def add_view(self, request, form_url='', extra_context=None): """ Ensure the user is not trying to add a published or visible page if they lack the necessary permissions. """ if request.method == 'POST': lookup_perm = get_lookup_function(request.user, get_permissions()) # In evaluating permissions for status and visibility, it's not # necessary to do more than raise a 403 if the user does not have # the necessary permissions; status and visibility are disabled # client side, so if they're not what they should be, the user is # doing something suspicious. if not lookup_perm('change_status'): form = self.get_form(request)(request.POST, request.FILES) if form.is_valid(): is_published_value = get_published_status_name() if form.cleaned_data.get('status') == is_published_value: raise PermissionDenied("Can't create published pages.") if not lookup_perm('change_visibility'): form = self.get_form(request)(request.POST, request.FILES) if form.is_valid(): is_public_value = get_public_visibility_name() if form.cleaned_data.get('visibility') == is_public_value: raise PermissionDenied("Can't create public pages.") return super(PageAdmin, self).add_view(request, form_url=form_url, extra_context=extra_context )
def add_view(self, request, form_url='', extra_context=None): """ Ensure the user is not trying to add a published or visible page if they lack the necessary permissions. """ if request.method == 'POST': lookup_perm = get_lookup_function(request.user, get_permissions()) # In evaluating permissions for status and visibility, it's not # necessary to do more than raise a 403 if the user does not have # the necessary permissions; status and visibility are disabled # client side, so if they're not what they should be, the user is # doing something suspicious. if not lookup_perm('change_status'): form = self.get_form(request)(request.POST, request.FILES) if form.is_valid(): is_published_value = get_published_status_name() if form.cleaned_data.get('status') == is_published_value: raise PermissionDenied("Can't create published pages.") if not lookup_perm('change_visibility'): form = self.get_form(request)(request.POST, request.FILES) if form.is_valid(): is_public_value = get_public_visibility_name() if form.cleaned_data.get('visibility') == is_public_value: raise PermissionDenied("Can't create public pages.") return super(PageAdmin, self).add_view(request, form_url=form_url, extra_context=extra_context)
def is_visible(self): return self.visibility == get_public_visibility_name()
def private(self): """ Returns all private items.""" return self.get_query_set().exclude( visibility=get_public_visibility_name() )
def public(self): """ Returns all publicly visible items.""" return self.get_query_set().filter( visibility=get_public_visibility_name() )