Basic user permissions for user editing

2024-11-21 21:53:30 +00:00 · 2015-11-19 16:28:49 +01:00 · 2015-11-19 16:28:49 +01:00 · 7a65215bb5
commit 7a65215bb5
parent d3896ad676
6 changed files with 89 additions and 8 deletions
--- a/core/migrations/0002_auto_20151119_1533.py
+++ b/core/migrations/0002_auto_20151119_1533.py
@ -0,0 +1,33 @@
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Page',
+            fields=[
+                ('id', models.AutoField(serialize=False, primary_key=True, auto_created=True, verbose_name='ID')),
+                ('name', models.CharField(max_length=30, verbose_name='page name')),
+                ('full_name', models.CharField(max_length=255, verbose_name='full name')),
+                ('content', models.TextField(blank=True, verbose_name='page content')),
+                ('revision', models.PositiveIntegerField(default=1, verbose_name='current revision')),
+                ('is_locked', models.BooleanField(default=False, verbose_name='page mutex')),
+            ],
+            options={
+                'permissions': (('can_edit', 'Can edit the page'), ('can_view', 'Can view the page')),
+            },
+        ),
+        migrations.AlterField(
+            model_name='user',
+            name='date_of_birth',
+            field=models.DateTimeField(default='1970-01-01T00:00:00+01:00', verbose_name='date of birth'),
+        ),
+    ]
--- a/core/models.py
+++ b/core/models.py
@ -105,7 +105,19 @@ class User(AbstractBaseUser, PermissionsMixin):
        self.username = user_name
        return user_name

-class Page:
-    pass
+class Page(models.Model):
+    name = models.CharField(_('page name'), max_length=30, blank=False)
+    full_name = models.CharField(_("full name"), max_length=255, blank=False)
+    content = models.TextField(_("page content"), blank=True)
+    revision = models.PositiveIntegerField(_("current revision"), default=1)
+    is_locked = models.BooleanField(_("page mutex"), default=False)

+    class Meta:
+        permissions = (
+            ("can_edit", "Can edit the page"),
+            ("can_view", "Can view the page"),
+        )
+
+    def __str__(self):
+        return self.full_name

--- a/core/templates/core/base.html
+++ b/core/templates/core/base.html
@ -8,11 +8,12 @@
 <body>
    <header>
        {% block header %}
-        {% if user %}Hello, {{ user.username }}!{% endif %}
+        {% if user.is_authenticated %}Hello, {{ user.username }}!{% endif %}
        <ul>
            <li><a href="{% url 'core:register' %}">Register</a></li>
            <li><a href="{% url 'core:login' %}">Login</a></li>
            <li><a href="{% url 'core:logout' %}">Logout</a></li>
+            <li><a href="{% url 'core:user_list' %}">Users</a></li>
        </ul>
        {% endblock %}
    </header>
--- a/core/templates/core/edit_user.html
+++ b/core/templates/core/edit_user.html
@ -0,0 +1,15 @@
+{% extends "core/base.html" %}
+
+{% block title %}
+{% if profile %}
+Edit {{ profile.get_display_name }}
+{% endif %}
+{% endblock %}
+
+{% block content %}
+{% if profile %}
+<h3>Edit user</h3>
+<p><a href="{% url 'core:user_profile' profile.id %}">Back to profile</a></p>
+<p>You're editing the profile of <strong>{{ profile.get_display_name }}</strong></p>
+{% endif %}
+{% endblock %}
--- a/core/templates/core/user.html
+++ b/core/templates/core/user.html
@ -13,6 +13,9 @@ User list
 {% if profile %}
 <h3>User Profile</h3>
 <p><a href="{% url 'core:user_list' %}">Back to list</a></p>
+{% if user.is_superuser or user.id == profile.id %}
+<p><a href="{% url 'core:user_edit' profile.id %}">Edit</a></p>
+{% endif %}
 <p>You're seeing the profile of <strong>{{ profile.get_display_name }}</strong></p>
 {% endif %}

--- a/core/views.py
+++ b/core/views.py
@ -40,6 +40,11 @@ def register(request):
    return render(request, "core/register.html", context)

 def login(request):
+    """
+    The login view
+
+    Needs to be improve with correct handling of form exceptions
+    """
    context = {'title': 'Login'}
    if request.method == 'POST':
        try:
@ -57,15 +62,27 @@ def login(request):
    return render(request, "core/login.html", context)

 def logout(request):
+    """
+    The logout view:w
+    """
    auth_logout(request)
    return redirect('core:index')

 def user(request, user_id=None):
+    context = {'title': 'View a user'}
    if user_id == None:
-        return render(request, "core/user.html", {'user_list': User.objects.all})
-    user = get_object_or_404(User, pk=user_id)
-    return render(request, "core/user.html", {'profile': user})
+        context['user_list'] = User.objects.all
+        return render(request, "core/user.html", context)
+    context['profile'] = get_object_or_404(User, pk=user_id)
+    return render(request, "core/user.html", context)

-def user_edit(request, user_id):
-    pass
+def user_edit(request, user_id=None):
+    user_id = int(user_id)
+    context = {'title': 'Edit a user'}
+    if user_id is not None:
+        user_id = int(user_id)
+        if request.user.is_authenticated() and (request.user.pk == user_id or request.user.is_superuser):
+            context['profile'] = get_object_or_404(User, pk=user_id)
+            return render(request, "core/edit_user.html", context)
+    return user(request, user_id)