def showDismissKUser(request): print('dismiss users') if request.method == 'GET': kusers = users.models.KUser.objects.all() print('send page for get method') return render(request, 'user/show-dismiss-user.html', addUserInfoContext(request, { 'page_title': 'Dismiss', 'kusers': kusers, })) elif request.method == 'POST': success_mes = '<div class="form-success">کاربران اخراج شدند.</div>' print(request.POST) ids = json.loads(request.POST['ids']) print('ids:') print(ids) print(type(ids)) kusers = users.models.KUser.objects.filter(pk__in=ids) print(kusers) man = getRequestKUser(request) for kuser in kusers: if kuser.privilege > man.privilege: print('insufficient access') return JsonResponse({'message': '<div class="form-error">دسترسی مجاز نیست.</div>', 'success': False}) for kuser in kusers: kuser.fire() Log.log_action(request,'کاربر ' + kuser.user.username + ' اخراج شد.') return JsonResponse({'message': success_mes, 'success': True}) return None
def _wrapped_view_func(request, *args, **kwargs): if getRequestKUser(request).privilege < access: return HttpResponseForbidden('access denied.') return view_func(request, *args, **kwargs)
def _wrapped_view_func(request, *args, **kwargs): if not getRequestKUser(request).isManager: return HttpResponseForbidden('access denied.') return view_func(request, *args, **kwargs)