2025-summer/team-3
12
Fork 0
Code Issues Pull requests Projects Releases Activity

delete access permissions… permissions

Browse source
This commit is contained in:
Laura Klünder 2017-12-19 12:17:48 +01:00
parent b41bc22047
commit 8900a70d2a
2 changed files with 23 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

14
src/c3nav/control/templates/control/user.html
View file

@ -30,18 +30,24 @@
<table> <table>
<tr> <tr>
<th>{% trans 'Access Restriction' %}</th> <th>{% trans 'Access Restriction' %}</th>
<th>{% trans 'author' %}</th>
<th>{% trans 'expires' %}</th> <th>{% trans 'expires' %}</th>
<th>{% trans 'can grant' %}</th> <th>{% trans 'can grant' %}</th>
{% if request.user_permissions.grant_all_access %} <th>{% trans 'key' %}</th>
<th></th> <th></th>
{% endif %}
</tr> </tr>
{% for access_permission in user.accesspermissions.all %} {% for access_permission in user.accesspermissions.all %}
<tr> <tr>
<td>{{ access_permission.access_restriction.title }}</td> <td>{{ access_permission.access_restriction.title }}</td>
<td>
{% if access_permission.author %}
<a href="{% url 'control.users.detail' user=access_permission.author_id %}">{{ access_permission.author.username }}</a>
{% endif %}
</td>
<td>{% if access_permission.expire_date %}{{ access_permission.expire_date }}{% else %}{% trans 'never' %}{% endif %}</td> <td>{% if access_permission.expire_date %}{{ access_permission.expire_date }}{% else %}{% trans 'never' %}{% endif %}</td>
<td>{% if access_permission.can_grant %}{% trans 'Yes' %}{% else %}{% trans 'No' %}{% endif %}</td> <td>{% if access_permission.can_grant %}{% trans 'Yes' %}{% else %}{% trans 'No' %}{% endif %}</td>
{% if request.user_permissions.grant_all_access %} <td>{{ access_permission. }}{% if access_permission.can_grant %}{% trans 'Yes' %}{% else %}{% trans 'No' %}{% endif %}</td>
{% if request.user_permissions.grant_all_access or request.user == access_permission.author %}
<td class="button-cell"><button type="submit" name="delete_access_permission" value="{{ access_permission.pk }}">{% trans 'Delete' %}</button></td> <td class="button-cell"><button type="submit" name="delete_access_permission" value="{{ access_permission.pk }}">{% trans 'Delete' %}</button></td>
{% endif %} {% endif %}
</tr> </tr>

22
src/c3nav/control/views.py
View file

@ -56,21 +56,25 @@ def user_detail(request, user):
qs = User.objects.select_related( qs = User.objects.select_related(
'permissions', 'permissions',
).prefetch_related( ).prefetch_related(
Prefetch('accesspermissions', AccessPermission.objects.select_related('access_restriction')) Prefetch('accesspermissions', AccessPermission.objects.select_related('access_restriction', 'author'))
) )
user = get_object_or_404(qs, pk=user) user = get_object_or_404(qs, pk=user)
if request.method == 'POST': if request.method == 'POST':
delete_access_permission = request.POST.get('delete_access_permission') delete_access_permission = request.POST.get('delete_access_permission')
if delete_access_permission: if delete_access_permission:
try: with transaction.atomic():
permission = AccessPermission.objects.get(pk=delete_access_permission) try:
except AccessPermission.DoesNotExist: permission = AccessPermission.objects.select_for_update().get(pk=delete_access_permission)
messages.error(request, _('Unknown access permission.')) except AccessPermission.DoesNotExist:
else: messages.error(request, _('Unknown access permission.'))
permission.delete() else:
messages.success(request, _('Access Permission successfully deleted.')) if request.user_permissions.can_grant or permission.author_id == request.user.pk:
return redirect(request.path_info) permission.delete()
messages.success(request, _('Access Permission successfully deleted.'))
else:
messages.error(request, _('You cannot delete this Access Permission.'))
return redirect(request.path_info)
ctx = { ctx = {
'user': user, 'user': user,