diff --git a/src/backoffice/views/mixins.py b/src/backoffice/views/mixins.py index 63b691657dcac1782e28ef93af196a1d278da9d7..0627396109abeb0a3106934478afcb40bff67b76 100644 --- a/src/backoffice/views/mixins.py +++ b/src/backoffice/views/mixins.py @@ -67,6 +67,8 @@ class ConferenceMixin(PermissionRequiredMixin): return redirect('conference_selection') if self.require_conference_open and not self.conference.is_open and not self.is_assembly_team: raise PermissionDenied('Conference not open.') + if not self.has_permission(): + raise PermissionDenied('Insufficient priviledges.') return super().dispatch(request, *args, **kwargs) def get_context_data(self, *args, **kwargs): @@ -89,7 +91,7 @@ class ConferenceMixin(PermissionRequiredMixin): context.update({ 'has_assemblies': self.is_assembly_team, 'has_pages': self.request.user.has_conference_staffpermission(self.conference, 'core.static_pages'), - 'has_users': self.request.user.has_conference_staffpermission(self.conference, 'core.platformusers', 'core.block_platformuser'), + 'has_users': self.request.user.has_conference_staffpermission(self.conference, 'core.platformusers'), }) else: context.update({ diff --git a/src/backoffice/views/users.py b/src/backoffice/views/users.py index 3929b0a5a3922d4ed7a665101bc7f3a3aeb3ab11..4277760d6984a07562acc1fbbd3ded075321cc8b 100644 --- a/src/backoffice/views/users.py +++ b/src/backoffice/views/users.py @@ -21,7 +21,7 @@ MAX_ROWS = 42 class UsersView(ConferenceMixin, TemplateView): - permissions_required = ['core.platformusers'] + permission_required = ['core.platformusers'] template_name = 'backoffice/user-list.html' def get_context_data(self, *args, **kwargs): @@ -31,9 +31,6 @@ class UsersView(ConferenceMixin, TemplateView): ctx['usercount'] = PlatformUser.objects.count() ctx['myconf'] = self.request.method == 'GET' or 'myconf' in self.request.POST - ctx['can_block'] = self.request.user.has_conference_staffpermission(self.conference, 'core.block_platformuser') - ctx['can_rename'] = self.request.user.has_conference_staffpermission(self.conference, 'core.rename_platformuser') - return ctx def post(self, *args, **kwargs): @@ -64,7 +61,7 @@ class UsersView(ConferenceMixin, TemplateView): class UserView(ConferenceMixin, DetailView): model = PlatformUser - permissions_required = ['core.platformusers'] + permission_required = ['core.platformusers'] template_name = 'backoffice/user-detail.html' def get_context_data(self, *args, **kwargs): @@ -75,6 +72,9 @@ class UserView(ConferenceMixin, DetailView): guardians = list(self.object.guardians) ctx['guardians'] = guardians + ctx['can_block'] = self.request.user.has_conference_staffpermission(self.conference, 'block_platformuser') + ctx['can_rename'] = self.request.user.has_conference_staffpermission(self.conference, 'rename_platformuser') + try: ctx['user_conferencemember'] = ConferenceMember.objects.get(conference=self.conference, user=self.object) except ConferenceMember.DoesNotExist: @@ -85,7 +85,7 @@ class UserView(ConferenceMixin, DetailView): class UserBlockView(ConferenceMixin, DetailView): model = PlatformUser - permissions_required = ['core.block_platformuser'] + permission_required = ['core.block_platformuser'] template_name = 'backoffice/user-block.html' def get_context_data(self, *args, **kwargs): @@ -138,7 +138,7 @@ class UserBlockView(ConferenceMixin, DetailView): class UserRenameView(ConferenceMixin, DetailView): model = PlatformUser - permissions_required = ['core.rename_platformuser'] + permission_required = ['core.rename_platformuser'] template_name = 'backoffice/user-rename.html' def get_context_data(self, *args, **kwargs):