mirror of
https://github.com/Crocmagnon/checkout.git
synced 2024-11-22 08:08:04 +01:00
Improve permissions handling
This commit is contained in:
parent
284943e1b6
commit
31077516ae
4 changed files with 19 additions and 4 deletions
5
src/common/templates/403.html
Normal file
5
src/common/templates/403.html
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
{% extends "common/base.html" %}
|
||||||
|
{% block content %}
|
||||||
|
<h1>Permission denied</h1>
|
||||||
|
<p>You're not allowed to access this page.</p>
|
||||||
|
{% endblock %}
|
|
@ -6,12 +6,12 @@
|
||||||
</button>
|
</button>
|
||||||
<div class="collapse navbar-collapse" id="navbarSupportedContent">
|
<div class="collapse navbar-collapse" id="navbarSupportedContent">
|
||||||
<ul class="navbar-nav me-auto mb-2 mb-lg-0">
|
<ul class="navbar-nav me-auto mb-2 mb-lg-0">
|
||||||
{% if perms.purchase.can_view_basket %}
|
{% if perms.purchase.view_basket %}
|
||||||
<li class="nav-item">
|
<li class="nav-item">
|
||||||
<a href="{% url "purchase:list" %}" class="nav-link">Baskets</a>
|
<a href="{% url "purchase:list" %}" class="nav-link">Baskets</a>
|
||||||
</li>
|
</li>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if perms.purchase.can_add_basket %}
|
{% if perms.purchase.add_basket %}
|
||||||
<li class="nav-item">
|
<li class="nav-item">
|
||||||
<a href="{% url "purchase:new" %}" class="nav-link">New basket</a>
|
<a href="{% url "purchase:new" %}" class="nav-link">New basket</a>
|
||||||
</li>
|
</li>
|
||||||
|
|
|
@ -12,8 +12,12 @@
|
||||||
{{ basket.price_display }}<br>
|
{{ basket.price_display }}<br>
|
||||||
{{ basket.payment_method }}
|
{{ basket.payment_method }}
|
||||||
</p>
|
</p>
|
||||||
|
{% if perms.purchase.change_basket %}
|
||||||
<a href="{% url "purchase:update" basket.id %}" class="btn btn-sm btn-primary">Edit</a>
|
<a href="{% url "purchase:update" basket.id %}" class="btn btn-sm btn-primary">Edit</a>
|
||||||
|
{% endif %}
|
||||||
|
{% if perms.purchase.delete_basket %}
|
||||||
<a href="{% url "purchase:delete" basket.id %}" class="btn btn-sm btn-danger">Delete</a>
|
<a href="{% url "purchase:delete" basket.id %}" class="btn btn-sm btn-danger">Delete</a>
|
||||||
|
{% endif %}
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -17,6 +17,12 @@ class NewBasketView(ProtectedViewsMixin, SuccessMessageMixin, CreateView):
|
||||||
form_class = BasketForm
|
form_class = BasketForm
|
||||||
success_message = "Successfully created basket."
|
success_message = "Successfully created basket."
|
||||||
|
|
||||||
|
def get_success_url(self):
|
||||||
|
if self.request.user.has_perm("purchase.change_basket"):
|
||||||
|
return super().get_success_url()
|
||||||
|
else:
|
||||||
|
return reverse("purchase:new")
|
||||||
|
|
||||||
|
|
||||||
class UpdateBasketView(ProtectedViewsMixin, SuccessMessageMixin, UpdateView):
|
class UpdateBasketView(ProtectedViewsMixin, SuccessMessageMixin, UpdateView):
|
||||||
permission_required = ["purchase.change_basket", "purchase.view_basket"]
|
permission_required = ["purchase.change_basket", "purchase.view_basket"]
|
||||||
|
|
Loading…
Reference in a new issue