mirror of
https://github.com/bookwyrm-social/bookwyrm.git
synced 2024-11-26 03:21:05 +00:00
Check permissions automatically on form save
This commit is contained in:
parent
2894aa37a2
commit
8f79b362f8
10 changed files with 19 additions and 23 deletions
|
@ -24,3 +24,8 @@ class CustomForm(ModelForm):
|
|||
input_type = "textarea"
|
||||
visible.field.widget.attrs["rows"] = 5
|
||||
visible.field.widget.attrs["class"] = css_classes[input_type]
|
||||
|
||||
def save(self, request, *args, **kwargs):
|
||||
"""Save and check perms"""
|
||||
self.instance.raise_not_editable(request.user)
|
||||
return super().save(*args, **kwargs)
|
||||
|
|
|
@ -48,8 +48,6 @@ class Goal(View):
|
|||
year = int(year)
|
||||
user = get_user_from_username(request.user, username)
|
||||
goal = models.AnnualGoal.objects.filter(year=year, user=user).first()
|
||||
if goal:
|
||||
goal.raise_not_editable(request.user)
|
||||
|
||||
form = forms.GoalForm(request.POST, instance=goal)
|
||||
if not form.is_valid():
|
||||
|
@ -59,7 +57,7 @@ class Goal(View):
|
|||
"year": year,
|
||||
}
|
||||
return TemplateResponse(request, "user/goal.html", data)
|
||||
goal = form.save()
|
||||
goal = form.save(request)
|
||||
|
||||
if request.POST.get("post-status"):
|
||||
# create status, if appropriate
|
||||
|
|
|
@ -52,7 +52,7 @@ class Group(View):
|
|||
form = forms.GroupForm(request.POST, instance=user_group)
|
||||
if not form.is_valid():
|
||||
return redirect("group", user_group.id)
|
||||
user_group = form.save()
|
||||
user_group = form.save(request)
|
||||
|
||||
# let the other members know something about the group changed
|
||||
memberships = models.GroupMember.objects.filter(group=user_group)
|
||||
|
@ -113,10 +113,8 @@ class UserGroups(View):
|
|||
if not form.is_valid():
|
||||
return redirect(request.user.local_path + "/groups")
|
||||
|
||||
group = form.save(commit=False)
|
||||
group.raise_not_editable(request.user)
|
||||
with transaction.atomic():
|
||||
group.save()
|
||||
group = form.save(request)
|
||||
# add the creator as a group member
|
||||
models.GroupMember.objects.create(group=group, user=request.user)
|
||||
return redirect("group", group.id)
|
||||
|
@ -129,10 +127,13 @@ class FindUsers(View):
|
|||
# this is mostly borrowed from the Get Started friend finder
|
||||
|
||||
def get(self, request, group_id):
|
||||
"""basic profile info"""
|
||||
"""Search for a user to add the a group, or load suggested users cache"""
|
||||
user_query = request.GET.get("user_query")
|
||||
group = get_object_or_404(models.Group, id=group_id)
|
||||
|
||||
# only users who can edit can add users
|
||||
group.raise_not_editable(request.user)
|
||||
|
||||
lists = (
|
||||
models.List.privacy_filter(request.user)
|
||||
.filter(group=group)
|
||||
|
|
|
@ -81,13 +81,12 @@ class List(View):
|
|||
def post(self, request, list_id):
|
||||
"""edit a list"""
|
||||
book_list = get_object_or_404(models.List, id=list_id)
|
||||
book_list.raise_not_editable(request.user)
|
||||
|
||||
form = forms.ListForm(request.POST, instance=book_list)
|
||||
if not form.is_valid():
|
||||
# this shouldn't happen
|
||||
raise Exception(form.errors)
|
||||
book_list = form.save()
|
||||
book_list = form.save(request)
|
||||
if not book_list.curation == "group":
|
||||
book_list.group = None
|
||||
book_list.save(broadcast=False)
|
||||
|
|
|
@ -16,10 +16,9 @@ class ListItem(View):
|
|||
def post(self, request, list_id, list_item):
|
||||
"""Edit a list item's notes"""
|
||||
list_item = get_object_or_404(models.ListItem, id=list_item, book_list=list_id)
|
||||
list_item.raise_not_editable(request.user)
|
||||
form = forms.ListItemForm(request.POST, instance=list_item)
|
||||
if form.is_valid():
|
||||
item = form.save(commit=False)
|
||||
item = form.save(request, commit=False)
|
||||
item.notes = to_markdown(item.notes)
|
||||
item.save()
|
||||
else:
|
||||
|
|
|
@ -36,8 +36,7 @@ class Lists(View):
|
|||
form = forms.ListForm(request.POST)
|
||||
if not form.is_valid():
|
||||
return redirect("lists")
|
||||
book_list = form.save(commit=False)
|
||||
book_list.raise_not_editable(request.user)
|
||||
book_list = form.save(request)
|
||||
|
||||
# list should not have a group if it is not group curated
|
||||
if not book_list.curation == "group":
|
||||
|
|
|
@ -159,7 +159,7 @@ class ReadThrough(View):
|
|||
models.ReadThrough, id=request.POST.get("id")
|
||||
)
|
||||
return TemplateResponse(request, "readthrough/readthrough.html", data)
|
||||
form.save()
|
||||
form.save(request)
|
||||
return redirect("book", book_id)
|
||||
|
||||
|
||||
|
|
|
@ -113,7 +113,6 @@ class Shelf(View):
|
|||
"""edit a shelf"""
|
||||
user = get_user_from_username(request.user, username)
|
||||
shelf = get_object_or_404(user.shelf_set, identifier=shelf_identifier)
|
||||
shelf.raise_not_editable(request.user)
|
||||
|
||||
# you can't change the name of the default shelves
|
||||
if not shelf.editable and request.POST.get("name") != shelf.name:
|
||||
|
@ -122,7 +121,7 @@ class Shelf(View):
|
|||
form = forms.ShelfForm(request.POST, instance=shelf)
|
||||
if not form.is_valid():
|
||||
return redirect(shelf.local_path)
|
||||
shelf = form.save()
|
||||
shelf = form.save(request)
|
||||
return redirect(shelf.local_path)
|
||||
|
||||
|
||||
|
|
|
@ -15,9 +15,7 @@ def create_shelf(request):
|
|||
if not form.is_valid():
|
||||
return redirect("user-shelves", request.user.localname)
|
||||
|
||||
shelf = form.save(commit=False)
|
||||
shelf.raise_not_editable(request.user)
|
||||
shelf.save()
|
||||
shelf = form.save(request)
|
||||
return redirect(shelf.local_path)
|
||||
|
||||
|
||||
|
|
|
@ -65,7 +65,6 @@ class CreateStatus(View):
|
|||
existing_status = get_object_or_404(
|
||||
models.Status.objects.select_subclasses(), id=existing_status_id
|
||||
)
|
||||
existing_status.raise_not_editable(request.user)
|
||||
existing_status.edited_date = timezone.now()
|
||||
|
||||
status_type = status_type[0].upper() + status_type[1:]
|
||||
|
@ -84,8 +83,7 @@ class CreateStatus(View):
|
|||
return HttpResponseBadRequest()
|
||||
return redirect("/")
|
||||
|
||||
status = form.save(commit=False)
|
||||
status.raise_not_editable(request.user)
|
||||
status = form.save(request)
|
||||
# save the plain, unformatted version of the status for future editing
|
||||
status.raw_content = status.content
|
||||
if hasattr(status, "quote"):
|
||||
|
|
Loading…
Reference in a new issue