def inner(request, group_id=None, *args, **kwargs): group = get_object_or_404( Group.objects.select_related('data'), id=group_id) perm = group.get_user_permissions(request.user) if VIEW not in perm: return HttpResponseForbidden("You are not a member of this " "group, and you cannot view it's details.") if permission not in perm: return HttpResponseForbidden("Not allowed for this action.") context_dict = {} context_dict['group'] = group context_dict['group_content_type'] = \ ContentType.objects.get_for_model(Group) context_dict['can_edit'] = EDIT in perm context_dict['can_add_members'] = ADD_MEMBERS in perm context_dict['can_edit_permissions'] = EDIT_PERMISSIONS in perm # Author of the group might not be a member. context_dict['is_member'] = \ is_group_member(group_id, request.user.id) return func(request, group, context_dict, *args, **kwargs)
def new(request, group_id=None): if group_id: group = get_object_or_404( Group.objects.select_related('data', 'data__description'), id=group_id) if not group.data: return (400, 'You can\'t edit your own private user-group (or there is some data error).') usergroup = group.data # https://code.djangoproject.com/ticket/7190 # (fixed in later versions of Django...) usergroup.hidden = bool(usergroup.hidden) perm = group.get_user_permissions(request.user) is_member = is_group_member(group.id, request.user.id) if EDIT not in perm: return (403, 'You do not have permission to edit this group\'s details.') description = usergroup.description edit = True else: group = usergroup = description = None is_member = False edit = False POST = request.POST if request.method == 'POST' else None group_form = GroupForm(POST, instance=group, prefix='x') usergroup_form = UserGroupForm(POST, instance=usergroup, prefix='y') description_form = MathContentForm(POST, instance=description, prefix='z') if request.method == 'POST': if group_form.is_valid() and usergroup_form.is_valid() \ and description_form.is_valid(): group = group_form.save() description = description_form.save(); usergroup = usergroup_form.save(commit=False) usergroup.description = description if not edit: usergroup.group = group usergroup.author = request.user # Permissions assigned to the whole group (each member). # Every group member has perm to view the group itself. ObjectPermission.objects.create(content_object=group, group=group, permission_type=VIEW) usergroup.save() return ('/usergroup/%d/' % group.id, ) else: # reset necessary instances... group = get_object_or_404(Group.objects.select_related( 'data', 'data__description'), id=group_id) return ('usergroup_new.html', { 'can_edit': True, 'group': group, 'edit': edit, 'is_member': is_member, 'new_group': not edit, 'forms': [group_form, usergroup_form, description_form], })