From f22f2cbde6ab143e47ed42b6714b4a5d75f9579d Mon Sep 17 00:00:00 2001 From: klmp200 Date: Mon, 26 Sep 2016 23:56:24 +0200 Subject: [PATCH 1/3] Only club members can view counter's stats --- counter/views.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/counter/views.py b/counter/views.py index 650f0715..c77c4fd3 100644 --- a/counter/views.py +++ b/counter/views.py @@ -4,6 +4,7 @@ from django.views.generic.edit import UpdateView, CreateView, DeleteView, Proces from django.forms.models import modelform_factory from django.forms import CheckboxSelectMultiple from django.core.urlresolvers import reverse_lazy +from django.core.exceptions import PermissionDenied from django.http import HttpResponseRedirect from django.utils import timezone from django import forms @@ -723,6 +724,16 @@ class CounterStatView(DetailView): ).exclude(selling_sum=None).order_by('-selling_sum').all()[:100] return kwargs + def dispatch(self, request, *args, **kwargs): + res = super(CounterStatView, self).dispatch(request, *args, **kwargs) + # help(self.object) + if (request.user.is_root + or request.user.is_board_member + or self.object.is_owned_by(request.user) + ): + return res + raise PermissionDenied + class CashSummaryListView(CanEditPropMixin, CounterTabsMixin, ListView): """Display a list of cash summaries""" From f7722ed564a54a99f3592edf21d98ba27324bcab Mon Sep 17 00:00:00 2001 From: klmp200 Date: Tue, 27 Sep 2016 16:44:12 +0200 Subject: [PATCH 2/3] Fixed permissions on stats --- counter/views.py | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/counter/views.py b/counter/views.py index c77c4fd3..aeca06a4 100644 --- a/counter/views.py +++ b/counter/views.py @@ -695,7 +695,7 @@ class CounterActivityView(DetailView): pk_url_kwarg = "counter_id" template_name = 'counter/activity.jinja' -class CounterStatView(DetailView): +class CounterStatView(DetailView, CanEditMixin): """ Show the bar stats """ @@ -725,13 +725,15 @@ class CounterStatView(DetailView): return kwargs def dispatch(self, request, *args, **kwargs): - res = super(CounterStatView, self).dispatch(request, *args, **kwargs) - # help(self.object) - if (request.user.is_root - or request.user.is_board_member - or self.object.is_owned_by(request.user) - ): - return res + try: + return super(CounterStatView, self).dispatch(request, *args, **kwargs) + except: + try: + if (request.user.is_root + or request.user.is_board_member + or self.object.is_owned_by(request.user)): + return super(CanEditMixin, self).dispatch(request, *args, **kwargs) + except:pass raise PermissionDenied From 3c408551aa91c3d280dbbc02fe76f2439958b69a Mon Sep 17 00:00:00 2001 From: klmp200 Date: Tue, 27 Sep 2016 16:56:30 +0200 Subject: [PATCH 3/3] Remove nested exception for stats and added property on AnonymusUser --- core/models.py | 8 ++++++++ counter/views.py | 10 ++++------ 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/core/models.py b/core/models.py index 1a67237a..8e3a8899 100644 --- a/core/models.py +++ b/core/models.py @@ -423,6 +423,14 @@ class AnonymousUser(AuthAnonymousUser): def is_root(self): return False + @property + def is_board_member(self): + return False + + @property + def is_launderette_manager(self): + return False + def is_in_group(self, group_name): """ The anonymous user is only the public group diff --git a/counter/views.py b/counter/views.py index aeca06a4..69411c06 100644 --- a/counter/views.py +++ b/counter/views.py @@ -728,12 +728,10 @@ class CounterStatView(DetailView, CanEditMixin): try: return super(CounterStatView, self).dispatch(request, *args, **kwargs) except: - try: - if (request.user.is_root - or request.user.is_board_member - or self.object.is_owned_by(request.user)): - return super(CanEditMixin, self).dispatch(request, *args, **kwargs) - except:pass + if (request.user.is_root + or request.user.is_board_member + or self.object.is_owned_by(request.user)): + return super(CanEditMixin, self).dispatch(request, *args, **kwargs) raise PermissionDenied