autonomic-cooperative/ojuso-map
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make sure users can only edit their own case studies

Browse Source
This commit is contained in:
Anna Sidwell 2019-03-04 20:03:43 +00:00
parent 07f9bed096
commit ab99c1c19c
2 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/map/admin.py
View File

@ -22,7 +22,7 @@ class CaseStudyAdminForm(forms.ModelForm):
class CaseStudyAdmin(LeafletGeoAdmin): class CaseStudyAdmin(LeafletGeoAdmin):
list_display = ('id', 'date_created', 'entry_name', 'approved') list_display = ('id', 'date_created', 'entry_name', 'approved', 'author')
actions = ['approve', 'unapprove'] actions = ['approve', 'unapprove']
form = CaseStudyAdminForm form = CaseStudyAdminForm

15
apps/map/views.py
View File

@ -1,7 +1,7 @@
import json import json
from django.conf import settings from django.conf import settings
from django.contrib.auth.mixins import LoginRequiredMixin from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
from django.core.mail import send_mail from django.core.mail import send_mail
from django.db.models import Q from django.db.models import Q
from django.http import Http404, HttpResponse from django.http import Http404, HttpResponse
@ -150,9 +150,20 @@ class BaseEditForm(LoginRequiredMixin, FilesHandlerMixin, UpdateView):
model = CaseStudy model = CaseStudy
class EditCaseStudy(BaseEditForm): class EditCaseStudy(UserPassesTestMixin, BaseEditForm):
form_class = ShortCaseStudyForm form_class = ShortCaseStudyForm
def test_func(self):
object = self.get_object()
if object.author:
author = object.author.id
else:
author = -1
return self.request.user.is_authenticated and (
author is self.request.user.id
)
class SpatialRefSysAutocomplete(autocomplete.Select2QuerySetView): class SpatialRefSysAutocomplete(autocomplete.Select2QuerySetView):
def get_queryset(self): def get_queryset(self):