def post(self, request, *args, **kwargs): user = self.request.user form = UpdateForm(self.request.POST) if not form.is_valid(): return render_to_response('403.html', {}, context_instance=RequestContext(request)) requests_to_modify = form.cleaned_data['requests_to_modify'] for obj in requests_to_modify: can_edit = user.has_perm(Request.get_permission_name('edit'), obj) if not can_edit: # Chicanery? return render_to_response( '403.html', {}, context_instance=RequestContext(request)) if form.cleaned_data['newduedate']: obj.due_date = form.cleaned_data['newduedate'] if form.cleaned_data['newsubject']: obj.title = form.cleaned_data['newsubject'] if form.cleaned_data['newupdateddate']: obj.date_updated = form.cleaned_data['newupdateddate'] if form.cleaned_data['newfulfilleddate']: obj.date_fulfilled = form.cleaned_data['newfulfilleddate'] if form.cleaned_data['newstatus']: #allow requests to be set even if they aren't sent because not all requests can be emailed obj.set_status(form.cleaned_data['newstatus']) if obj.status != 'F' and obj.status != 'P': obj.date_fulfilled = None elif obj.status == 'F' or obj.status == 'P' and form.cleaned_data[ 'newfulfilleddate']: obj.date_fulfilled = form.cleaned_data['newfulfilleddate'] elif obj.status == 'F' or obj.status == 'P' and not form.cleaned_data[ 'newfulfilleddate']: obj.date_fulfilled = datetime.now(tz=pytz.utc) else: obj.date_fulfilled = None if form.cleaned_data['addgroups']: editperm = Request.get_permissions_path('edit') viewperm = Request.get_permissions_path('view') for group in form.cleaned_data['addgroups']: assign_perm(editperm, group, obj) assign_perm(viewperm, group, obj) if form.cleaned_data['removegroups']: for group in form.cleaned_data['removegroups']: # Can't remove the author of the request if group.name != obj.author.username: remove_perm('edit_this_request', group, obj) action = form.cleaned_data['action'] if action == "Make Public": obj.private = False if action == "Make Private": obj.private = True obj.save() return self.get(request, *args, **kwargs)
def post(self, request, *args, **kwargs): user = self.request.user form = UpdateForm(self.request.POST) if not form.is_valid(): return render_to_response('403.html', {}, context_instance=RequestContext(request)) requests_to_modify = form.cleaned_data['requests_to_modify'] for obj in requests_to_modify: can_edit = user.has_perm(Request.get_permission_name('edit'), obj) if not can_edit: # Chicanery? return render_to_response('403.html', {}, context_instance=RequestContext(request)) if form.cleaned_data['newduedate']: obj.due_date = form.cleaned_data['newduedate'] if form.cleaned_data['newsubject']: obj.title = form.cleaned_data['newsubject'] if form.cleaned_data['newupdateddate']: obj.date_updated = form.cleaned_data['newupdateddate'] if form.cleaned_data['newfulfilleddate']: obj.date_fulfilled = form.cleaned_data['newfulfilleddate'] if form.cleaned_data['newstatus']: #allow requests to be set even if they aren't sent because not all requests can be emailed obj.set_status(form.cleaned_data['newstatus']) if obj.status != 'F' and obj.status != 'P': obj.date_fulfilled = None elif obj.status == 'F' or obj.status == 'P' and form.cleaned_data['newfulfilleddate']: obj.date_fulfilled = form.cleaned_data['newfulfilleddate'] elif obj.status == 'F' or obj.status == 'P' and not form.cleaned_data['newfulfilleddate']: obj.date_fulfilled = datetime.now(tz=pytz.utc) else: obj.date_fulfilled = None if form.cleaned_data['addgroups']: editperm = Request.get_permissions_path('edit') viewperm = Request.get_permissions_path('view') for group in form.cleaned_data['addgroups']: assign_perm(editperm, group, obj) assign_perm(viewperm, group, obj) if form.cleaned_data['removegroups']: for group in form.cleaned_data['removegroups']: # Can't remove the author of the request if group.name != obj.author.username: remove_perm('edit_this_request', group, obj) action = form.cleaned_data['action'] if action == "Make Public": obj.private = False if action == "Make Private": obj.private = True obj.save() return self.get(request, *args, **kwargs)
def apply_filters(self, request, applicable_filters): filters = applicable_filters if 'groups__name' in filters: groups_name = filters.pop('groups__name') else: groups_name = None if 'groups__id' in filters: groups_id = filters.pop('groups__id') else: groups_id = None filtered = super(RequestResource, self).apply_filters(request, applicable_filters) group = None if groups_id: try: group = Group.objects.get(id = groups_id) except: pass if groups_name: try: group = Group.objects.get(name = groups_name) except: pass if group and request.user.has_perm(UserProfile.get_permission_name('view'), group): return get_objects_for_group(group, Request.get_permissions_path('view')).filter(~Q(status='X')) return filtered
def apply_filters(self, request, applicable_filters): filters = applicable_filters if 'groups__name' in filters: groups_name = filters.pop('groups__name') else: groups_name = None if 'groups__id' in filters: groups_id = filters.pop('groups__id') else: groups_id = None filtered = super(RequestResource, self).apply_filters(request, applicable_filters) group = None if groups_id: try: group = Group.objects.get(id=groups_id) except: pass if groups_name: try: group = Group.objects.get(name=groups_name) except: pass if group and request.user.has_perm( UserProfile.get_permission_name('view'), group): return get_objects_for_group( group, Request.get_permissions_path('view')).filter(~Q(status='X')) return filtered
def get_queryset(self, **kwargs): try: pk = self.kwargs['pk'] user = self.request.user group = user.groups.get(pk=pk) return get_objects_for_group(group, Request.get_permissions_path('view')).filter(~Q(status='X')) except Exception as e: return Request.objects.none()
def get_queryset(self, **kwargs): try: pk = self.kwargs['pk'] user = self.request.user group = user.groups.get(pk=pk) return get_objects_for_group( group, Request.get_permissions_path('view')).filter(~Q(status='X')) except Exception as e: return Request.objects.none()
def get_queryset(self): from guardian.shortcuts import get_objects_for_user queryset = get_objects_for_user(self.request.user, Request.get_permissions_path('view')) #queryset = Request.objects.for_user(self.request.user).filter(private=True).exclude(author=self.request.user).order_by('-date_added') return super(GroupRequestListView, self).filter_queryset(queryset)
def get_queryset(self): from guardian.shortcuts import get_objects_for_user queryset = get_objects_for_user(self.request.user, Request.get_permissions_path('view')) #queryset = Request.objects.for_user(self.request.user).filter(private=True).exclude(author=self.request.user).order_by('-date_added') return super(GroupRequestListView, self).filter_queryset(queryset)