Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
@permission_required('testapp.delete_book', fn=objectgetter(Book, 'book_id'))
def delete_book(request, book_id):
return HttpResponse('OK')
class BookDeleteView(LoginRequiredMixin, PermissionRequiredMixin, BookMixin, DeleteView):
template_name = 'empty.html'
permission_required = 'testapp.delete_book'
@permission_required('testapp.delete_book', fn=objectgetter(Book, 'book_id'), raise_exception=True)
def view_that_raises(request, book_id):
return HttpResponse('OK')
class ViewThatRaises(LoginRequiredMixin, PermissionRequiredMixin, BookMixin, DeleteView):
template_name = 'empty.html'
raise_exception = True
permission_required = 'testapp.delete_book'
@permission_required(['testapp.change_book', 'testapp.delete_book'], fn=objectgetter(Book, 'book_id'))
def view_with_permission_list(request, book_id):
return HttpResponse('OK')
class ViewWithPermissionList(LoginRequiredMixin, PermissionRequiredMixin, BookMixin, DeleteView):
template_name = 'empty.html'
permission_required = ['testapp.change_book', 'testapp.delete_book']
@permission_required('testapp.delete_book', fn=objectgetter(Book, 'book_id'))
This views provides a "landing" page in order to consume an action.
"""
http_method_names = ['get', ]
def get(self, request, *args, **kwargs):
self.object = self.get_object()
context = self.get_context_data(object=self.object)
return self.render_to_response(context)
def get_template_names(self):
if self.action.landing_page_template_name:
return [self.action.landing_page_template_name, ]
return super(AccountActionLandingView, self).get_template_names()
class AccountActionConsumeView(PermissionRequiredMixin, AccountActionTokenMixin, View):
"""
This views can be used to "consume" an account action token. It will associate the token with
the current user and execute the proper operations related to the considered action.
"""
http_method_names = ['post', ]
raise_exception = True
def post(self, request, *args, **kwargs):
self.request = request
self.object = self.get_object()
self.object.consume(request.user)
return HttpResponseRedirect(self.get_redirect_url())
def has_permission(self):
return self.request.user.is_authenticated() \
and self.action.can_be_consumed(self.get_object(), self.request.user)
from django.contrib.contenttypes.models import ContentType
from django.core.urlresolvers import reverse
from django.views.generic import (
CreateView,
DeleteView,
ListView
)
from rules.contrib.views import PermissionRequiredMixin
from core.permissions.models import Rule
from core.userspace.viewmixins import LoginRequiredMixin
from .forms import RuleForm
class PermissionsCheckMixin(PermissionRequiredMixin, LoginRequiredMixin):
permission_required = 'userspace.manage_permissions'
def get_queryset(self):
qs = super(PermissionsCheckMixin, self).get_queryset()
ct = ContentType.objects.get(app_label="erudit", model="journal")
ids = [j.id for j in self.request.user.journals.all()]
return qs.filter(content_type=ct, object_id__in=ids)
class PermissionsListView(PermissionsCheckMixin, ListView):
model = Rule
template_name = 'userspace/permissions/perm_list.html'
class PermissionsCreateView(PermissionsCheckMixin, CreateView):
model = Rule
template_name = 'communities/community_create.html'
permission_required = 'community.can_create'
def form_valid(self, form):
with transaction.atomic():
out = super().form_valid(form)
CommunitySubscription.objects.create(
community=self.object,
user=self.request.user,
role='owner'
)
return out
class CommunityUpdateView(LoginRequiredMixin, PermissionRequiredMixin, UpdateView):
model = Community
template_name = 'communities/community_update.html'
permission_required = 'community.can_edit'
form_class = CommunityUpdateForm
class CommunityDetailView(DetailView):
model = Community
class CommunityEventCreateView(LoginRequiredMixin, PermissionRequiredMixin, CreateView):
model = Event
template_name = 'communities/community_event_create.html'
form_class = EventCreateForm
permission_required = 'community.can_create_event'
generic.UpdateView):
model = user_models.User
template_name = "euth_dashboard/profile_detail.html"
form_class = forms.ProfileForm
success_message = _("Your profile was successfully updated.")
def get_object(self):
return get_object_or_404(user_models.User, pk=self.request.user.id)
def get_success_url(self):
return self.request.path
class DashboardOrganisationUpdateView(DashboardBaseMixin,
rules_views.PermissionRequiredMixin,
SuccessMessageMixin,
generic.UpdateView):
model = org_models.Organisation
form_class = forms.OrganisationForm
slug_url_kwarg = 'organisation_slug'
template_name = 'euth_dashboard/organisation_form.html'
success_message = _('Organisation successfully updated.')
permission_required = 'euth_organisations.modify_organisation'
def get_success_url(self):
return self.request.path
class DashboardProjectListView(DashboardBaseMixin,
rules_views.PermissionRequiredMixin,
generic.ListView):
# -*- coding: utf-8 -*-
from rules.contrib.views import PermissionRequiredMixin
class IssueSubmissionCheckMixin(PermissionRequiredMixin):
permission_required = 'editor.manage_issuesubmission'
def get_queryset(self):
qs = super(IssueSubmissionCheckMixin, self).get_queryset()
ids = [issue.id for issue in qs if self.request.user.has_perm(
'editor.manage_issuesubmission', issue.journal)]
return qs.filter(id__in=ids)
resolver_match = self.request.resolver_match
args = resolver_match.args
kwargs = resolver_match.kwargs.copy()
kwargs.update({'organisation_pk': organisation.pk})
return HttpResponseRedirect(
reverse(':'.join([resolver_match.namespace, resolver_match.url_name]),
args=args, kwargs=kwargs))
self.init_current_organisation(organisation)
@cached_property
def user_organisations(self):
return self.get_user_organisations()
class OrganisationScopePermissionRequiredMixin(OrganisationScopeMixin, PermissionRequiredMixin):
raise_exception = True
def get_context_data(self, **kwargs):
context = super(OrganisationScopePermissionRequiredMixin, self).get_context_data(**kwargs)
context['library_permission_required'] = self.permission_required
return context
def get_permission_object(self):
return self.current_organisation