2025-summer/team-3
12
Fork 0
Code Issues Pull requests Projects Releases Activity

respect access_restriction in editor views

Browse source
This commit is contained in:
Laura Klünder 2017-07-13 23:08:46 +02:00
parent 890225784a
commit 1a8c62956d
1 changed files with 20 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

34
src/c3nav/editor/views/edit.py
View file

@ -1,7 +1,7 @@
from contextlib import suppress from contextlib import suppress
from django.contrib import messages from django.contrib import messages
from django.core.exceptions import FieldDoesNotExist, ObjectDoesNotExist, PermissionDenied from django.core.exceptions import FieldDoesNotExist, ObjectDoesNotExist
from django.shortcuts import get_object_or_404, redirect, render from django.shortcuts import get_object_or_404, redirect, render
from django.urls import reverse from django.urls import reverse
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
@ -22,7 +22,7 @@ def child_model(model, kwargs=None, parent=None):
def main_index(request): def main_index(request):
Level = request.changeset.wrap_model('Level') Level = request.changeset.wrap_model('Level')
return render(request, 'editor/index.html', { return render(request, 'editor/index.html', {
'levels': Level.objects.filter(on_top_of__isnull=True), 'levels': Level.objects.filter(Level.q_for_request(request), on_top_of__isnull=True),
'can_edit': request.changeset.can_edit(request), 'can_edit': request.changeset.can_edit(request),
'child_models': [ 'child_models': [
child_model(request.changeset.wrap_model('LocationGroupCategory')), child_model(request.changeset.wrap_model('LocationGroupCategory')),
@ -36,10 +36,11 @@ def main_index(request):
@sidebar_view @sidebar_view
def level_detail(request, pk): def level_detail(request, pk):
Level = request.changeset.wrap_model('Level') Level = request.changeset.wrap_model('Level')
level = get_object_or_404(Level.objects.select_related('on_top_of').prefetch_related('levels_on_top'), pk=pk) qs = Level.objects.filter(Level.q_for_request(request))
level = get_object_or_404(qs.select_related('on_top_of').prefetch_related('levels_on_top'), pk=pk)
return render(request, 'editor/level.html', { return render(request, 'editor/level.html', {
'levels': Level.objects.filter(on_top_of__isnull=True), 'levels': Level.objects.filter(Level.q_for_request(request), on_top_of__isnull=True),
'level': level, 'level': level,
'level_url': 'editor.levels.detail', 'level_url': 'editor.levels.detail',
'level_as_pk': True, 'level_as_pk': True,
@ -47,7 +48,7 @@ def level_detail(request, pk):
'child_models': [child_model(request.changeset.wrap_model(model_name), kwargs={'level': pk}, parent=level) 'child_models': [child_model(request.changeset.wrap_model(model_name), kwargs={'level': pk}, parent=level)
for model_name in ('Building', 'Space', 'Door')], for model_name in ('Building', 'Space', 'Door')],
'levels_on_top': level.levels_on_top.all(), 'levels_on_top': level.levels_on_top.filter(Level.q_for_request(request)).all(),
'geometry_url': '/api/editor/geometries/?level='+str(level.primary_level_pk), 'geometry_url': '/api/editor/geometries/?level='+str(level.primary_level_pk),
}) })
@ -55,7 +56,8 @@ def level_detail(request, pk):
@sidebar_view @sidebar_view
def space_detail(request, level, pk): def space_detail(request, level, pk):
Space = request.changeset.wrap_model('Space') Space = request.changeset.wrap_model('Space')
space = get_object_or_404(Space.objects.select_related('level'), level__pk=level, pk=pk) qs = Space.objects.filter(Space.q_for_request(request))
space = get_object_or_404(qs.select_related('level'), level__pk=level, pk=pk)
return render(request, 'editor/space.html', { return render(request, 'editor/space.html', {
'level': space.level, 'level': space.level,
@ -83,6 +85,8 @@ def edit(request, pk=None, model=None, level=None, space=None, on_top_of=None, e
# Edit existing map item # Edit existing map item
kwargs = {'pk': pk} kwargs = {'pk': pk}
qs = model.objects.all() qs = model.objects.all()
if hasattr(model, 'q_for_request'):
qs = qs.filter(model.q_for_request(request))
if level is not None: if level is not None:
kwargs.update({'level__pk': level}) kwargs.update({'level__pk': level})
qs = qs.select_related('level') qs = qs.select_related('level')
@ -90,14 +94,13 @@ def edit(request, pk=None, model=None, level=None, space=None, on_top_of=None, e
kwargs.update({'space__pk': space}) kwargs.update({'space__pk': space})
qs = qs.select_related('space') qs = qs.select_related('space')
obj = get_object_or_404(qs, **kwargs) obj = get_object_or_404(qs, **kwargs)
if False: # todo can access
raise PermissionDenied
elif level is not None: elif level is not None:
level = get_object_or_404(Level, pk=level) level = get_object_or_404(Level.objects.filter(Level.q_for_request(request)), pk=level)
elif space is not None: elif space is not None:
space = get_object_or_404(Space, pk=space) space = get_object_or_404(Space.objects.filter(Space.q_for_request(request)), pk=space)
elif on_top_of is not None: elif on_top_of is not None:
on_top_of = get_object_or_404(Level.objects.filter(on_top_of__isnull=True), pk=on_top_of) on_top_of = get_object_or_404(Level.objects.filter(Level.q_for_request(request), on_top_of__isnull=True),
pk=on_top_of)
new = obj is None new = obj is None
# noinspection PyProtectedMember # noinspection PyProtectedMember
@ -272,23 +275,26 @@ def list_objects(request, model=None, level=None, space=None, explicit_edit=Fals
} }
queryset = model.objects.all().order_by('id') queryset = model.objects.all().order_by('id')
if hasattr(model, 'q_for_request'):
queryset = queryset.filter(model.q_for_request(request))
reverse_kwargs = {} reverse_kwargs = {}
if level is not None: if level is not None:
reverse_kwargs['level'] = level reverse_kwargs['level'] = level
level = get_object_or_404(Level, pk=level) level = get_object_or_404(Level, pk=level)
queryset = queryset.filter(level=level).defer('geometry') queryset = queryset.filter(Level.q_for_request(request), level=level).defer('geometry')
ctx.update({ ctx.update({
'back_url': reverse('editor.levels.detail', kwargs={'pk': level.pk}), 'back_url': reverse('editor.levels.detail', kwargs={'pk': level.pk}),
'back_title': _('back to level'), 'back_title': _('back to level'),
'levels': Level.objects.filter(on_top_of__isnull=True), 'levels': Level.objects.filter(Level.q_for_request(request), on_top_of__isnull=True),
'level': level, 'level': level,
'level_url': request.resolver_match.url_name, 'level_url': request.resolver_match.url_name,
'geometry_url': '/api/editor/geometries/?level='+str(level.primary_level_pk), 'geometry_url': '/api/editor/geometries/?level='+str(level.primary_level_pk),
}) })
elif space is not None: elif space is not None:
reverse_kwargs['space'] = space reverse_kwargs['space'] = space
space = get_object_or_404(Space.objects.select_related('level').defer('geometry'), pk=space) sub_qs = Space.objects.filter(Space.q_for_request(request)).select_related('level').defer('geometry')
space = get_object_or_404(sub_qs, pk=space)
queryset = queryset.filter(space=space).defer('geometry') queryset = queryset.filter(space=space).defer('geometry')
ctx.update({ ctx.update({
'level': space.level, 'level': space.level,