Hopiu/django-authority
1
0
Fork 0
mirror of https://github.com/jazzband/django-authority.git synced 2026-03-16 22:20:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
django-authority/authority/views.py
Jannis Leidel f0948c08e9
Update render_to_response.
2020-11-26 09:49:45 +01:00

133 lines
4.1 KiB
Python
Raw Permalink Blame History

from django.shortcuts import render, get_object_or_404
from django.http import HttpResponseRedirect, HttpResponseForbidden
from django.apps import apps
from django.utils.translation import ugettext as _
from django.template import loader
from django.contrib.auth.decorators import login_required
from authority.models import Permission
from authority.forms import UserPermissionForm
from authority.templatetags.permissions import url_for_obj
def get_next(request, obj=None):
next = request.REQUEST.get("next")
if not next:
if obj and hasattr(obj, "get_absolute_url"):
next = obj.get_absolute_url()
else:
next = "/"
return next
@login_required
def add_permission(
request,
app_label,
module_name,
pk,
approved=False,
template_name="authority/permission_form.html",
extra_context=None,
form_class=UserPermissionForm,
):
codename = request.POST.get("codename", None)
try:
model = apps.get_model(app_label, module_name)
except LookupError:
return permission_denied(request)
obj = get_object_or_404(model, pk=pk)
next = get_next(request, obj)
if approved:
if not request.user.has_perm("authority.add_permission"):
return HttpResponseRedirect(
url_for_obj("authority-add-permission-request", obj)
)
view_name = "authority-add-permission"
else:
view_name = "authority-add-permission-request"
if request.method == "POST":
if codename is None:
return HttpResponseForbidden(next)
form = form_class(
data=request.POST,
obj=obj,
approved=approved,
perm=codename,
initial=dict(codename=codename),
)
if not approved:
# Limit permission request to current user
form.data["user"] = request.user
if form.is_valid():
form.save(request)
request.user.message_set.create(
message=_("You added a permission request.")
)
return HttpResponseRedirect(next)
else:
form = form_class(
obj=obj, approved=approved, perm=codename, initial=dict(codename=codename)
)
context = {
"form": form,
"form_url": url_for_obj(view_name, obj),
"next": next,
"perm": codename,
"approved": approved,
}
if extra_context:
context.update(extra_context)
return render(request, template_name, context)
@login_required
def approve_permission_request(request, permission_pk):
requested_permission = get_object_or_404(Permission, pk=permission_pk)
if request.user.has_perm("authority.approve_permission_requests"):
requested_permission.approve(request.user)
request.user.message_set.create(
message=_("You approved the permission request.")
)
next = get_next(request, requested_permission)
return HttpResponseRedirect(next)
@login_required
def delete_permission(request, permission_pk, approved):
permission = get_object_or_404(Permission, pk=permission_pk, approved=approved)
if (
request.user.has_perm("authority.delete_foreign_permissions")
or request.user == permission.creator
):
permission.delete()
if approved:
msg = _("You removed the permission.")
else:
msg = _("You removed the permission request.")
request.user.message_set.create(message=msg)
next = get_next(request)
return HttpResponseRedirect(next)
def permission_denied(request, template_name=None, extra_context=None):
"""
Default 403 handler.
Templates: `403.html`
Context:
request_path
The path of the requested URL (e.g., '/app/pages/bad_page/')
"""
if template_name is None:
template_name = ("403.html", "authority/403.html")
context = {
"request_path": request.path,
}
if extra_context:
context.update(extra_context)
return HttpResponseForbidden(
loader.render_to_string(
template_name=template_name, context=context, request=request,
)
)
Reference in a new issue View git blame Copy permalink