Skip to content
Snippets Groups Projects
Commit 6f1e5b91 authored by HeJ's avatar HeJ
Browse files

backoffice user mgmt: fix perms

parent 266ba526
Branches
No related tags found
No related merge requests found
...@@ -67,6 +67,8 @@ class ConferenceMixin(PermissionRequiredMixin): ...@@ -67,6 +67,8 @@ class ConferenceMixin(PermissionRequiredMixin):
return redirect('conference_selection') return redirect('conference_selection')
if self.require_conference_open and not self.conference.is_open and not self.is_assembly_team: if self.require_conference_open and not self.conference.is_open and not self.is_assembly_team:
raise PermissionDenied('Conference not open.') raise PermissionDenied('Conference not open.')
if not self.has_permission():
raise PermissionDenied('Insufficient priviledges.')
return super().dispatch(request, *args, **kwargs) return super().dispatch(request, *args, **kwargs)
def get_context_data(self, *args, **kwargs): def get_context_data(self, *args, **kwargs):
...@@ -89,7 +91,7 @@ class ConferenceMixin(PermissionRequiredMixin): ...@@ -89,7 +91,7 @@ class ConferenceMixin(PermissionRequiredMixin):
context.update({ context.update({
'has_assemblies': self.is_assembly_team, 'has_assemblies': self.is_assembly_team,
'has_pages': self.request.user.has_conference_staffpermission(self.conference, 'core.static_pages'), 'has_pages': self.request.user.has_conference_staffpermission(self.conference, 'core.static_pages'),
'has_users': self.request.user.has_conference_staffpermission(self.conference, 'core.platformusers', 'core.block_platformuser'), 'has_users': self.request.user.has_conference_staffpermission(self.conference, 'core.platformusers'),
}) })
else: else:
context.update({ context.update({
......
...@@ -21,7 +21,7 @@ MAX_ROWS = 42 ...@@ -21,7 +21,7 @@ MAX_ROWS = 42
class UsersView(ConferenceMixin, TemplateView): class UsersView(ConferenceMixin, TemplateView):
permissions_required = ['core.platformusers'] permission_required = ['core.platformusers']
template_name = 'backoffice/user-list.html' template_name = 'backoffice/user-list.html'
def get_context_data(self, *args, **kwargs): def get_context_data(self, *args, **kwargs):
...@@ -31,9 +31,6 @@ class UsersView(ConferenceMixin, TemplateView): ...@@ -31,9 +31,6 @@ class UsersView(ConferenceMixin, TemplateView):
ctx['usercount'] = PlatformUser.objects.count() ctx['usercount'] = PlatformUser.objects.count()
ctx['myconf'] = self.request.method == 'GET' or 'myconf' in self.request.POST ctx['myconf'] = self.request.method == 'GET' or 'myconf' in self.request.POST
ctx['can_block'] = self.request.user.has_conference_staffpermission(self.conference, 'core.block_platformuser')
ctx['can_rename'] = self.request.user.has_conference_staffpermission(self.conference, 'core.rename_platformuser')
return ctx return ctx
def post(self, *args, **kwargs): def post(self, *args, **kwargs):
...@@ -64,7 +61,7 @@ class UsersView(ConferenceMixin, TemplateView): ...@@ -64,7 +61,7 @@ class UsersView(ConferenceMixin, TemplateView):
class UserView(ConferenceMixin, DetailView): class UserView(ConferenceMixin, DetailView):
model = PlatformUser model = PlatformUser
permissions_required = ['core.platformusers'] permission_required = ['core.platformusers']
template_name = 'backoffice/user-detail.html' template_name = 'backoffice/user-detail.html'
def get_context_data(self, *args, **kwargs): def get_context_data(self, *args, **kwargs):
...@@ -75,6 +72,9 @@ class UserView(ConferenceMixin, DetailView): ...@@ -75,6 +72,9 @@ class UserView(ConferenceMixin, DetailView):
guardians = list(self.object.guardians) guardians = list(self.object.guardians)
ctx['guardians'] = guardians ctx['guardians'] = guardians
ctx['can_block'] = self.request.user.has_conference_staffpermission(self.conference, 'block_platformuser')
ctx['can_rename'] = self.request.user.has_conference_staffpermission(self.conference, 'rename_platformuser')
try: try:
ctx['user_conferencemember'] = ConferenceMember.objects.get(conference=self.conference, user=self.object) ctx['user_conferencemember'] = ConferenceMember.objects.get(conference=self.conference, user=self.object)
except ConferenceMember.DoesNotExist: except ConferenceMember.DoesNotExist:
...@@ -85,7 +85,7 @@ class UserView(ConferenceMixin, DetailView): ...@@ -85,7 +85,7 @@ class UserView(ConferenceMixin, DetailView):
class UserBlockView(ConferenceMixin, DetailView): class UserBlockView(ConferenceMixin, DetailView):
model = PlatformUser model = PlatformUser
permissions_required = ['core.block_platformuser'] permission_required = ['core.block_platformuser']
template_name = 'backoffice/user-block.html' template_name = 'backoffice/user-block.html'
def get_context_data(self, *args, **kwargs): def get_context_data(self, *args, **kwargs):
...@@ -138,7 +138,7 @@ class UserBlockView(ConferenceMixin, DetailView): ...@@ -138,7 +138,7 @@ class UserBlockView(ConferenceMixin, DetailView):
class UserRenameView(ConferenceMixin, DetailView): class UserRenameView(ConferenceMixin, DetailView):
model = PlatformUser model = PlatformUser
permissions_required = ['core.rename_platformuser'] permission_required = ['core.rename_platformuser']
template_name = 'backoffice/user-rename.html' template_name = 'backoffice/user-rename.html'
def get_context_data(self, *args, **kwargs): def get_context_data(self, *args, **kwargs):
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment