def test_ViewerCanAlterPost(self): post = models.DiscussionPost.objects.create(author=self.viewer1, workgroup=self.wg1, title="test", body="test") self.assertTrue(perms.user_can_alter_post(self.viewer1, post)) self.assertTrue(perms.user_can_alter_post(self.manager, post)) self.assertFalse(perms.user_can_alter_post(self.viewer2, post))
def toggle_post(request,pid): post = get_object_or_404(MDR.DiscussionPost,pk=pid) if not perms.user_can_alter_post(request.user,post): raise PermissionDenied post.closed = not post.closed post.save() return HttpResponseRedirect(reverse("aristotle:discussionsPost",args=[post.pk]))
def toggle_post(request, pid): post = get_object_or_404(MDR.DiscussionPost, pk=pid) if not perms.user_can_alter_post(request.user, post): raise PermissionDenied post.closed = not post.closed post.save() return HttpResponseRedirect(reverse("aristotle:discussionsPost", args=[post.pk]))
def delete_post(request,pid): post = get_object_or_404(MDR.DiscussionPost,pk=pid) workgroup = post.workgroup if not perms.user_can_alter_post(request.user,post): raise PermissionDenied post.comments.all().delete() post.delete() return HttpResponseRedirect(reverse("aristotle:discussionsWorkgroup",args=[workgroup.pk]))
def delete_post(request, pid): post = get_object_or_404(MDR.DiscussionPost, pk=pid) workgroup = post.workgroup if not perms.user_can_alter_post(request.user, post): raise PermissionDenied post.comments.all().delete() post.delete() return HttpResponseRedirect(reverse("aristotle:discussionsWorkgroup", args=[workgroup.pk]))
def post(self, request, *args, **kwargs): post = self.get_object() form = MDRForms.discussions.EditPostForm(request.POST) # A form bound to the POST data if not perms.user_can_alter_post(request.user, post): raise PermissionDenied if form.is_valid(): # process the data in form.cleaned_data as required post.title = form.cleaned_data['title'] post.body = form.cleaned_data['body'] post.save() post.relatedItems = form.cleaned_data['relatedItems'] return HttpResponseRedirect(reverse("aristotle:discussionsPost", args=[post.pk]))
def edit_post(request,pid): post = get_object_or_404(MDR.DiscussionPost,pk=pid) if not perms.user_can_alter_post(request.user,post): raise PermissionDenied if request.method == 'POST': # If the form has been submitted... form = MDRForms.discussions.EditPostForm(request.POST) # A form bound to the POST data if form.is_valid(): # process the data in form.cleaned_data as required post.title = form.cleaned_data['title'] post.body = form.cleaned_data['body'] post.save() post.relatedItems = form.cleaned_data['relatedItems'] return HttpResponseRedirect(reverse("aristotle:discussionsPost",args=[post.pk])) else: form = MDRForms.discussions.EditPostForm(instance=post) return render(request,"aristotle_mdr/discussions/edit.html",{"form":form,'post':post})
def edit_post(request, pid): post = get_object_or_404(MDR.DiscussionPost, pk=pid) if not perms.user_can_alter_post(request.user, post): raise PermissionDenied if request.method == 'POST': # If the form has been submitted... form = MDRForms.discussions.EditPostForm(request.POST) # A form bound to the POST data if form.is_valid(): # process the data in form.cleaned_data as required post.title = form.cleaned_data['title'] post.body = form.cleaned_data['body'] post.save() post.relatedItems = form.cleaned_data['relatedItems'] return HttpResponseRedirect(reverse("aristotle:discussionsPost", args=[post.pk])) else: form = MDRForms.discussions.EditPostForm(instance=post) return render(request, "aristotle_mdr/discussions/edit.html", {"form": form, 'post': post})
def test_ViewerCanAlterPost(self): post = models.DiscussionPost(author=self.viewer1,workgroup=self.wg1,title="test",body="test") self.assertTrue(perms.user_can_alter_post(self.viewer1,post)) self.assertTrue(perms.user_can_alter_post(self.manager,post)) self.assertFalse(perms.user_can_alter_post(self.viewer2,post))
def test_user_can_alter_post(self): self.assertTrue(perms.user_can_alter_post(self.su,None))
def can_alter_post(user,post): try: return perms.user_can_alter_post(user,post) except: return False
def can_alter_post(user,post): try: return perms.user_can_alter_post(user,post) except: #pragma: no cover return False
def can_alter_post(user, post): try: return perms.user_can_alter_post(user, post) except: return False