def others_edit_view(request, model_name, **kwargs):
perm = getattr(get_user_profile(request.user), model_name + '_permission') or request.user.is_superuser
form_class = crispy_form_factory(model=model_name_dict[model_name],
widgets=widgets_dict[model_name],
disabled=[],
exclude=[],
)
if request.method == 'GET':
edit_form = form_class(instance=get_object_or_404(model_name_dict[model_name], id=kwargs['id']))
request_context = csrf(request)
form_html = render_crispy_form(edit_form, context=request_context)
return HttpResponse(json.dumps({'form_html': form_html}))
if request.method == 'POST':
if perm:
edit_form = form_class(request.POST, instance=get_object_or_404(model_name_dict[model_name],
id=kwargs['id']))
if edit_form.is_valid():
edit_form.save()
return HttpResponse(json.dumps({'success': True}))
else:
request_context = csrf(request)
form_html = render_crispy_form(edit_form, context=request_context)
return HttpResponse(json.dumps({'success': False, 'permission': True, 'form_html': form_html}))
else:
return HttpResponse(json.dumps({'success': False, 'permission': False}))
def others_add_view(request, model_name):
# this view is for non-leveled model
perm = getattr(get_user_profile(request.user), model_name + '_permission') or request.user.is_superuser
form_class = crispy_form_factory(model=model_name_dict[model_name],
widgets=widgets_dict[model_name],
disabled=[],
exclude=[],
)
if request.method == 'GET':
add_form = form_class()
request_context = csrf(request)
form_html = render_crispy_form(add_form, context=request_context)
return HttpResponse(json.dumps({'form_html': form_html}))
if request.method == 'POST':
if perm:
add_form = form_class(request.POST)
if add_form.is_valid():
add_form.save()
return HttpResponse(json.dumps({'success': True}))
else:
request_context = csrf(request)
form_html = render_crispy_form(add_form, context=request_context)
return HttpResponse(json.dumps({'success': False, 'permission': True, 'form_html': form_html}))
else:
return HttpResponse(json.dumps({'success': False, 'permission': False}))
def schedule_view(request, **kwargs):
objs_and_perm = get_objs_and_perm(request.user, **kwargs)
profile = get_user_profile(request.user)
if objs_and_perm['perm']:
query_set = Schedule.objects.filter(program=objs_and_perm['program'])
else:
query_set = profile.schedule_permission.filter(program=objs_and_perm['program'])
context = update_context(query_set, objs_and_perm['perm'], **kwargs)
return render(request, "records_schedule.html", context)
def program_view(request, **kwargs):
objs_and_perm = get_objs_and_perm(request.user, **kwargs)
profile = get_user_profile(request.user)
if objs_and_perm['perm']:
query_set = Program.objects.filter(zone=objs_and_perm['zone'])
else:
query_set = Program.objects.filter(
Q(id__in=profile.program_permission.filter(zone=objs_and_perm['zone']).values('id')) |
Q(schedule__in=profile.schedule_permission.filter(program__zone=objs_and_perm['zone']))
).distinct()
context = update_context(query_set, objs_and_perm['perm'], **kwargs)
return render(request, "records_program.html", context)
def get_objs_and_perm(user, **kwargs):
# this function is to find the users permission for current page
# given following record architecture
# zone1-program1-schedule1
# if a user has permission of program1 he will be able to see zone1 in zone page,
# he is also able to see program1 in program page, however he doesnt have permission to edit zone1 or program1
# but he is able to edit schedule1 in schedule page,
# if zone1 has another program called program2, he is not able to see it.
res_map = {}
perm = user.is_superuser
profile = get_user_profile(user)
# depending the page user is requesting, we will have a list of obj as argument
if 'zone_name' in kwargs:
# user is requesting program page
zone_name = unquote(kwargs['zone_name'])
zone = Zone.objects.get(name=zone_name)
perm = perm or profile.zone_permission.filter(id=zone.id).exists()
res_map.update({'zone': zone})
if 'program_name' in kwargs:
# user is requesting schedule page
program_name = unquote(kwargs['program_name'])
program = Program.objects.get(name=program_name, zone=zone)
perm = perm or profile.program_permission.filter(id=program.id).exists()
res_map.update({'program': program})
if 'session_name' in kwargs:
# user is requesting enrollment page or canceled_date page
session_name = unquote(kwargs['session_name'])
schedule = Schedule.objects.get(program=program, session__name=session_name)
perm = perm or profile.schedule_permission.filter(id=schedule.id).exists()
res_map.update({'schedule': schedule})
if 'student_id' in kwargs:
student_id = kwargs['student_id']
enrollment = get_object_or_404(Enrollment, schedule=schedule, student__id=student_id)
res_map.update({'enrollment': enrollment})
if 'canceled_date' in kwargs:
canceled_date = kwargs['canceled_date']
canceled_date = get_object_or_404(CanceledDate, schedule=schedule, date=canceled_date)
res_map.update({'canceled_date': canceled_date})
# we return a dict of objects representing this page. i.e. user is requesting a schedule page,
# we will return the zone and program of these schedules we are about to show
res_map.update({'perm': perm})
return res_map
def others_delete_view(request, model_name, **kwargs):
perm = getattr(get_user_profile(request.user), model_name + '_permission') or request.user.is_superuser
obj = get_object_or_404(model_name_dict[model_name], id=kwargs['id'])
if request.method == 'GET':
delete_form = DeleteForm()
request_context = csrf(request)
form_html = render_crispy_form(delete_form, context=request_context)
return HttpResponse(json.dumps({'form_html': "<p>You are going to delete following record: <strong>" +
str(obj) + "</strong></p>" + form_html}))
if request.method == 'POST':
if perm:
delete_form = DeleteForm(request.POST)
if delete_form.is_valid():
obj.delete()
return HttpResponse(json.dumps({'success': True, 'permission': True}))
else:
return HttpResponse(json.dumps({'success': False, 'permission': False}))
def partner_view(request, **kwargs):
profile = get_user_profile(request.user)
perm = profile.partner_permission or request.user.is_superuser
query_set = Partner.objects.all()
return render(request, "records_partner.html", {'perm': perm, 'query_set': query_set})
