mirror of
https://github.com/ae-utbm/sith.git
synced 2024-11-22 14:13:21 +00:00
Better right handling in files
This commit is contained in:
parent
1775569ecf
commit
830c15a585
@ -137,16 +137,21 @@ class User(AbstractBaseUser):
|
||||
return False
|
||||
else:
|
||||
return False
|
||||
if group_name[-6:] == settings.SITH_BOARD_SUFFIX:
|
||||
if 'club' in settings.INSTALLED_APPS:
|
||||
if group_name[-len(settings.SITH_BOARD_SUFFIX):] == settings.SITH_BOARD_SUFFIX:
|
||||
from club.models import Club
|
||||
name = group_name[:-6]
|
||||
name = group_name[:-len(settings.SITH_BOARD_SUFFIX)]
|
||||
c = Club.objects.filter(unix_name=name).first()
|
||||
mem = c.get_membership_for(self)
|
||||
if mem:
|
||||
return mem.role >= 2
|
||||
return mem.role > settings.SITH_MAXIMUM_FREE_ROLE
|
||||
return False
|
||||
else:
|
||||
if group_name[-len(settings.SITH_MEMBER_SUFFIX):] == settings.SITH_MEMBER_SUFFIX:
|
||||
from club.models import Club
|
||||
name = group_name[:-len(settings.SITH_MEMBER_SUFFIX)]
|
||||
c = Club.objects.filter(unix_name=name).first()
|
||||
mem = c.get_membership_for(self)
|
||||
if mem:
|
||||
return True
|
||||
return False
|
||||
if group_name == settings.SITH_GROUPS['root']['name'] and self.is_superuser:
|
||||
return True
|
||||
|
@ -13,6 +13,7 @@
|
||||
|
||||
<body>
|
||||
{% block header %}
|
||||
{% if not popup %}
|
||||
<div id="logo"><a href="{{ url('core:index') }}"><img src="{{ static('core/img/logo.png') }}"
|
||||
alt="{% trans %}Logo{% endtrans %}" /></a></div>
|
||||
<header>
|
||||
@ -25,8 +26,12 @@
|
||||
<a href="{{ url('core:logout') }}">{% trans %}Logout{% endtrans %}</a>
|
||||
{% endif %}
|
||||
</header>
|
||||
{% else %}
|
||||
<div id="popupheader">{{ user.get_display_name() }}</div>
|
||||
{% endif %}
|
||||
{% endblock %}
|
||||
{% block nav %}
|
||||
{% if not popup %}
|
||||
<nav>
|
||||
<a href="{{ url('core:user_list') }}">{% trans %}Users{% endtrans %}</a>
|
||||
<a href="{{ url('core:page', page_name="Index") }}">{% trans %}Wiki{% endtrans %}</a>
|
||||
@ -34,6 +39,7 @@
|
||||
<a href="{{ url('club:club_list') }}">{% trans %}Clubs{% endtrans %}</a>
|
||||
<a href="{{ url('core:page', "Services") }}">{% trans %}Services{% endtrans %}</a>
|
||||
</nav>
|
||||
{% endif %}
|
||||
{% endblock %}
|
||||
|
||||
<div id="content">
|
||||
@ -59,8 +65,7 @@
|
||||
<script src="{{ static('core/js/multiple-select.js') }}"></script>
|
||||
<script src="{{ static('core/js/script.js') }}"></script>
|
||||
<script>
|
||||
$('select').multipleSelect({
|
||||
filter: true,
|
||||
$('select:not([multiple])').multipleSelect({
|
||||
single: true,
|
||||
{% if not popup %}
|
||||
position: 'top',
|
||||
|
@ -21,20 +21,6 @@
|
||||
{% endif %}
|
||||
{% endmacro %}
|
||||
|
||||
{% block header %}
|
||||
{% if popup != "" %}
|
||||
<div id="popupheader">{{ user.get_display_name() }}</div>
|
||||
{% else %}
|
||||
{{ super() }}
|
||||
{% endif %}
|
||||
{% endblock %}
|
||||
{% block nav %}
|
||||
{% if popup != "" %}
|
||||
{% else %}
|
||||
{{ super() }}
|
||||
{% endif %}
|
||||
{% endblock %}
|
||||
|
||||
{% block content %}
|
||||
{{ print_file_name(file) }}
|
||||
|
||||
|
@ -12,11 +12,13 @@
|
||||
</h3>
|
||||
<p>{% trans %}Owner: {% endtrans %}{{ file.owner.get_display_name() }}</p>
|
||||
{% if file.is_folder %}
|
||||
{% if user.can_edit(file) %}
|
||||
<form action="" method="post" enctype="multipart/form-data">
|
||||
{% csrf_token %}
|
||||
{{ form.as_p() }}
|
||||
<p><input type="submit" value="{% trans %}Add{% endtrans %}"></p>
|
||||
</form>
|
||||
{% endif %}
|
||||
<ul>
|
||||
{% for f in file.children.order_by('-is_folder', 'name').all() %}
|
||||
<li>
|
||||
|
@ -2,11 +2,13 @@
|
||||
|
||||
{% block content %}
|
||||
{{ super() }}
|
||||
{% if user.is_in_group(settings.SITH_MAIN_BOARD_GROUP) %}
|
||||
<form action="" method="post" enctype="multipart/form-data">
|
||||
{% csrf_token %}
|
||||
{{ form.as_p() }}
|
||||
<p><input type="submit" value="{% trans %}Add{% endtrans %}"></p>
|
||||
</form>
|
||||
{% endif %}
|
||||
{% if file_list %}
|
||||
<h3>{% trans %}File list{% endtrans %}</h3>
|
||||
<ul>
|
||||
|
@ -9,7 +9,7 @@ from core.models import Group
|
||||
|
||||
def forbidden(request):
|
||||
return HttpResponseForbidden(render(request, "core/403.jinja", context={'next': request.path, 'form':
|
||||
AuthenticationForm()}))
|
||||
AuthenticationForm(), 'popup': request.resolver_match.kwargs['popup'] or ""}))
|
||||
|
||||
def not_found(request):
|
||||
return HttpResponseNotFound(render(request, "core/404.jinja"))
|
||||
|
@ -62,7 +62,7 @@ class AddFileForm(forms.Form):
|
||||
self.add_error(None, _("Error uploading file %(file_name)s: %(msg)s") %
|
||||
{'file_name': f, 'msg': str(e.message)})
|
||||
|
||||
class FileListView(CanViewMixin, ListView, FormMixin):
|
||||
class FileListView(ListView, FormMixin):
|
||||
template_name = 'core/file_list.jinja'
|
||||
context_object_name = "file_list"
|
||||
form_class = AddFileForm
|
||||
@ -75,7 +75,7 @@ class FileListView(CanViewMixin, ListView, FormMixin):
|
||||
self.object_list = self.get_queryset()
|
||||
self.form = self.get_form()
|
||||
files = request.FILES.getlist('file_field')
|
||||
if self.form.is_valid():
|
||||
if request.user.is_authenticated() and request.user.is_in_group(settings.SITH_MAIN_BOARD_GROUP) and self.form.is_valid():
|
||||
self.form.process(parent=None, owner=request.user, files=files)
|
||||
if self.form.is_valid():
|
||||
return super(FileListView, self).form_valid(self.form)
|
||||
@ -141,7 +141,7 @@ class FileEditPropView(CanEditPropMixin, UpdateView):
|
||||
kwargs['popup'] = 'popup'
|
||||
return kwargs
|
||||
|
||||
class FileView(CanEditMixin, DetailView, FormMixin):
|
||||
class FileView(CanViewMixin, DetailView, FormMixin):
|
||||
"""This class handle the upload of new files into a folder"""
|
||||
model = SithFile
|
||||
pk_url_kwarg = "file_id"
|
||||
@ -157,7 +157,7 @@ class FileView(CanEditMixin, DetailView, FormMixin):
|
||||
self.object = self.get_object()
|
||||
self.form = self.get_form()
|
||||
files = request.FILES.getlist('file_field')
|
||||
if self.form.is_valid():
|
||||
if request.user.is_authenticated() and request.user.can_edit(self.object) and self.form.is_valid():
|
||||
self.form.process(parent=self.object, owner=request.user, files=files)
|
||||
if self.form.is_valid():
|
||||
return super(FileView, self).form_valid(self.form)
|
||||
|
Loading…
Reference in New Issue
Block a user