bic/GetTogether
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add permission checks before editing teams or events, use Django messaging framework to tell the use what went wrong

Browse source
This commit is contained in:
Michael Hall 2018-01-22 17:03:25 -05:00
parent de445c0728
commit b327dcec97
2 changed files with 25 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
get_together/settings.py
View file

@ -155,6 +155,15 @@ SETTINGS_EXPORT = [
'SOCIAL_AUTH_GOOGLE_OAUTH2_KEY', 'SOCIAL_AUTH_GOOGLE_OAUTH2_KEY',
] ]
# Make django messages framework use Bootstrap's alert style classes
from django.contrib.messages import constants as messages
MESSAGE_TAGS = {
messages.INFO: 'alert-info',
messages.SUCCESS: 'alert-success',
messages.WARNING: 'alert-warning',
messages.ERROR: 'alert-danger',
}
# Keep this at the end of settings.py to allow overriding settings in local deployments # Keep this at the end of settings.py to allow overriding settings in local deployments
try: try:
from local_settings import * from local_settings import *

16
get_together/views.py
View file

@ -1,3 +1,6 @@
from django.utils.translation import ugettext_lazy as _
from django.contrib import messages
from django.shortcuts import render, redirect from django.shortcuts import render, redirect
from django.http import HttpResponse, JsonResponse from django.http import HttpResponse, JsonResponse
@ -53,6 +56,10 @@ def create_team(request, *args, **kwargs):
def edit_team(request, team_id): def edit_team(request, team_id):
team = Team.objects.get(id=team_id) team = Team.objects.get(id=team_id)
if not request.user.profile.can_edit_team(team):
messages.add_message(request, messages.WARNING, message=_('You can not make changes to this team.'))
return redirect('show-team', team_id=team.pk)
if request.method == 'GET': if request.method == 'GET':
form = TeamForm(instance=team) form = TeamForm(instance=team)
@ -98,6 +105,11 @@ def show_team(request, team_id, *args, **kwargs):
def edit_event(request, event_id): def edit_event(request, event_id):
event = Event.objects.get(id=event_id) event = Event.objects.get(id=event_id)
if not request.user.profile.can_edit_event(event):
messages.add_message(request, messages.WARNING, message=_('You can not make changes to this event.'))
return redirect(event.get_absolute_url())
if request.method == 'GET': if request.method == 'GET':
form = TeamEventForm(instance=event) form = TeamEventForm(instance=event)
@ -124,6 +136,10 @@ def edit_event(request, event_id):
def create_event(request, team_id): def create_event(request, team_id):
team = Team.objects.get(id=team_id) team = Team.objects.get(id=team_id)
if not request.user.profile.can_create_event(team):
messages.add_message(request, messages.WARNING, message=_('You can not create events for this team.'))
return redirect('show-team', team_id=team.pk)
if request.method == 'GET': if request.method == 'GET':
form = NewTeamEventForm() form = NewTeamEventForm()