def form_valid(self, form): if self.groups is None: raise ImproperlyConfigured( "UpdateViewGroupRestriction requires 'groups' to be a list of " "group names") if not self.request.user.is_authenticated(): reason = 'User must be logged in' return responseutils.getHttpResponseForbiddenHTML( 'Update forbidden', self.request.user, reason) for g in self.groups: if not permscheck.isUserInGroup(self.request.user, g): reason = 'User must be member of group: %s' % g return responseutils.getHttpResponseForbiddenHTML( 'Update forbidden', self.request.user, reason) return super(UpdateViewGroupRestriction, self).form_valid(form)
def form_valid(self, form): comp = models.Component.objects.get(pk=self.kwargs['ref']) if not self.request.user == comp.createdby: reason = 'Only the One and Only Creator can modify his spawn' return responseutils.getHttpResponseForbiddenHTML( 'Creation forbidden', self.request.user, reason) form.instance.component = comp return super(SupportedByView, self).form_valid(form)
def delete(self, request, *args, **kwargs): """ Calls the delete() method on the fetched object and then redirects to the success URL. """ authuser = self.request.user self.object = self.get_object() if authuser.is_authenticated(): if not authuser == self.object: reason = 'You are not allowed to delete other users' return responseutils.getHttpResponseForbiddenHTML( 'User Deletion forbidden', self.request.user, reason) logout(request) else: reason = 'You must be logged in to delete your user' return responseutils.getHttpResponseForbiddenHTML( 'User Deletion forbidden', self.request.user, reason) success_url = self.get_success_url() self.object.delete() return HttpResponseRedirect(success_url)
def delete(self, request, *args, **kwargs): """ Calls the delete() method on the fetched object and then redirects to the success URL. """ self.object = self.get_object() if not self.object.createdby == self.request.user: reason = 'User must be the create of the component to delete it' return responseutils.getHttpResponseForbiddenHTML( 'Component Deletion forbidden', self.request.user, reason) success_url = self.get_success_url() self.object.delete() return HttpResponseRedirect(success_url)
def delete(self, request, *args, **kwargs): """ Calls the delete() method on the fetched object and then redirects to the success URL. """ self.object = self.get_object() if not self.object.component.createdby == self.request.user: reason = 'User must be the creator of the relation to delete it' return responseutils.getHttpResponseForbiddenHTML( 'Supported By Deletion forbidden', self.request.user, reason) # In order to get the correct URL the order is important success_url = self.get_success_url() self.object.delete() return HttpResponseRedirect(success_url)