Commit 830c15a5 authored by Skia's avatar Skia

Better right handling in files

parent 1775569e
Pipeline #108 passed with stage
in 1 minute and 38 seconds
......@@ -137,17 +137,22 @@ class User(AbstractBaseUser):
return False
else:
return False
if group_name[-6:] == settings.SITH_BOARD_SUFFIX:
if 'club' in settings.INSTALLED_APPS:
from club.models import Club
name = group_name[:-6]
c = Club.objects.filter(unix_name=name).first()
mem = c.get_membership_for(self)
if mem:
return mem.role >= 2
return False
else:
return False
if group_name[-len(settings.SITH_BOARD_SUFFIX):] == settings.SITH_BOARD_SUFFIX:
from club.models import Club
name = group_name[:-len(settings.SITH_BOARD_SUFFIX)]
c = Club.objects.filter(unix_name=name).first()
mem = c.get_membership_for(self)
if mem:
return mem.role > settings.SITH_MAXIMUM_FREE_ROLE
return False
if group_name[-len(settings.SITH_MEMBER_SUFFIX):] == settings.SITH_MEMBER_SUFFIX:
from club.models import Club
name = group_name[:-len(settings.SITH_MEMBER_SUFFIX)]
c = Club.objects.filter(unix_name=name).first()
mem = c.get_membership_for(self)
if mem:
return True
return False
if group_name == settings.SITH_GROUPS['root']['name'] and self.is_superuser:
return True
return self.groups.filter(name=group_name).exists()
......
......@@ -13,6 +13,7 @@
<body>
{% block header %}
{% if not popup %}
<div id="logo"><a href="{{ url('core:index') }}"><img src="{{ static('core/img/logo.png') }}"
alt="{% trans %}Logo{% endtrans %}" /></a></div>
<header>
......@@ -25,8 +26,12 @@
<a href="{{ url('core:logout') }}">{% trans %}Logout{% endtrans %}</a>
{% endif %}
</header>
{% else %}
<div id="popupheader">{{ user.get_display_name() }}</div>
{% endif %}
{% endblock %}
{% block nav %}
{% if not popup %}
<nav>
<a href="{{ url('core:user_list') }}">{% trans %}Users{% endtrans %}</a>
<a href="{{ url('core:page', page_name="Index") }}">{% trans %}Wiki{% endtrans %}</a>
......@@ -34,6 +39,7 @@
<a href="{{ url('club:club_list') }}">{% trans %}Clubs{% endtrans %}</a>
<a href="{{ url('core:page', "Services") }}">{% trans %}Services{% endtrans %}</a>
</nav>
{% endif %}
{% endblock %}
<div id="content">
......@@ -59,8 +65,7 @@
<script src="{{ static('core/js/multiple-select.js') }}"></script>
<script src="{{ static('core/js/script.js') }}"></script>
<script>
$('select').multipleSelect({
filter: true,
$('select:not([multiple])').multipleSelect({
single: true,
{% if not popup %}
position: 'top',
......
......@@ -21,20 +21,6 @@
{% endif %}
{% endmacro %}
{% block header %}
{% if popup != "" %}
<div id="popupheader">{{ user.get_display_name() }}</div>
{% else %}
{{ super() }}
{% endif %}
{% endblock %}
{% block nav %}
{% if popup != "" %}
{% else %}
{{ super() }}
{% endif %}
{% endblock %}
{% block content %}
{{ print_file_name(file) }}
......
......@@ -12,11 +12,13 @@
</h3>
<p>{% trans %}Owner: {% endtrans %}{{ file.owner.get_display_name() }}</p>
{% if file.is_folder %}
{% if user.can_edit(file) %}
<form action="" method="post" enctype="multipart/form-data">
{% csrf_token %}
{{ form.as_p() }}
<p><input type="submit" value="{% trans %}Add{% endtrans %}"></p>
</form>
{% endif %}
<ul>
{% for f in file.children.order_by('-is_folder', 'name').all() %}
<li>
......
......@@ -2,11 +2,13 @@
{% block content %}
{{ super() }}
{% if user.is_in_group(settings.SITH_MAIN_BOARD_GROUP) %}
<form action="" method="post" enctype="multipart/form-data">
{% csrf_token %}
{{ form.as_p() }}
<p><input type="submit" value="{% trans %}Add{% endtrans %}"></p>
</form>
{% endif %}
{% if file_list %}
<h3>{% trans %}File list{% endtrans %}</h3>
<ul>
......
......@@ -9,7 +9,7 @@ from core.models import Group
def forbidden(request):
return HttpResponseForbidden(render(request, "core/403.jinja", context={'next': request.path, 'form':
AuthenticationForm()}))
AuthenticationForm(), 'popup': request.resolver_match.kwargs['popup'] or ""}))
def not_found(request):
return HttpResponseNotFound(render(request, "core/404.jinja"))
......
......@@ -62,7 +62,7 @@ class AddFileForm(forms.Form):
self.add_error(None, _("Error uploading file %(file_name)s: %(msg)s") %
{'file_name': f, 'msg': str(e.message)})
class FileListView(CanViewMixin, ListView, FormMixin):
class FileListView(ListView, FormMixin):
template_name = 'core/file_list.jinja'
context_object_name = "file_list"
form_class = AddFileForm
......@@ -75,7 +75,7 @@ class FileListView(CanViewMixin, ListView, FormMixin):
self.object_list = self.get_queryset()
self.form = self.get_form()
files = request.FILES.getlist('file_field')
if self.form.is_valid():
if request.user.is_authenticated() and request.user.is_in_group(settings.SITH_MAIN_BOARD_GROUP) and self.form.is_valid():
self.form.process(parent=None, owner=request.user, files=files)
if self.form.is_valid():
return super(FileListView, self).form_valid(self.form)
......@@ -141,7 +141,7 @@ class FileEditPropView(CanEditPropMixin, UpdateView):
kwargs['popup'] = 'popup'
return kwargs
class FileView(CanEditMixin, DetailView, FormMixin):
class FileView(CanViewMixin, DetailView, FormMixin):
"""This class handle the upload of new files into a folder"""
model = SithFile
pk_url_kwarg = "file_id"
......@@ -157,7 +157,7 @@ class FileView(CanEditMixin, DetailView, FormMixin):
self.object = self.get_object()
self.form = self.get_form()
files = request.FILES.getlist('file_field')
if self.form.is_valid():
if request.user.is_authenticated() and request.user.can_edit(self.object) and self.form.is_valid():
self.form.process(parent=self.object, owner=request.user, files=files)
if self.form.is_valid():
return super(FileView, self).form_valid(self.form)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment