From d2c6f573f9494f72f21a05a9856713dd5ec6001b Mon Sep 17 00:00:00 2001 From: Gabriel Augendre Date: Sat, 4 Jun 2016 12:04:17 +0200 Subject: [PATCH] Check permissions and add support for messages with Bootstrap --- refunding/templates/refunding/payments.html | 2 +- refunding/templates/refunding/refunds.html | 2 +- refunding/views.py | 11 +++++++++-- refunds/settings.py | 5 +++++ templates/base.html | 9 +++++++++ 5 files changed, 25 insertions(+), 4 deletions(-) diff --git a/refunding/templates/refunding/payments.html b/refunding/templates/refunding/payments.html index fd9b786..91be5d6 100644 --- a/refunding/templates/refunding/payments.html +++ b/refunding/templates/refunding/payments.html @@ -4,7 +4,7 @@ {% block content %}

{% block title %}Payments to refund{% endblock %} - {% if user.is_authenticated %} + {% if user.is_authenticated and perms.refunding.add_payment %}
diff --git a/refunding/templates/refunding/refunds.html b/refunding/templates/refunding/refunds.html index 44976bc..d7befb0 100644 --- a/refunding/templates/refunding/refunds.html +++ b/refunding/templates/refunding/refunds.html @@ -4,7 +4,7 @@ {% block content %}

{% block title %}Latest refunds{% endblock %} - {% if user.is_authenticated %} + {% if user.is_authenticated and perms.refunding.add_refund %}
diff --git a/refunding/views.py b/refunding/views.py index 69580e8..c0ad30c 100644 --- a/refunding/views.py +++ b/refunding/views.py @@ -1,4 +1,4 @@ -from django.contrib.auth.decorators import login_required +from django.contrib.auth.decorators import login_required, permission_required from django.db.models import Sum from django.shortcuts import render, redirect, get_object_or_404 from refunding.forms import RefundFormPublic, PaymentForm @@ -33,6 +33,7 @@ def latest_refunds(request): @login_required +@permission_required('refunding.add_refund') def new_refund(request): if request.method == 'POST': form = RefundFormPublic(request.POST) @@ -48,11 +49,12 @@ def new_refund(request): 'form': form, 'title': 'New refund' } + return render(request, "refunding/refund_payment_detail.html", context) - @login_required +@permission_required('refunding.add_payment') def new_payment(request): if request.method == 'POST': form = PaymentForm(request.POST) @@ -68,12 +70,15 @@ def new_payment(request): 'form': form, 'title': 'New payment' } + return render(request, "refunding/refund_payment_detail.html", context) @login_required +@permission_required('refunding.change_refund') def refund_edit(request, pk): refund = get_object_or_404(Refund, pk=pk) + if request.method == 'POST': form = RefundFormPublic(request.POST, instance=refund) if form.is_valid(): @@ -83,8 +88,10 @@ def refund_edit(request, pk): return redirect('latest_refunds') else: form = RefundFormPublic(instance=refund) + context = { 'form': form, 'title': 'Edit refund' } + return render(request, 'refunding/refund_payment_detail.html', context) diff --git a/refunds/settings.py b/refunds/settings.py index e9f6b66..74915ba 100644 --- a/refunds/settings.py +++ b/refunds/settings.py @@ -14,6 +14,7 @@ import ast import dj_database_url import os +from django.contrib import messages # Build paths inside the project like this: os.path.join(BASE_DIR, ...) BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) @@ -161,3 +162,7 @@ LOGOUT_URL = 'auth_logout' LOGIN_REDIRECT_URL = 'home' CRISPY_TEMPLATE_PACK = 'bootstrap3' + +MESSAGE_TAGS = { + messages.ERROR: 'danger' +} diff --git a/templates/base.html b/templates/base.html index c062498..5095e55 100644 --- a/templates/base.html +++ b/templates/base.html @@ -27,6 +27,15 @@ {% include 'navbar.html' %}
+ {% for message in messages %} + + {% endfor %} + {% block content %} {% endblock %}