gaugendre/checkout
1
0
Fork 0
mirror of https://github.com/Crocmagnon/checkout.git synced 2024-11-22 16:18:03 +01:00
Code Issues Projects Releases Packages Wiki Activity

Improve permissions handling

Browse source
This commit is contained in:
Gabriel Augendre 2022-04-25 17:30:49 +02:00
parent 284943e1b6
commit 31077516ae
4 changed files with 19 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/common/templates/403.html Normal file
View file

@ -0,0 +1,5 @@
{% extends "common/base.html" %}
{% block content %}
<h1>Permission denied</h1>
<p>You're not allowed to access this page.</p>
{% endblock %}

4
src/common/templates/common/navbar.html
View file

@ -6,12 +6,12 @@
</button> </button>
<div class="collapse navbar-collapse" id="navbarSupportedContent"> <div class="collapse navbar-collapse" id="navbarSupportedContent">
<ul class="navbar-nav me-auto mb-2 mb-lg-0"> <ul class="navbar-nav me-auto mb-2 mb-lg-0">
{% if perms.purchase.can_view_basket %} {% if perms.purchase.view_basket %}
<li class="nav-item"> <li class="nav-item">
<a href="{% url "purchase:list" %}" class="nav-link">Baskets</a> <a href="{% url "purchase:list" %}" class="nav-link">Baskets</a>
</li> </li>
{% endif %} {% endif %}
{% if perms.purchase.can_add_basket %} {% if perms.purchase.add_basket %}
<li class="nav-item"> <li class="nav-item">
<a href="{% url "purchase:new" %}" class="nav-link">New basket</a> <a href="{% url "purchase:new" %}" class="nav-link">New basket</a>
</li> </li>

4
src/purchase/templates/purchase/basket_list.html
View file

@ -12,8 +12,12 @@
{{ basket.price_display }}<br> {{ basket.price_display }}<br>
{{ basket.payment_method }} {{ basket.payment_method }}
</p> </p>
{% if perms.purchase.change_basket %}
<a href="{% url "purchase:update" basket.id %}" class="btn btn-sm btn-primary">Edit</a> <a href="{% url "purchase:update" basket.id %}" class="btn btn-sm btn-primary">Edit</a>
{% endif %}
{% if perms.purchase.delete_basket %}
<a href="{% url "purchase:delete" basket.id %}" class="btn btn-sm btn-danger">Delete</a> <a href="{% url "purchase:delete" basket.id %}" class="btn btn-sm btn-danger">Delete</a>
{% endif %}
</div> </div>
</div> </div>
</div> </div>

6
src/purchase/views.py
View file

@ -17,6 +17,12 @@ class NewBasketView(ProtectedViewsMixin, SuccessMessageMixin, CreateView):
form_class = BasketForm form_class = BasketForm
success_message = "Successfully created basket." success_message = "Successfully created basket."
def get_success_url(self):
if self.request.user.has_perm("purchase.change_basket"):
return super().get_success_url()
else:
return reverse("purchase:new")
class UpdateBasketView(ProtectedViewsMixin, SuccessMessageMixin, UpdateView): class UpdateBasketView(ProtectedViewsMixin, SuccessMessageMixin, UpdateView):
permission_required = ["purchase.change_basket", "purchase.view_basket"] permission_required = ["purchase.change_basket", "purchase.view_basket"]