2025-summer/team-3
12
Fork 0
Code Issues Pull requests Projects Releases Activity

more permissions

Browse source
This commit is contained in:
Laura Klünder 2017-06-29 17:40:33 +02:00
parent 0ea8ca9920
commit 4ed3f8da89
2 changed files with 27 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

28
src/c3nav/editor/models/changeset.py
View file

@ -65,7 +65,19 @@ class ChangeSet(models.Model):
if request.user.is_authenticated: if request.user.is_authenticated:
qs = qs.filter(author=request.user) qs = qs.filter(author=request.user)
else: else:
qs = qs.filter(author__isnull=True) qs = qs.filter(author__isnull=True, session_id=request.session.session_key)
return qs
@classmethod
def qs_for_request_editable(cls, request):
"""
Returns a base QuerySet to get only changesets the current user is allowed to edit
"""
qs = cls.qs_for_request(request).filter(applied__isnull=True)
if request.user.is_authenticated:
qs = qs.filter(Q(proposed__isnull=True) | Q(assigned_to=request.user))
else:
qs = qs.filter(proposed__isnull=True)
return qs return qs
@classmethod @classmethod
@ -80,14 +92,11 @@ class ChangeSet(models.Model):
In any case, the default autor for changes added to the queryset during In any case, the default autor for changes added to the queryset during
this request will be set to the current user. this request will be set to the current user.
""" """
qs = cls.qs_for_request(request) qs = cls.qs_for_request_editable(request)
if request.session.session_key is not None: if request.session.session_key is not None:
changeset = qs.filter(session_id=request.session.session_key).first() changeset = qs.filter(session_id=request.session.session_key).first()
if changeset is not None: if changeset is not None:
if changeset.author_id is None and request.user.is_authenticated:
changeset.author = request.user
changeset.save()
return changeset return changeset
new_changeset = cls() new_changeset = cls()
@ -251,10 +260,19 @@ class ChangeSet(models.Model):
def editable(self): def editable(self):
return self.applied is None return self.applied is None
def can_see(self, request):
return self.session_id == request.session.session_key or self.author_id is request.user.pk
def can_edit(self, request): def can_edit(self, request):
return (self.editable and self.session_id == request.session.session_key and return (self.editable and self.session_id == request.session.session_key and
(self.proposed is None or self.assigned_to_id is request.user.pk)) (self.proposed is None or self.assigned_to_id is request.user.pk))
def can_propose(self, request):
return self.author_id == request.user.pk and self.proposed is None
def can_unpropose(self, request):
return self.proposed is not None and self.assigned_to_id is None and self.author_id == request.user.pk
""" """
Methods for display Methods for display
""" """

4
src/c3nav/editor/views/changes.py
View file

@ -21,6 +21,10 @@ def changeset_detail(request, pk):
changeset = request.changeset changeset = request.changeset
if str(pk) != str(request.changeset.pk): if str(pk) != str(request.changeset.pk):
changeset = get_object_or_404(ChangeSet.qs_for_request(request), pk=pk) changeset = get_object_or_404(ChangeSet.qs_for_request(request), pk=pk)
if not changeset.can_see(request):
raise Http404
can_edit = changeset.can_edit(request) can_edit = changeset.can_edit(request)
if request.method == 'POST' and can_edit: if request.method == 'POST' and can_edit: