mirror of
https://github.com/Crocmagnon/checkout.git
synced 2024-12-22 14:11:48 +01:00
Improve permissions handling
This commit is contained in:
parent
284943e1b6
commit
31077516ae
4 changed files with 19 additions and 4 deletions
5
src/common/templates/403.html
Normal file
5
src/common/templates/403.html
Normal file
|
@ -0,0 +1,5 @@
|
|||
{% extends "common/base.html" %}
|
||||
{% block content %}
|
||||
<h1>Permission denied</h1>
|
||||
<p>You're not allowed to access this page.</p>
|
||||
{% endblock %}
|
|
@ -6,12 +6,12 @@
|
|||
</button>
|
||||
<div class="collapse navbar-collapse" id="navbarSupportedContent">
|
||||
<ul class="navbar-nav me-auto mb-2 mb-lg-0">
|
||||
{% if perms.purchase.can_view_basket %}
|
||||
{% if perms.purchase.view_basket %}
|
||||
<li class="nav-item">
|
||||
<a href="{% url "purchase:list" %}" class="nav-link">Baskets</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% if perms.purchase.can_add_basket %}
|
||||
{% if perms.purchase.add_basket %}
|
||||
<li class="nav-item">
|
||||
<a href="{% url "purchase:new" %}" class="nav-link">New basket</a>
|
||||
</li>
|
||||
|
|
|
@ -12,8 +12,12 @@
|
|||
{{ basket.price_display }}<br>
|
||||
{{ basket.payment_method }}
|
||||
</p>
|
||||
<a href="{% url "purchase:update" basket.id %}" class="btn btn-sm btn-primary">Edit</a>
|
||||
<a href="{% url "purchase:delete" basket.id %}" class="btn btn-sm btn-danger">Delete</a>
|
||||
{% if perms.purchase.change_basket %}
|
||||
<a href="{% url "purchase:update" basket.id %}" class="btn btn-sm btn-primary">Edit</a>
|
||||
{% endif %}
|
||||
{% if perms.purchase.delete_basket %}
|
||||
<a href="{% url "purchase:delete" basket.id %}" class="btn btn-sm btn-danger">Delete</a>
|
||||
{% endif %}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
@ -17,6 +17,12 @@ class NewBasketView(ProtectedViewsMixin, SuccessMessageMixin, CreateView):
|
|||
form_class = BasketForm
|
||||
success_message = "Successfully created basket."
|
||||
|
||||
def get_success_url(self):
|
||||
if self.request.user.has_perm("purchase.change_basket"):
|
||||
return super().get_success_url()
|
||||
else:
|
||||
return reverse("purchase:new")
|
||||
|
||||
|
||||
class UpdateBasketView(ProtectedViewsMixin, SuccessMessageMixin, UpdateView):
|
||||
permission_required = ["purchase.change_basket", "purchase.view_basket"]
|
||||
|
|
Loading…
Reference in a new issue