Check permissions and add support for messages with Bootstrap

2016-06-04 12:04:17 +02:00 · 2016-06-04 12:04:17 +02:00 · d2c6f573f9
parent ff2baab268
commit d2c6f573f9
5 changed files with 25 additions and 4 deletions
--- a/refunding/templates/refunding/payments.html
+++ b/refunding/templates/refunding/payments.html
@ -4,7 +4,7 @@
 {% block content %}
    <h1>
        {% block title %}Payments to refund{% endblock %}
-        {% if user.is_authenticated %}
+        {% if user.is_authenticated and perms.refunding.add_payment %}
            <div class="btn-group pull-right">
                <a class="btn btn-success" href="{% url 'new_payment' %}">
                    <span class="glyphicon glyphicon-plus"></span>
--- a/refunding/templates/refunding/refunds.html
+++ b/refunding/templates/refunding/refunds.html
@ -4,7 +4,7 @@
 {% block content %}
    <h1>
        {% block title %}Latest refunds{% endblock %}
-        {% if user.is_authenticated %}
+        {% if user.is_authenticated and perms.refunding.add_refund %}
            <div class="btn-group pull-right">
                <a class="btn btn-success" href="{% url 'new_refund' %}">
                    <span class="glyphicon glyphicon-plus"></span>
--- a/refunding/views.py
+++ b/refunding/views.py
@ -1,4 +1,4 @@
-from django.contrib.auth.decorators import login_required
+from django.contrib.auth.decorators import login_required, permission_required
 from django.db.models import Sum
 from django.shortcuts import render, redirect, get_object_or_404
 from refunding.forms import RefundFormPublic, PaymentForm
@ -33,6 +33,7 @@ def latest_refunds(request):


@login_required
+@permission_required('refunding.add_refund')
 def new_refund(request):
    if request.method == 'POST':
        form = RefundFormPublic(request.POST)
@ -48,11 +49,12 @@ def new_refund(request):
        'form': form,
        'title': 'New refund'
    }
+
    return render(request, "refunding/refund_payment_detail.html", context)


-
@login_required
+@permission_required('refunding.add_payment')
 def new_payment(request):
    if request.method == 'POST':
        form = PaymentForm(request.POST)
@ -68,12 +70,15 @@ def new_payment(request):
        'form': form,
        'title': 'New payment'
    }
+
    return render(request, "refunding/refund_payment_detail.html", context)


@login_required
+@permission_required('refunding.change_refund')
 def refund_edit(request, pk):
    refund = get_object_or_404(Refund, pk=pk)
+
    if request.method == 'POST':
        form = RefundFormPublic(request.POST, instance=refund)
        if form.is_valid():
@ -83,8 +88,10 @@ def refund_edit(request, pk):
            return redirect('latest_refunds')
    else:
        form = RefundFormPublic(instance=refund)
+
    context = {
        'form': form,
        'title': 'Edit refund'
    }
+
    return render(request, 'refunding/refund_payment_detail.html', context)
--- a/refunds/settings.py
+++ b/refunds/settings.py
@ -14,6 +14,7 @@ import ast

 import dj_database_url
 import os
+from django.contrib import messages

 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
@ -161,3 +162,7 @@ LOGOUT_URL = 'auth_logout'
 LOGIN_REDIRECT_URL = 'home'

 CRISPY_TEMPLATE_PACK = 'bootstrap3'
+
+MESSAGE_TAGS = {
+    messages.ERROR: 'danger'
+}
--- a/templates/base.html
+++ b/templates/base.html
@ -27,6 +27,15 @@
 {% include 'navbar.html' %}

 <div class="container">
+    {% for message in messages %}
+        <div class="alert alert-dismissible alert-{{ message.tags }}" role="alert">
+            <button type="button" class="close" data-dismiss="alert" aria-label="Close">
+                <span aria-hidden="true">&times;</span>
+            </button>
+            {{ message }}
+        </div>
+    {% endfor %}
+
    {% block content %}
    {% endblock %}
 </div>