mirror of
https://github.com/bookwyrm-social/bookwyrm.git
synced 2025-06-07 08:18:50 +00:00
Check permissions automatically on form save
This commit is contained in:
Mouse Reeve
parent
2894aa37a2
commit
8f79b362f8
10 changed files with 19 additions and 23 deletions
|
|
@ -24,3 +24,8 @@ class CustomForm(ModelForm):
|
||||||
input_type = "textarea"
|
input_type = "textarea"
|
||||||
visible.field.widget.attrs["rows"] = 5
|
visible.field.widget.attrs["rows"] = 5
|
||||||
visible.field.widget.attrs["class"] = css_classes[input_type]
|
visible.field.widget.attrs["class"] = css_classes[input_type]
|
||||||
|
|
||||||
|
def save(self, request, *args, **kwargs):
|
||||||
|
"""Save and check perms"""
|
||||||
|
self.instance.raise_not_editable(request.user)
|
||||||
|
return super().save(*args, **kwargs)
|
||||||
|
|
|
||||||
|
|
@ -48,8 +48,6 @@ class Goal(View):
|
||||||
year = int(year)
|
year = int(year)
|
||||||
user = get_user_from_username(request.user, username)
|
user = get_user_from_username(request.user, username)
|
||||||
goal = models.AnnualGoal.objects.filter(year=year, user=user).first()
|
goal = models.AnnualGoal.objects.filter(year=year, user=user).first()
|
||||||
if goal:
|
|
||||||
goal.raise_not_editable(request.user)
|
|
||||||
|
|
||||||
form = forms.GoalForm(request.POST, instance=goal)
|
form = forms.GoalForm(request.POST, instance=goal)
|
||||||
if not form.is_valid():
|
if not form.is_valid():
|
||||||
|
|
@ -59,7 +57,7 @@ class Goal(View):
|
||||||
"year": year,
|
"year": year,
|
||||||
}
|
}
|
||||||
return TemplateResponse(request, "user/goal.html", data)
|
return TemplateResponse(request, "user/goal.html", data)
|
||||||
goal = form.save()
|
goal = form.save(request)
|
||||||
|
|
||||||
if request.POST.get("post-status"):
|
if request.POST.get("post-status"):
|
||||||
# create status, if appropriate
|
# create status, if appropriate
|
||||||
|
|
|
||||||
|
|
@ -52,7 +52,7 @@ class Group(View):
|
||||||
form = forms.GroupForm(request.POST, instance=user_group)
|
form = forms.GroupForm(request.POST, instance=user_group)
|
||||||
if not form.is_valid():
|
if not form.is_valid():
|
||||||
return redirect("group", user_group.id)
|
return redirect("group", user_group.id)
|
||||||
user_group = form.save()
|
user_group = form.save(request)
|
||||||
|
|
||||||
# let the other members know something about the group changed
|
# let the other members know something about the group changed
|
||||||
memberships = models.GroupMember.objects.filter(group=user_group)
|
memberships = models.GroupMember.objects.filter(group=user_group)
|
||||||
|
|
@ -113,10 +113,8 @@ class UserGroups(View):
|
||||||
if not form.is_valid():
|
if not form.is_valid():
|
||||||
return redirect(request.user.local_path + "/groups")
|
return redirect(request.user.local_path + "/groups")
|
||||||
|
|
||||||
group = form.save(commit=False)
|
|
||||||
group.raise_not_editable(request.user)
|
|
||||||
with transaction.atomic():
|
with transaction.atomic():
|
||||||
group.save()
|
group = form.save(request)
|
||||||
# add the creator as a group member
|
# add the creator as a group member
|
||||||
models.GroupMember.objects.create(group=group, user=request.user)
|
models.GroupMember.objects.create(group=group, user=request.user)
|
||||||
return redirect("group", group.id)
|
return redirect("group", group.id)
|
||||||
|
|
@ -129,10 +127,13 @@ class FindUsers(View):
|
||||||
# this is mostly borrowed from the Get Started friend finder
|
# this is mostly borrowed from the Get Started friend finder
|
||||||
|
|
||||||
def get(self, request, group_id):
|
def get(self, request, group_id):
|
||||||
"""basic profile info"""
|
"""Search for a user to add the a group, or load suggested users cache"""
|
||||||
user_query = request.GET.get("user_query")
|
user_query = request.GET.get("user_query")
|
||||||
group = get_object_or_404(models.Group, id=group_id)
|
group = get_object_or_404(models.Group, id=group_id)
|
||||||
|
|
||||||
|
# only users who can edit can add users
|
||||||
group.raise_not_editable(request.user)
|
group.raise_not_editable(request.user)
|
||||||
|
|
||||||
lists = (
|
lists = (
|
||||||
models.List.privacy_filter(request.user)
|
models.List.privacy_filter(request.user)
|
||||||
.filter(group=group)
|
.filter(group=group)
|
||||||
|
|
|
||||||
|
|
@ -81,13 +81,12 @@ class List(View):
|
||||||
def post(self, request, list_id):
|
def post(self, request, list_id):
|
||||||
"""edit a list"""
|
"""edit a list"""
|
||||||
book_list = get_object_or_404(models.List, id=list_id)
|
book_list = get_object_or_404(models.List, id=list_id)
|
||||||
book_list.raise_not_editable(request.user)
|
|
||||||
|
|
||||||
form = forms.ListForm(request.POST, instance=book_list)
|
form = forms.ListForm(request.POST, instance=book_list)
|
||||||
if not form.is_valid():
|
if not form.is_valid():
|
||||||
# this shouldn't happen
|
# this shouldn't happen
|
||||||
raise Exception(form.errors)
|
raise Exception(form.errors)
|
||||||
book_list = form.save()
|
book_list = form.save(request)
|
||||||
if not book_list.curation == "group":
|
if not book_list.curation == "group":
|
||||||
book_list.group = None
|
book_list.group = None
|
||||||
book_list.save(broadcast=False)
|
book_list.save(broadcast=False)
|
||||||
|
|
|
||||||
|
|
@ -16,10 +16,9 @@ class ListItem(View):
|
||||||
def post(self, request, list_id, list_item):
|
def post(self, request, list_id, list_item):
|
||||||
"""Edit a list item's notes"""
|
"""Edit a list item's notes"""
|
||||||
list_item = get_object_or_404(models.ListItem, id=list_item, book_list=list_id)
|
list_item = get_object_or_404(models.ListItem, id=list_item, book_list=list_id)
|
||||||
list_item.raise_not_editable(request.user)
|
|
||||||
form = forms.ListItemForm(request.POST, instance=list_item)
|
form = forms.ListItemForm(request.POST, instance=list_item)
|
||||||
if form.is_valid():
|
if form.is_valid():
|
||||||
item = form.save(commit=False)
|
item = form.save(request, commit=False)
|
||||||
item.notes = to_markdown(item.notes)
|
item.notes = to_markdown(item.notes)
|
||||||
item.save()
|
item.save()
|
||||||
else:
|
else:
|
||||||
|
|
|
||||||
|
|
@ -36,8 +36,7 @@ class Lists(View):
|
||||||
form = forms.ListForm(request.POST)
|
form = forms.ListForm(request.POST)
|
||||||
if not form.is_valid():
|
if not form.is_valid():
|
||||||
return redirect("lists")
|
return redirect("lists")
|
||||||
book_list = form.save(commit=False)
|
book_list = form.save(request)
|
||||||
book_list.raise_not_editable(request.user)
|
|
||||||
|
|
||||||
# list should not have a group if it is not group curated
|
# list should not have a group if it is not group curated
|
||||||
if not book_list.curation == "group":
|
if not book_list.curation == "group":
|
||||||
|
|
|
||||||
|
|
@ -159,7 +159,7 @@ class ReadThrough(View):
|
||||||
models.ReadThrough, id=request.POST.get("id")
|
models.ReadThrough, id=request.POST.get("id")
|
||||||
)
|
)
|
||||||
return TemplateResponse(request, "readthrough/readthrough.html", data)
|
return TemplateResponse(request, "readthrough/readthrough.html", data)
|
||||||
form.save()
|
form.save(request)
|
||||||
return redirect("book", book_id)
|
return redirect("book", book_id)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -113,7 +113,6 @@ class Shelf(View):
|
||||||
"""edit a shelf"""
|
"""edit a shelf"""
|
||||||
user = get_user_from_username(request.user, username)
|
user = get_user_from_username(request.user, username)
|
||||||
shelf = get_object_or_404(user.shelf_set, identifier=shelf_identifier)
|
shelf = get_object_or_404(user.shelf_set, identifier=shelf_identifier)
|
||||||
shelf.raise_not_editable(request.user)
|
|
||||||
|
|
||||||
# you can't change the name of the default shelves
|
# you can't change the name of the default shelves
|
||||||
if not shelf.editable and request.POST.get("name") != shelf.name:
|
if not shelf.editable and request.POST.get("name") != shelf.name:
|
||||||
|
|
@ -122,7 +121,7 @@ class Shelf(View):
|
||||||
form = forms.ShelfForm(request.POST, instance=shelf)
|
form = forms.ShelfForm(request.POST, instance=shelf)
|
||||||
if not form.is_valid():
|
if not form.is_valid():
|
||||||
return redirect(shelf.local_path)
|
return redirect(shelf.local_path)
|
||||||
shelf = form.save()
|
shelf = form.save(request)
|
||||||
return redirect(shelf.local_path)
|
return redirect(shelf.local_path)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -15,9 +15,7 @@ def create_shelf(request):
|
||||||
if not form.is_valid():
|
if not form.is_valid():
|
||||||
return redirect("user-shelves", request.user.localname)
|
return redirect("user-shelves", request.user.localname)
|
||||||
|
|
||||||
shelf = form.save(commit=False)
|
shelf = form.save(request)
|
||||||
shelf.raise_not_editable(request.user)
|
|
||||||
shelf.save()
|
|
||||||
return redirect(shelf.local_path)
|
return redirect(shelf.local_path)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -65,7 +65,6 @@ class CreateStatus(View):
|
||||||
existing_status = get_object_or_404(
|
existing_status = get_object_or_404(
|
||||||
models.Status.objects.select_subclasses(), id=existing_status_id
|
models.Status.objects.select_subclasses(), id=existing_status_id
|
||||||
)
|
)
|
||||||
existing_status.raise_not_editable(request.user)
|
|
||||||
existing_status.edited_date = timezone.now()
|
existing_status.edited_date = timezone.now()
|
||||||
|
|
||||||
status_type = status_type[0].upper() + status_type[1:]
|
status_type = status_type[0].upper() + status_type[1:]
|
||||||
|
|
@ -84,8 +83,7 @@ class CreateStatus(View):
|
||||||
return HttpResponseBadRequest()
|
return HttpResponseBadRequest()
|
||||||
return redirect("/")
|
return redirect("/")
|
||||||
|
|
||||||
status = form.save(commit=False)
|
status = form.save(request)
|
||||||
status.raise_not_editable(request.user)
|
|
||||||
# save the plain, unformatted version of the status for future editing
|
# save the plain, unformatted version of the status for future editing
|
||||||
status.raw_content = status.content
|
status.raw_content = status.content
|
||||||
if hasattr(status, "quote"):
|
if hasattr(status, "quote"):
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue