Commit 7a65215b authored by Skia's avatar Skia

Basic user permissions for user editing

parent d3896ad6
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('core', '0001_initial'),
]
operations = [
migrations.CreateModel(
name='Page',
fields=[
('id', models.AutoField(serialize=False, primary_key=True, auto_created=True, verbose_name='ID')),
('name', models.CharField(max_length=30, verbose_name='page name')),
('full_name', models.CharField(max_length=255, verbose_name='full name')),
('content', models.TextField(blank=True, verbose_name='page content')),
('revision', models.PositiveIntegerField(default=1, verbose_name='current revision')),
('is_locked', models.BooleanField(default=False, verbose_name='page mutex')),
],
options={
'permissions': (('can_edit', 'Can edit the page'), ('can_view', 'Can view the page')),
},
),
migrations.AlterField(
model_name='user',
name='date_of_birth',
field=models.DateTimeField(default='1970-01-01T00:00:00+01:00', verbose_name='date of birth'),
),
]
...@@ -105,7 +105,19 @@ class User(AbstractBaseUser, PermissionsMixin): ...@@ -105,7 +105,19 @@ class User(AbstractBaseUser, PermissionsMixin):
self.username = user_name self.username = user_name
return user_name return user_name
class Page: class Page(models.Model):
pass name = models.CharField(_('page name'), max_length=30, blank=False)
full_name = models.CharField(_("full name"), max_length=255, blank=False)
content = models.TextField(_("page content"), blank=True)
revision = models.PositiveIntegerField(_("current revision"), default=1)
is_locked = models.BooleanField(_("page mutex"), default=False)
class Meta:
permissions = (
("can_edit", "Can edit the page"),
("can_view", "Can view the page"),
)
def __str__(self):
return self.full_name
...@@ -8,11 +8,12 @@ ...@@ -8,11 +8,12 @@
<body> <body>
<header> <header>
{% block header %} {% block header %}
{% if user %}Hello, {{ user.username }}!{% endif %} {% if user.is_authenticated %}Hello, {{ user.username }}!{% endif %}
<ul> <ul>
<li><a href="{% url 'core:register' %}">Register</a></li> <li><a href="{% url 'core:register' %}">Register</a></li>
<li><a href="{% url 'core:login' %}">Login</a></li> <li><a href="{% url 'core:login' %}">Login</a></li>
<li><a href="{% url 'core:logout' %}">Logout</a></li> <li><a href="{% url 'core:logout' %}">Logout</a></li>
<li><a href="{% url 'core:user_list' %}">Users</a></li>
</ul> </ul>
{% endblock %} {% endblock %}
</header> </header>
......
{% extends "core/base.html" %}
{% block title %}
{% if profile %}
Edit {{ profile.get_display_name }}
{% endif %}
{% endblock %}
{% block content %}
{% if profile %}
<h3>Edit user</h3>
<p><a href="{% url 'core:user_profile' profile.id %}">Back to profile</a></p>
<p>You're editing the profile of <strong>{{ profile.get_display_name }}</strong></p>
{% endif %}
{% endblock %}
...@@ -13,6 +13,9 @@ User list ...@@ -13,6 +13,9 @@ User list
{% if profile %} {% if profile %}
<h3>User Profile</h3> <h3>User Profile</h3>
<p><a href="{% url 'core:user_list' %}">Back to list</a></p> <p><a href="{% url 'core:user_list' %}">Back to list</a></p>
{% if user.is_superuser or user.id == profile.id %}
<p><a href="{% url 'core:user_edit' profile.id %}">Edit</a></p>
{% endif %}
<p>You're seeing the profile of <strong>{{ profile.get_display_name }}</strong></p> <p>You're seeing the profile of <strong>{{ profile.get_display_name }}</strong></p>
{% endif %} {% endif %}
......
...@@ -40,6 +40,11 @@ def register(request): ...@@ -40,6 +40,11 @@ def register(request):
return render(request, "core/register.html", context) return render(request, "core/register.html", context)
def login(request): def login(request):
"""
The login view
Needs to be improve with correct handling of form exceptions
"""
context = {'title': 'Login'} context = {'title': 'Login'}
if request.method == 'POST': if request.method == 'POST':
try: try:
...@@ -57,15 +62,27 @@ def login(request): ...@@ -57,15 +62,27 @@ def login(request):
return render(request, "core/login.html", context) return render(request, "core/login.html", context)
def logout(request): def logout(request):
"""
The logout view:w
"""
auth_logout(request) auth_logout(request)
return redirect('core:index') return redirect('core:index')
def user(request, user_id=None): def user(request, user_id=None):
context = {'title': 'View a user'}
if user_id == None: if user_id == None:
return render(request, "core/user.html", {'user_list': User.objects.all}) context['user_list'] = User.objects.all
user = get_object_or_404(User, pk=user_id) return render(request, "core/user.html", context)
return render(request, "core/user.html", {'profile': user}) context['profile'] = get_object_or_404(User, pk=user_id)
return render(request, "core/user.html", context)
def user_edit(request, user_id): def user_edit(request, user_id=None):
pass user_id = int(user_id)
context = {'title': 'Edit a user'}
if user_id is not None:
user_id = int(user_id)
if request.user.is_authenticated() and (request.user.pk == user_id or request.user.is_superuser):
context['profile'] = get_object_or_404(User, pk=user_id)
return render(request, "core/edit_user.html", context)
return user(request, user_id)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment