Commit 39a7ffc9 by Estók Dániel

setty: added server-side access management.

parent ea8d0946
......@@ -118,14 +118,14 @@
</div>
<div class="panel-body container-fluid" id="dragContainer">
{% for element in elementTemplateList %}
<div class="col-md-12 col-sm-4" id="elementTemplatePanel">
<div class="col-md-6 col-sm-4" id="elementTemplatePanel">
<div class="panel panel-default">
<div class="panel-heading">
<div class="row text-center">
<div class="col-xs-10 col-xs-push-1 text-center">
<div class="col-xs-8 col-xs-push-2 text-center">
<label class="no-margin">{{ element.name }}</label>
</div>
<div class="col-xs-1 col-xs-push-1 text-right">
<div class="col-xs-2 col-xs-push-2 text-left">
<button class="btn btn-primary btn-xs elementTemplateInfo" element="{{ element.id }}">
<i class="fa fa-info"></i>
</button>
......
......@@ -15,7 +15,7 @@
# You should have received a copy of the GNU General Public License along
# with CIRCLE. If not, see <http://www.gnu.org/licenses/>.
from django.contrib import messages # NOTE: ezt tettem ide
from django.contrib import messages
from django.core.exceptions import PermissionDenied
from django.core.urlresolvers import reverse, reverse_lazy
from django.db.models import Q
......@@ -41,12 +41,24 @@ class DetailView(LoginRequiredMixin, TemplateView):
template_name = "setty/index.html"
def get_context_data(self, **kwargs):
logger.debug('DetailView.get_context_data() called. User: %s',
unicode(self.request.user))
service = Service.objects.get(id=kwargs['pk'])
if self.request.user == service.user or self.request.user.is_superuser:
context = super(DetailView, self).get_context_data(**kwargs)
context['elementTemplateList'] = ElementTemplate.objects.all()
context['actualId'] = kwargs['pk']
return context
else:
raise PermissionDenied
def post(self, request, *args, **kwargs):
logger.debug('DetailView.post() called. User: %s',
unicode(self.request.user))
service = Service.objects.get(id=kwargs['pk'])
if self.request.user == service.user or self.request.user.is_superuser:
if self.request.POST.get('event') == "saveService":
data = json.loads(self.request.POST.get('data'))
service = Service.objects.get(id=kwargs['pk'])
......@@ -122,15 +134,26 @@ class DetailView(LoginRequiredMixin, TemplateView):
else:
raise PermissionDenied
else:
raise PermissionDenied
class DeleteView(LoginRequiredMixin, DeleteView):
model = Service
success_url = reverse_lazy("dashboard.index")
def post(self, request, *args, **kwargs):
logger.debug('DeleteView.post() called. User: %s',
unicode(self.request.user))
service = Service.objects.get(id=kwargs['pk'])
if self.request.user == service.user or self.request.user.is_superuser:
return super(DeleteView, self).post(request, *args, **kwargs)
else:
return PermissionDenied
class CreateView(LoginRequiredMixin, TemplateView):
class CreateView(LoginRequiredMixin, TemplateView):
def get_template_names(self):
if self.request.is_ajax():
return ['dashboard/_modal.html']
......@@ -138,6 +161,8 @@ class CreateView(LoginRequiredMixin, TemplateView):
return ['dashboard/nojs-wrapper.html']
def get_context_data(self, *args, **kwargs):
logger.debug('CreateView.get_context_data() called. User: %s',
unicode(self.request.user))
context = super(CreateView, self).get_context_data(*args, **kwargs)
context.update({
......@@ -148,6 +173,8 @@ class CreateView(LoginRequiredMixin, TemplateView):
return context
def post(self, request, *args, **kwargs):
logger.debug('CreateView.post() called. User: %s',
unicode(self.request.user))
service_name = self.request.POST.get('serviceName')
if not service_name:
......@@ -181,11 +208,15 @@ class ListView(LoginRequiredMixin, FilterMixin, SingleTableView):
}
def get_context_data(self, *args, **kwargs):
logger.debug('ListView.get_context_data() called. User: %s',
unicode(self.request.user))
context = super(ListView, self).get_context_data(*args, **kwargs)
context['search_form'] = self.search_form
return context
def get(self, *args, **kwargs):
logger.debug('ListView.get() called. User: %s',
unicode(self.request.user))
self.search_form = ServiceListSearchForm(self.request.GET)
self.search_form.full_clean()
......@@ -203,14 +234,14 @@ class ListView(LoginRequiredMixin, FilterMixin, SingleTableView):
return super(ListView, self).get(*args, **kwargs)
def get_queryset(self):
logger.debug('ListView.get _queryset() called. User: %s',
logger.debug('ListView.get_queryset() called. User: %s',
unicode(self.request.user))
qs = self.model.objects.all()
self.create_fake_get() # NOTE: ezt tettem ide
self.create_fake_get()
try:
filters, excludes = self.get_queryset_filters()
if not self.request.user.is_superuser:
filters['user'] = self.request.user # NOTE: ezt visszairtam
filters['user'] = self.request.user
qs = qs.filter(**filters).exclude(**excludes).distinct()
except ValueError:
messages.error(self.request, _("Error during filtering."))
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment