the right to create a sample instance of the given Model.
|
Extends a CreateView to check is the user has the right to create a sample instance of the given Model.
|
||||||
If not, a 403 error is displayed.
|
If not, a 403 error is displayed.
|
||||||
@ -58,6 +59,10 @@ class ProtectedCreateView(CreateView):
|
|||||||
raise NotImplementedError
|
raise NotImplementedError
|
||||||
|
|
||||||
def dispatch(self, request, *args, **kwargs):
|
def dispatch(self, request, *args, **kwargs):
|
||||||
|
# Check that the user is authenticated before that he/she has the permission to access here
|
||||||
|
if not request.user.is_authenticated:
|
||||||
|
return self.handle_no_permission()
|
||||||
|
|
||||||
model_class = self.model
|
model_class = self.model
|
||||||
# noinspection PyProtectedMember
|
# noinspection PyProtectedMember
|
||||||
app_label, model_name = model_class._meta.app_label, model_class._meta.model_name.lower()
|
app_label, model_name = model_class._meta.app_label, model_class._meta.model_name.lower()
|
||||||
|
@ -29,7 +29,7 @@ from .models import Invoice, Product, Remittance, SpecialTransactionProxy, SogeC
|
|||||||
from .tables import InvoiceTable, RemittanceTable, SpecialTransactionTable, SogeCreditTable
|
from .tables import InvoiceTable, RemittanceTable, SpecialTransactionTable, SogeCreditTable
|
||||||
|
|
||||||
|
|
||||||
class InvoiceCreateView(ProtectQuerysetMixin, LoginRequiredMixin, ProtectedCreateView):
|
class InvoiceCreateView(ProtectQuerysetMixin, ProtectedCreateView):
|
||||||
"""
|
"""
|
||||||
Create Invoice
|
Create Invoice
|
||||||
"""
|
"""
|
||||||
@ -90,6 +90,10 @@ class InvoiceListView(LoginRequiredMixin, SingleTableView):
|
|||||||
extra_context = {"title": _("Invoices list")}
|
extra_context = {"title": _("Invoices list")}
|
||||||
|
|
||||||
def dispatch(self, request, *args, **kwargs):
|
def dispatch(self, request, *args, **kwargs):
|
||||||
|
# Check that the user is authenticated
|
||||||
|
if not request.user.is_authenticated:
|
||||||
|
return self.handle_no_permission()
|
||||||
|
|
||||||
sample_invoice = Invoice(
|
sample_invoice = Invoice(
|
||||||
id=0,
|
id=0,
|
||||||
object="",
|
object="",
|
||||||
@ -215,7 +219,7 @@ class InvoiceRenderView(LoginRequiredMixin, View):
|
|||||||
return response
|
return response
|
||||||
|
|
||||||
|
|
||||||
class RemittanceCreateView(ProtectQuerysetMixin, LoginRequiredMixin, ProtectedCreateView):
|
class RemittanceCreateView(ProtectQuerysetMixin, ProtectedCreateView):
|
||||||
"""
|
"""
|
||||||
Create Remittance
|
Create Remittance
|
||||||
"""
|
"""
|
||||||
@ -251,6 +255,10 @@ class RemittanceListView(LoginRequiredMixin, TemplateView):
|
|||||||
extra_context = {"title": _("Remittances list")}
|
extra_context = {"title": _("Remittances list")}
|
||||||
|
|
||||||
def dispatch(self, request, *args, **kwargs):
|
def dispatch(self, request, *args, **kwargs):
|
||||||
|
# Check that the user is authenticated
|
||||||
|
if not request.user.is_authenticated:
|
||||||
|
return self.handle_no_permission()
|
||||||
|
|
||||||
sample_remittance = Remittance(
|
sample_remittance = Remittance(
|
||||||
remittance_type_id=1,
|
remittance_type_id=1,
|
||||||
comment="",
|
comment="",
|
||||||
@ -377,6 +385,10 @@ class SogeCreditListView(LoginRequiredMixin, ProtectQuerysetMixin, SingleTableVi
|
|||||||
extra_context = {"title": _("List of credits from the Société générale")}
|
extra_context = {"title": _("List of credits from the Société générale")}
|
||||||
|
|
||||||
def dispatch(self, request, *args, **kwargs):
|
def dispatch(self, request, *args, **kwargs):
|
||||||
|
# Check that the user is authenticated
|
||||||
|
if not request.user.is_authenticated:
|
||||||
|
return self.handle_no_permission()
|
||||||
|
|
||||||
if not self.get_queryset().exists():
|
if not self.get_queryset().exists():
|
||||||
raise PermissionDenied(_("You are not able to see the treasury interface."))
|
raise PermissionDenied(_("You are not able to see the treasury interface."))
|
||||||
return super().dispatch(request, *args, **kwargs)
|
return super().dispatch(request, *args, **kwargs)
|
||||||
|
@ -67,7 +67,7 @@ class WEIListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView):
|
|||||||
return context
|
return context
|
||||||
|
|
||||||
|
|
||||||
class WEICreateView(ProtectQuerysetMixin, LoginRequiredMixin, ProtectedCreateView):
|
class WEICreateView(ProtectQuerysetMixin, ProtectedCreateView):
|
||||||
"""
|
"""
|
||||||
Create WEI
|
Create WEI
|
||||||
"""
|
"""
|
||||||
@ -286,7 +286,7 @@ class WEIUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
|
|||||||
return reverse_lazy("wei:wei_detail", kwargs={"pk": self.object.pk})
|
return reverse_lazy("wei:wei_detail", kwargs={"pk": self.object.pk})
|
||||||
|
|
||||||
|
|
||||||
class BusCreateView(ProtectQuerysetMixin, LoginRequiredMixin, ProtectedCreateView):
|
class BusCreateView(ProtectQuerysetMixin, ProtectedCreateView):
|
||||||
"""
|
"""
|
||||||
Create Bus
|
Create Bus
|
||||||
"""
|
"""
|
||||||
@ -381,7 +381,7 @@ class BusManageView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
|
|||||||
return context
|
return context
|
||||||
|
|
||||||
|
|
||||||
class BusTeamCreateView(ProtectQuerysetMixin, LoginRequiredMixin, ProtectedCreateView):
|
class BusTeamCreateView(ProtectQuerysetMixin, ProtectedCreateView):
|
||||||
"""
|
"""
|
||||||
Create BusTeam
|
Create BusTeam
|
||||||
"""
|
"""
|
||||||
@ -474,7 +474,7 @@ class BusTeamManageView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView):
|
|||||||
return context
|
return context
|
||||||
|
|
||||||
|
|
||||||
class WEIRegister1AView(ProtectQuerysetMixin, LoginRequiredMixin, ProtectedCreateView):
|
class WEIRegister1AView(ProtectQuerysetMixin, ProtectedCreateView):
|
||||||
"""
|
"""
|
||||||
Register a new user to the WEI
|
Register a new user to the WEI
|
||||||
"""
|
"""
|
||||||
@ -541,7 +541,7 @@ class WEIRegister1AView(ProtectQuerysetMixin, LoginRequiredMixin, ProtectedCreat
|
|||||||
return reverse_lazy("wei:wei_survey", kwargs={"pk": self.object.pk})
|
return reverse_lazy("wei:wei_survey", kwargs={"pk": self.object.pk})
|
||||||
|
|
||||||
|
|
||||||
class WEIRegister2AView(ProtectQuerysetMixin, LoginRequiredMixin, ProtectedCreateView):
|
class WEIRegister2AView(ProtectQuerysetMixin, ProtectedCreateView):
|
||||||
"""
|
"""
|
||||||
Register an old user to the WEI
|
Register an old user to the WEI
|
||||||
"""
|
"""
|
||||||
@ -761,7 +761,7 @@ class WEIDeleteRegistrationView(ProtectQuerysetMixin, LoginRequiredMixin, Delete
|
|||||||
return reverse_lazy('wei:wei_detail', args=(self.object.wei.pk,))
|
return reverse_lazy('wei:wei_detail', args=(self.object.wei.pk,))
|
||||||
|
|
||||||
|
|
||||||
class WEIValidateRegistrationView(ProtectQuerysetMixin, LoginRequiredMixin, ProtectedCreateView):
|
class WEIValidateRegistrationView(ProtectQuerysetMixin, ProtectedCreateView):
|
||||||
"""
|
"""
|
||||||
Validate WEI Registration
|
Validate WEI Registration
|
||||||
"""
|
"""
|
||||||
|
Loading…
Reference in New Issue
Block a user