def edit_profile(request, member_id): user = request.user member = Member.objects.get(id=member_id) if hasattr(user, "member"): current_member = user.member current_user_is_admin_for_this_member = current_member.id != member.creator_id else: current_user_is_admin_for_this_member = user_is_administrator(user) # Check if the current user is an administrator or the creator of this member or the member him/herself try: assert_user_can_edit_member(user, member) except AssertionError: return HttpResponseForbidden() # Only the administrator has permission of a full change of member attributes Form = EditMemberForm if current_user_is_admin_for_this_member: Form = EditAdminMemberForm if request.method == "POST": form = Form(request.POST, request.FILES, instance=member) if form.is_valid(): form.save() return HttpResponseRedirect(reverse("members:view_members")) else: form = Form(instance=member) replacements = {"member": member, "form": form} return render(request, "members/edit_profile.html", replacements)
def view_list(request, board_id): member = _get_user_member_or_none(request.user) board = _get_user_board(request.user, board_id) form = None recurrent_cards = WeeklyRecurrentCard.objects.none() if member: form = RecurrentCardFilterForm(request.GET, member=member, board=board) if form and form.is_valid(): recurrent_cards = form.get_recurrent_cards() else: if user_is_administrator(request.user): recurrent_cards = WeeklyRecurrentCard.objects.filter( board=board).order_by("name") elif member: recurrent_cards = member.recurrent_cards.filter( board=board).order_by("name") replacements = { "recurrent_cards": recurrent_cards, "member": member, "board": board, "form": form } return render(request, "recurrent_cards/list.html", replacements)
def get_user_team_mates(user): boards = get_user_boards(user) if user_is_administrator(user): return Member.objects.all().exclude( user=user).distinct().order_by("id") return Member.objects.filter(boards__in=boards).exclude( user=user).distinct().order_by("id")
def assert_user_can_edit_member(user, member): if user_is_administrator(user): return True if user_is_member(user): current_member = user.member # An user can edit another one if he/she is his/her creator or if is him/herself return current_member.id == member.creator_id or current_member.id == member.id raise AssertionError("You do not have permissions to edit this users")
def user_is_administrator(user): """ Template filter that checks if the user is an Parameters ---------- user: auth.User that will be checked. Returns ------- True if the user is an administrator, False otherwise. """ return auth.user_is_administrator(user)
def _get_recurrent_card(current_user, board, recurrent_card_id): try: if user_is_administrator(current_user): return WeeklyRecurrentCard.objects.get(board=board, id=recurrent_card_id) elif user_is_member(current_user): member = current_user.member return member.created_recurrent_cards.get(board=board, id=recurrent_card_id) else: raise Http404 except WeeklyRecurrentCard.DoesNotExist: raise Http404
def view(request, work_hours_package_id): member = None if user_is_member(request.user): member = request.user.member try: work_hours_package = member.work_hours_packages.get(id=work_hours_package_id) except WorkHoursPackage.DoesNotExist: raise Http404 elif user_is_administrator(request.user): work_hours_package = WorkHoursPackage.objects.get(id=work_hours_package_id) replacements = {"work_hours_package": work_hours_package, "member": member} return render(request, "work_hours_packages/view.html", replacements)
def delete(request, work_hours_package_id): member = None if user_is_member(request.user): member = request.user.member try: work_hours_package = member.created_work_hours_packages.get(id=work_hours_package_id) except WorkHoursPackage.DoesNotExist: raise Http404 elif user_is_administrator(request.user): work_hours_package = WorkHoursPackage.objects.get(id=work_hours_package_id) return model_views.delete( request, instance=work_hours_package, form_class=DeleteWorkHoursPackageForm, next_url=reverse("work_hours_packages:view_list"), template_path="work_hours_packages/delete.html", template_replacements={"member":member} )
def view_list(request): member = None form = None if user_is_member(request.user): member = request.user.member form = WorkHoursPackageFilterForm(request.GET, member=member) if form and form.is_valid(): work_hours_packages = form.get_work_hours_packages() else: if member: work_hours_packages = member.work_hours_packages.all().order_by("start_work_date", "end_work_date", "name") elif user_is_administrator(request.user): work_hours_packages = WorkHoursPackage.objects.order_by("start_work_date", "end_work_date", "name") replacements = {"work_hours_packages": work_hours_packages, "member": member, "form": form} return render(request, "work_hours_packages/list.html", replacements)
def edit(request, work_hours_package_id): member = None if user_is_member(request.user): member = request.user.member try: work_hours_package = member.created_work_hours_packages.get(id=work_hours_package_id) except WorkHoursPackage.DoesNotExist: raise Http404 elif user_is_administrator(request.user): work_hours_package = WorkHoursPackage.objects.get(id=work_hours_package_id) return model_views.edit( request, instance=work_hours_package, form_class=WorkHoursPackageForm, extra_form_parameters={"member": member}, template_path="work_hours_packages/edit.html", ok_url=reverse("work_hours_packages:view_list") )
def _get_user_board(request, board_public_access_code): if user_is_administrator(request.user): return Board.objects.get(public_access_code=board_public_access_code) return Board.objects.get(enable_public_access=True, public_access_code=board_public_access_code)
def _decorated(request, *args, **kwargs): user = request.user if user_is_administrator(user): return the_func(request, *args, **kwargs) return HttpResponseForbidden()
def user_is_administrator(user): return djanban_auth.user_is_administrator(user)