def edit_profile(request, member_id):
user = request.user
member = Member.objects.get(id=member_id)
if hasattr(user, "member"):
current_member = user.member
current_user_is_admin_for_this_member = current_member.id != member.creator_id
else:
current_user_is_admin_for_this_member = user_is_administrator(user)
# Check if the current user is an administrator or the creator of this member or the member him/herself
try:
assert_user_can_edit_member(user, member)
except AssertionError:
return HttpResponseForbidden()
# Only the administrator has permission of a full change of member attributes
Form = EditMemberForm
if current_user_is_admin_for_this_member:
Form = EditAdminMemberForm
if request.method == "POST":
form = Form(request.POST, request.FILES, instance=member)
if form.is_valid():
form.save()
return HttpResponseRedirect(reverse("members:view_members"))
else:
form = Form(instance=member)
replacements = {"member": member, "form": form}
return render(request, "members/edit_profile.html", replacements)
def view_list(request, board_id):
member = _get_user_member_or_none(request.user)
board = _get_user_board(request.user, board_id)
form = None
recurrent_cards = WeeklyRecurrentCard.objects.none()
if member:
form = RecurrentCardFilterForm(request.GET, member=member, board=board)
if form and form.is_valid():
recurrent_cards = form.get_recurrent_cards()
else:
if user_is_administrator(request.user):
recurrent_cards = WeeklyRecurrentCard.objects.filter(
board=board).order_by("name")
elif member:
recurrent_cards = member.recurrent_cards.filter(
board=board).order_by("name")
replacements = {
"recurrent_cards": recurrent_cards,
"member": member,
"board": board,
"form": form
}
return render(request, "recurrent_cards/list.html", replacements)
def get_user_team_mates(user):
boards = get_user_boards(user)
if user_is_administrator(user):
return Member.objects.all().exclude(
user=user).distinct().order_by("id")
return Member.objects.filter(boards__in=boards).exclude(
user=user).distinct().order_by("id")
def assert_user_can_edit_member(user, member):
if user_is_administrator(user):
return True
if user_is_member(user):
current_member = user.member
# An user can edit another one if he/she is his/her creator or if is him/herself
return current_member.id == member.creator_id or current_member.id == member.id
raise AssertionError("You do not have permissions to edit this users")
def user_is_administrator(user):
"""
Template filter that checks if the user is an
Parameters
----------
user: auth.User that will be checked.
Returns
-------
True if the user is an administrator, False otherwise.
"""
return auth.user_is_administrator(user)
def _get_recurrent_card(current_user, board, recurrent_card_id):
try:
if user_is_administrator(current_user):
return WeeklyRecurrentCard.objects.get(board=board,
id=recurrent_card_id)
elif user_is_member(current_user):
member = current_user.member
return member.created_recurrent_cards.get(board=board,
id=recurrent_card_id)
else:
raise Http404
except WeeklyRecurrentCard.DoesNotExist:
raise Http404
def view(request, work_hours_package_id):
member = None
if user_is_member(request.user):
member = request.user.member
try:
work_hours_package = member.work_hours_packages.get(id=work_hours_package_id)
except WorkHoursPackage.DoesNotExist:
raise Http404
elif user_is_administrator(request.user):
work_hours_package = WorkHoursPackage.objects.get(id=work_hours_package_id)
replacements = {"work_hours_package": work_hours_package, "member": member}
return render(request, "work_hours_packages/view.html", replacements)
def delete(request, work_hours_package_id):
member = None
if user_is_member(request.user):
member = request.user.member
try:
work_hours_package = member.created_work_hours_packages.get(id=work_hours_package_id)
except WorkHoursPackage.DoesNotExist:
raise Http404
elif user_is_administrator(request.user):
work_hours_package = WorkHoursPackage.objects.get(id=work_hours_package_id)
return model_views.delete(
request, instance=work_hours_package, form_class=DeleteWorkHoursPackageForm,
next_url=reverse("work_hours_packages:view_list"),
template_path="work_hours_packages/delete.html", template_replacements={"member":member}
)
def view_list(request):
member = None
form = None
if user_is_member(request.user):
member = request.user.member
form = WorkHoursPackageFilterForm(request.GET, member=member)
if form and form.is_valid():
work_hours_packages = form.get_work_hours_packages()
else:
if member:
work_hours_packages = member.work_hours_packages.all().order_by("start_work_date", "end_work_date", "name")
elif user_is_administrator(request.user):
work_hours_packages = WorkHoursPackage.objects.order_by("start_work_date", "end_work_date", "name")
replacements = {"work_hours_packages": work_hours_packages, "member": member, "form": form}
return render(request, "work_hours_packages/list.html", replacements)
def edit(request, work_hours_package_id):
member = None
if user_is_member(request.user):
member = request.user.member
try:
work_hours_package = member.created_work_hours_packages.get(id=work_hours_package_id)
except WorkHoursPackage.DoesNotExist:
raise Http404
elif user_is_administrator(request.user):
work_hours_package = WorkHoursPackage.objects.get(id=work_hours_package_id)
return model_views.edit(
request, instance=work_hours_package,
form_class=WorkHoursPackageForm, extra_form_parameters={"member": member},
template_path="work_hours_packages/edit.html",
ok_url=reverse("work_hours_packages:view_list")
)
def _get_user_board(request, board_public_access_code):
if user_is_administrator(request.user):
return Board.objects.get(public_access_code=board_public_access_code)
return Board.objects.get(enable_public_access=True,
public_access_code=board_public_access_code)
def _decorated(request, *args, **kwargs):
user = request.user
if user_is_administrator(user):
return the_func(request, *args, **kwargs)
return HttpResponseForbidden()
def user_is_administrator(user):
return djanban_auth.user_is_administrator(user)