Fix permissions Mixins

This commit is contained in:
Skia 2016-02-02 10:03:18 +01:00
parent 03bc0973fe
commit 6b81210ba1

View File

@ -22,7 +22,8 @@ class CanEditPropMixin(View):
""" """
def dispatch(self, request, *arg, **kwargs): def dispatch(self, request, *arg, **kwargs):
res = super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs) res = super(CanEditPropMixin, self).dispatch(request, *arg, **kwargs)
if self.object is None or self.request.user.is_owner(self.object): if ((hasattr(self, 'object') and (self.object is None or self.request.user.is_owner(self.object))) or
(hasattr(self, 'object_list') and (self.object_list is None or self.object_list is [] or self.request.user.is_owner(self.object_list[0])))):
return res return res
try: # Always unlock when 403 try: # Always unlock when 403
self.object.unset_lock() self.object.unset_lock()
@ -37,7 +38,8 @@ class CanEditMixin(View):
def dispatch(self, request, *arg, **kwargs): def dispatch(self, request, *arg, **kwargs):
# TODO: WIP: fix permissions with exceptions! # TODO: WIP: fix permissions with exceptions!
res = super(CanEditMixin, self).dispatch(request, *arg, **kwargs) res = super(CanEditMixin, self).dispatch(request, *arg, **kwargs)
if self.object is None or self.request.user.can_edit(self.object): if ((hasattr(self, 'object') and (self.object is None or self.request.user.can_edit(self.object))) or
(hasattr(self, 'object_list') and (self.object_list is None or self.object_list is [] or self.request.user.can_edit(self.object_list[0])))):
return res return res
try: # Always unlock when 403 try: # Always unlock when 403
self.object.unset_lock() self.object.unset_lock()
@ -52,7 +54,8 @@ class CanViewMixin(View):
""" """
def dispatch(self, request, *arg, **kwargs): def dispatch(self, request, *arg, **kwargs):
res = super(CanViewMixin, self).dispatch(request, *arg, **kwargs) res = super(CanViewMixin, self).dispatch(request, *arg, **kwargs)
if self.object is None or self.request.user.can_view(self.object): if ((hasattr(self, 'object') and (self.object is None or self.request.user.can_view(self.object))) or
(hasattr(self, 'object_list') and (self.object_list is None or self.object_list is [] or self.request.user.can_view(self.object_list[0])))):
return res return res
try: # Always unlock when 403 try: # Always unlock when 403
self.object.unset_lock() self.object.unset_lock()