ynerant/plateforme-corres2math
1
0
Fork 0
mirror of https://gitlab.com/animath/si/plateforme-corres2math.git synced 2024-12-05 02:06:52 +00:00
Code Issues Releases Wiki Activity

More protection on pages that require authentication

Browse Source
This commit is contained in:
Yohann D'ANELLO 2020-12-22 20:47:43 +01:00
parent 8f742b8e14
commit 205760f2e9
Signed by: ynerant
GPG Key ID: 3A75C55819C8CF85
3 changed files with 32 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/participation/tests.py
View File

@ -669,7 +669,7 @@ class TestStudentParticipation(TestCase):
def test_forbidden_access(self): def test_forbidden_access(self):
""" """
Load personnal pages and ensure that these are protected. Load personal pages and ensure that these are protected.
""" """
self.user.registration.team = self.team self.user.registration.team = self.team
self.user.registration.save() self.user.registration.save()

12
apps/participation/views.py
View File

@ -39,6 +39,8 @@ class CreateTeamView(LoginRequiredMixin, CreateView):
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
user = request.user user = request.user
if not user.is_authenticated:
return super().handle_no_permission()
registration = user.registration registration = user.registration
if not registration.participates: if not registration.participates:
raise PermissionDenied(_("You don't participate, so you can't create a team.")) raise PermissionDenied(_("You don't participate, so you can't create a team."))
@ -85,6 +87,8 @@ class JoinTeamView(LoginRequiredMixin, FormView):
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
user = request.user user = request.user
if not user.is_authenticated:
return super().handle_no_permission()
registration = user.registration registration = user.registration
if not registration.participates: if not registration.participates:
raise PermissionDenied(_("You don't participate, so you can't create a team.")) raise PermissionDenied(_("You don't participate, so you can't create a team."))
@ -265,6 +269,8 @@ class TeamUpdateView(LoginRequiredMixin, UpdateView):
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
user = request.user user = request.user
if not user.is_authenticated:
return super().handle_no_permission()
if user.registration.is_admin or user.registration.participates and \ if user.registration.is_admin or user.registration.participates and \
user.registration.team and \ user.registration.team and \
user.registration.team.pk == kwargs["pk"]: user.registration.team.pk == kwargs["pk"]:
@ -299,6 +305,8 @@ class TeamAuthorizationsView(LoginRequiredMixin, DetailView):
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
user = request.user user = request.user
if not user.is_authenticated:
return super().handle_no_permission()
if user.registration.is_admin or user.registration.participates and user.registration.team.pk == kwargs["pk"]: if user.registration.is_admin or user.registration.participates and user.registration.team.pk == kwargs["pk"]:
return super().dispatch(request, *args, **kwargs) return super().dispatch(request, *args, **kwargs)
raise PermissionDenied raise PermissionDenied
@ -377,6 +385,8 @@ class ParticipationDetailView(LoginRequiredMixin, DetailView):
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
user = request.user user = request.user
if not user.is_authenticated:
return super().handle_no_permission()
if not self.get_object().valid: if not self.get_object().valid:
raise PermissionDenied(_("The team is not validated yet.")) raise PermissionDenied(_("The team is not validated yet."))
if user.registration.is_admin or user.registration.participates \ if user.registration.is_admin or user.registration.participates \
@ -501,6 +511,8 @@ class UploadVideoView(LoginRequiredMixin, UpdateView):
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
user = request.user user = request.user
if not user.is_authenticated:
return super().handle_no_permission()
if user.registration.is_admin or user.registration.participates \ if user.registration.is_admin or user.registration.participates \
and user.registration.team.participation.pk == self.get_object().participation.pk: and user.registration.team.participation.pk == self.get_object().participation.pk:
return super().dispatch(request, *args, **kwargs) return super().dispatch(request, *args, **kwargs)

20
apps/registration/tests.py
View File

@ -11,7 +11,7 @@ from django.urls import reverse
from django.utils import timezone from django.utils import timezone
from django.utils.encoding import force_bytes from django.utils.encoding import force_bytes
from django.utils.http import urlsafe_base64_encode from django.utils.http import urlsafe_base64_encode
from participation.models import Phase from participation.models import Phase, Team
from .models import AdminRegistration, CoachRegistration, StudentRegistration from .models import AdminRegistration, CoachRegistration, StudentRegistration
@ -35,6 +35,24 @@ class TestIndexPage(TestCase):
response = self.client.get(reverse("registration:user_detail", args=(1,))) response = self.client.get(reverse("registration:user_detail", args=(1,)))
self.assertRedirects(response, reverse("login") + "?next=" + reverse("registration:user_detail", args=(1,))) self.assertRedirects(response, reverse("login") + "?next=" + reverse("registration:user_detail", args=(1,)))
Team.objects.create()
response = self.client.get(reverse("participation:team_detail", args=(1,)))
self.assertRedirects(response, reverse("login") + "?next=" + reverse("participation:team_detail", args=(1,)))
response = self.client.get(reverse("participation:update_team", args=(1,)))
self.assertRedirects(response, reverse("login") + "?next=" + reverse("participation:update_team", args=(1,)))
response = self.client.get(reverse("participation:create_team"))
self.assertRedirects(response, reverse("login") + "?next=" + reverse("participation:create_team"))
response = self.client.get(reverse("participation:join_team"))
self.assertRedirects(response, reverse("login") + "?next=" + reverse("participation:join_team"))
response = self.client.get(reverse("participation:team_authorizations", args=(1,)))
self.assertRedirects(response, reverse("login") + "?next="
+ reverse("participation:team_authorizations", args=(1,)))
response = self.client.get(reverse("participation:participation_detail", args=(1,)))
self.assertRedirects(response, reverse("login") + "?next="
+ reverse("participation:participation_detail", args=(1,)))
response = self.client.get(reverse("participation:upload_video", args=(1,)))
self.assertRedirects(response, reverse("login") + "?next=" + reverse("participation:upload_video", args=(1,)))
class TestRegistration(TestCase): class TestRegistration(TestCase):
def setUp(self) -> None: def setUp(self) -> None: