added permissions to views

andywar65 · Nov 28, 2022 · 8b6a52e · 8b6a52e
1 parent 249536d
commit 8b6a52e
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 22 deletions.
diff --git a/urls.py b/urls.py
@@ -23,16 +23,16 @@
 urlpatterns = [
     path("", BaseListView.as_view(), name="base_list"),
     path("<username>/", AuthorListView.as_view(), name="author_list"),
-    path(
-        _("<username>/drawing/<pk>/"),
-        DrawingDetailView.as_view(),
-        name="drawing_detail",
-    ),
     path(
         _("<username>/drawing/add/"),
         DrawingCreateView.as_view(),
         name="drawing_create",
     ),
+    path(
+        _("<username>/drawing/<pk>/"),
+        DrawingDetailView.as_view(),
+        name="drawing_detail",
+    ),
     path(
         _("<username>/drawing/<pk>/update/"),
         DrawingUpdateView.as_view(),

diff --git a/views.py b/views.py
@@ -3,7 +3,7 @@
 from django.conf import settings
 from django.contrib import messages
 from django.contrib.auth import get_user_model
-from django.contrib.auth.mixins import LoginRequiredMixin
+from django.contrib.auth.mixins import PermissionRequiredMixin
 from django.core.exceptions import PermissionDenied
 from django.http import Http404, HttpResponse
 from django.shortcuts import get_object_or_404
@@ -31,8 +31,7 @@ class HxPageTemplateMixin:
     def get_template_names(self):
         if not self.request.htmx:
             return [self.template_name.replace("htmx/", "")]
-        else:
-            return [self.template_name]
+        return [self.template_name]
 
 
 class BaseListView(HxPageTemplateMixin, ListView):
@@ -129,10 +128,11 @@ def dispatch(self, request, *args, **kwargs):
         return response
 
 
-class DrawingCreateView(LoginRequiredMixin, CreateView):
+class DrawingCreateView(PermissionRequiredMixin, CreateView):
+    permission_required = "djeocad.drawing_create"
     model = Drawing
     form_class = DrawingCreateForm
-    template_name = "djeocad/includes/drawing_create.html"
+    template_name = "djeocad/includes/add_drawing.html"
 
     def form_valid(self, form):
         form.instance.user = self.request.user
@@ -145,7 +145,8 @@ def get_success_url(self):
         )
 
 
-class DrawingUpdateView(LoginRequiredMixin, UpdateView):
+class DrawingUpdateView(PermissionRequiredMixin, UpdateView):
+    permission_required = "djeocad.change_drawing"
     model = Drawing
     form_class = DrawingCreateForm
     template_name = "djeocad/includes/drawing_update.html"
@@ -170,7 +171,9 @@ def get_success_url(self):
         )
 
 
-class DrawingDeleteView(LoginRequiredMixin, RedirectView):
+class DrawingDeleteView(PermissionRequiredMixin, RedirectView):
+    permission_required = "djeocad.delete_drawing"
+
     def setup(self, request, *args, **kwargs):
         super(DrawingDeleteView, self).setup(request, *args, **kwargs)
         if not self.request.htmx:
@@ -232,7 +235,8 @@ def dispatch(self, request, *args, **kwargs):
         return response
 
 
-class LayerCreateView(LoginRequiredMixin, CreateView):
+class LayerCreateView(PermissionRequiredMixin, CreateView):
+    permission_required = "djeocad.add_layer"
     model = Layer
     form_class = LayerCreateForm
     template_name = "djeocad/includes/layer_create.html"
@@ -269,7 +273,8 @@ def get_success_url(self):
         )
 
 
-class LayerUpdateView(LoginRequiredMixin, UpdateView):
+class LayerUpdateView(PermissionRequiredMixin, UpdateView):
+    permission_required = "djeocad.change_layer"
     model = Layer
     form_class = LayerCreateForm
     template_name = "djeocad/includes/layer_update.html"
@@ -303,7 +308,8 @@ def get_success_url(self):
         )
 
 
-class LayerDeleteInlineView(LoginRequiredMixin, TemplateView):
+class LayerDeleteInlineView(PermissionRequiredMixin, TemplateView):
+    permission_required = "djeocad.delete_layer"
     template_name = "djeocad/htmx/item_delete.html"
 
     def setup(self, request, *args, **kwargs):
@@ -315,11 +321,12 @@ def setup(self, request, *args, **kwargs):
             raise Http404(_("Can't delete layer '0'"))
         if request.user != layer.drawing.user:
             raise PermissionDenied
-        messages.error(request, _('Layer "%s" deleted') % layer.name)
         layer.delete()
+        messages.error(request, _('Layer "%s" deleted') % layer.name)
 
 
-class InsertionCreateView(LoginRequiredMixin, CreateView):
+class InsertionCreateView(PermissionRequiredMixin, CreateView):
+    permission_required = "djeocad.add_insertion"
     model = Insertion
     form_class = InsertionCreateForm
     template_name = "djeocad/includes/insertion_create.html"
@@ -360,7 +367,8 @@ def get_success_url(self):
         )
 
 
-class InsertionUpdateView(LoginRequiredMixin, UpdateView):
+class InsertionUpdateView(PermissionRequiredMixin, UpdateView):
+    permission_required = "djeocad.change_insertion"
     model = Insertion
     form_class = InsertionCreateForm
     template_name = "djeocad/includes/insertion_update.html"
@@ -385,7 +393,8 @@ def get_success_url(self):
         )
 
 
-class InsertionDeleteInlineView(LoginRequiredMixin, TemplateView):
+class InsertionDeleteInlineView(PermissionRequiredMixin, TemplateView):
+    permission_required = "djeocad.delete_insertion"
     template_name = "djeocad/htmx/item_delete.html"
 
     def setup(self, request, *args, **kwargs):
@@ -395,11 +404,12 @@ def setup(self, request, *args, **kwargs):
         insert = get_object_or_404(Insertion, id=self.kwargs["pk"])
         if request.user != insert.block.drawing.user:
             raise PermissionDenied
-        messages.error(request, _('Insertion "%d" deleted') % insert.id)
         insert.delete()
+        messages.error(request, _('Insertion "%d" deleted') % insert.id)
 
 
-class InsertionExplodeInlineView(LoginRequiredMixin, TemplateView):
+class InsertionExplodeInlineView(PermissionRequiredMixin, TemplateView):
+    permission_required = "djeocad.delete_insertion"
     template_name = "djeocad/htmx/item_delete.html"
 
     def setup(self, request, *args, **kwargs):
@@ -409,9 +419,9 @@ def setup(self, request, *args, **kwargs):
         insert = get_object_or_404(Insertion, id=self.kwargs["pk"])
         if request.user != insert.block.drawing.user:
             raise PermissionDenied
-        messages.error(request, _('Insertion "%d" exploded') % insert.id)
         insert.explode_instance()
         insert.delete()
+        messages.error(request, _('Insertion "%d" exploded') % insert.id)
 
 
 def drawing_download(request, pk):