From 77c6017eb6eb60d544326034781495acf01a3be6 Mon Sep 17 00:00:00 2001
From: Carlos Vega <carlos.vega@uni.lu>
Date: Wed, 21 Nov 2018 13:49:56 +0100
Subject: [PATCH] added permissions
---
smash/web/views/configuration_item.py | 3 ++-
smash/web/views/language.py | 8 ++++----
smash/web/views/study.py | 3 ++-
smash/web/views/voucher.py | 5 +++--
smash/web/views/voucher_type.py | 6 +++---
smash/web/views/worker.py | 14 +++++++-------
6 files changed, 21 insertions(+), 18 deletions(-)
diff --git a/smash/web/views/configuration_item.py b/smash/web/views/configuration_item.py
index 039e6290..086075c4 100644
--- a/smash/web/views/configuration_item.py
+++ b/smash/web/views/configuration_item.py
@@ -1,6 +1,7 @@
# coding=utf-8
from . import wrap_response
+from web.decorators import PermissionDecorator
-
+@PermissionDecorator('change_configurationitem', 'configuration')
def configuration_items(request):
return wrap_response(request, "configuration/index.html", {})
diff --git a/smash/web/views/language.py b/smash/web/views/language.py
index 99967c2e..6b068756 100644
--- a/smash/web/views/language.py
+++ b/smash/web/views/language.py
@@ -8,14 +8,14 @@ from django.views.generic import UpdateView
from . import WrappedView
from ..models import Language
-
+from web.decorators import PermissionDecorator
class LanguageListView(ListView, WrappedView):
model = Language
context_object_name = "languages"
template_name = 'languages/list.html'
-
+PermissionDecorator('change_language', 'configuration')
class LanguageCreateView(CreateView, WrappedView):
model = Language
template_name = "languages/add.html"
@@ -23,7 +23,7 @@ class LanguageCreateView(CreateView, WrappedView):
success_url = reverse_lazy('web.views.languages')
success_message = "Language created"
-
+PermissionDecorator('change_language', 'configuration')
class LanguageDeleteView(DeleteView, WrappedView):
model = Language
success_url = reverse_lazy('web.views.languages')
@@ -33,7 +33,7 @@ class LanguageDeleteView(DeleteView, WrappedView):
messages.success(request, "Language deleted")
return super(LanguageDeleteView, self).delete(request, *args, **kwargs)
-
+PermissionDecorator('change_language', 'configuration')
class LanguageEditView(UpdateView, WrappedView):
model = Language
success_url = reverse_lazy('web.views.languages')
diff --git a/smash/web/views/study.py b/smash/web/views/study.py
index 75b2d71f..82756ed8 100644
--- a/smash/web/views/study.py
+++ b/smash/web/views/study.py
@@ -7,10 +7,11 @@ from django.shortcuts import redirect, get_object_or_404
from web.forms import StudyColumnsEditForm, StudyEditForm, StudyNotificationParametersEditForm
from web.models import Study
from web.views import wrap_response
+from web.decorators import PermissionDecorator
logger = logging.getLogger(__name__)
-
+PermissionDecorator('change_study', 'configuration')
def study_edit(request, study_id):
study = get_object_or_404(Study, id=study_id)
if request.method == 'POST':
diff --git a/smash/web/views/voucher.py b/smash/web/views/voucher.py
index d3284437..e08023d7 100644
--- a/smash/web/views/voucher.py
+++ b/smash/web/views/voucher.py
@@ -14,6 +14,7 @@ from web.forms import VoucherForm
from web.models import Voucher, StudySubject, MailTemplate, Worker
from web.models.constants import GLOBAL_STUDY_ID, VOUCHER_STATUS_NEW, VOUCHER_STATUS_EXPIRED, CRON_JOB_TIMEOUT
from . import WrappedView
+from web.decorators import PermissionDecorator
logger = logging.getLogger(__name__)
@@ -27,7 +28,7 @@ class VoucherListView(ListView, WrappedView):
def voucher_types_for_study_subject(study_subject_id):
return StudySubject.objects.get(id=study_subject_id).voucher_types.all()
-
+PermissionDecorator('change_voucher', 'configuration')
class VoucherCreateView(CreateView, WrappedView):
form_class = VoucherForm
model = Voucher
@@ -60,7 +61,7 @@ class VoucherCreateView(CreateView, WrappedView):
kwargs['voucher_types'] = voucher_types_for_study_subject(self.request.GET.get("study_subject_id", -1))
return kwargs
-
+PermissionDecorator('change_voucher', 'configuration')
class VoucherEditView(SuccessMessageMixin, UpdateView, WrappedView):
form_class = VoucherForm
model = Voucher
diff --git a/smash/web/views/voucher_type.py b/smash/web/views/voucher_type.py
index 5cb45eb5..82df7343 100644
--- a/smash/web/views/voucher_type.py
+++ b/smash/web/views/voucher_type.py
@@ -8,14 +8,14 @@ from web.forms import VoucherTypeForm
from web.models import VoucherType
from web.models.constants import GLOBAL_STUDY_ID
from . import WrappedView
-
+from web.decorators import PermissionDecorator
class VoucherTypeListView(ListView, WrappedView):
model = VoucherType
context_object_name = "voucher_types"
template_name = 'voucher_types/list.html'
-
+PermissionDecorator('change_vouchertype', 'configuration')
class VoucherTypeCreateView(CreateView, WrappedView):
form_class = VoucherTypeForm
model = VoucherType
@@ -28,7 +28,7 @@ class VoucherTypeCreateView(CreateView, WrappedView):
form.instance.study_id = GLOBAL_STUDY_ID
return super(VoucherTypeCreateView, self).form_valid(form)
-
+PermissionDecorator('change_vouchertype', 'configuration')
class VoucherTypeEditView(UpdateView, WrappedView):
form_class = VoucherTypeForm
model = VoucherType
diff --git a/smash/web/views/worker.py b/smash/web/views/worker.py
index afce0e4a..5031923d 100644
--- a/smash/web/views/worker.py
+++ b/smash/web/views/worker.py
@@ -24,7 +24,7 @@ def worker_list(request, worker_type=WORKER_STAFF):
return wrap_response(request, "doctors/index.html", context)
-@PermissionDecorator('add_worker')
+@PermissionDecorator('add_worker', 'configuration')
def worker_add(request, worker_type):
if request.method == 'POST':
form = WorkerForm(request.POST, request.FILES, worker_type=worker_type)
@@ -36,7 +36,7 @@ def worker_add(request, worker_type):
return wrap_response(request, 'doctors/add.html', {'form': form, "worker_type": worker_type})
-@PermissionDecorator('change_worker')
+@PermissionDecorator('change_worker', 'configuration')
def worker_edit(request, worker_id):
worker = get_object_or_404(Worker, id=worker_id)
worker_type = worker_type_by_worker(worker)
@@ -66,14 +66,14 @@ def worker_disable(request, doctor_id):
the_doctor.disable()
return worker_list(request)
-@PermissionDecorator('change_worker')
+@PermissionDecorator('change_worker', 'configuration')
def worker_availability_delete(request, availability_id):
availability = Availability.objects.filter(id=availability_id)
doctor_id = availability[0].person.id
availability.delete()
return redirect(worker_edit, worker_id=doctor_id)
-@PermissionDecorator('change_worker')
+@PermissionDecorator('change_worker', 'configuration')
def worker_availability_add(request, doctor_id):
worker = get_object_or_404(Worker, id=doctor_id)
if request.method == 'POST':
@@ -90,7 +90,7 @@ def worker_availability_add(request, doctor_id):
'doctor_name': unicode(worker)
})
-@PermissionDecorator('change_worker')
+@PermissionDecorator('change_worker', 'configuration')
def worker_availability_edit(request, availability_id):
availability = get_object_or_404(Availability, id=availability_id)
if request.method == 'POST':
@@ -107,14 +107,14 @@ def worker_availability_edit(request, availability_id):
'doctor_id': availability.person_id,
})
-@PermissionDecorator('change_worker')
+@PermissionDecorator('change_worker', 'configuration')
def worker_holiday_delete(request, holiday_id):
holiday = Holiday.objects.filter(id=holiday_id)
doctor_id = holiday[0].person.id
holiday.delete()
return redirect(worker_edit, worker_id=doctor_id)
-@PermissionDecorator('change_worker')
+@PermissionDecorator('change_worker', 'configuration')
def worker_holiday_add(request, doctor_id):
doctors = Worker.objects.filter(id=doctor_id)
doctor = None
--
GitLab