mirror of
https://github.com/bookwyrm-social/bookwyrm.git
synced 2024-11-27 12:01:14 +00:00
Permission decorators for views
This commit is contained in:
parent
d78c271107
commit
9209039761
2 changed files with 7 additions and 2 deletions
|
@ -3,7 +3,7 @@ from io import BytesIO, TextIOWrapper
|
||||||
from PIL import Image
|
from PIL import Image
|
||||||
|
|
||||||
from django.contrib.auth import authenticate, login, logout
|
from django.contrib.auth import authenticate, login, logout
|
||||||
from django.contrib.auth.decorators import login_required
|
from django.contrib.auth.decorators import login_required, permission_required
|
||||||
from django.core.files.base import ContentFile
|
from django.core.files.base import ContentFile
|
||||||
from django.http import HttpResponseBadRequest, HttpResponseNotFound
|
from django.http import HttpResponseBadRequest, HttpResponseNotFound
|
||||||
from django.shortcuts import redirect
|
from django.shortcuts import redirect
|
||||||
|
@ -141,6 +141,7 @@ def resolve_book(request):
|
||||||
|
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
|
@permission_required('bookwyrm.edit_book', raise_exception=True)
|
||||||
def edit_book(request, book_id):
|
def edit_book(request, book_id):
|
||||||
''' edit a book cool '''
|
''' edit a book cool '''
|
||||||
if not request.method == 'POST':
|
if not request.method == 'POST':
|
||||||
|
@ -433,7 +434,9 @@ def import_data(request):
|
||||||
return redirect('/import_status/%d' % (job.id,))
|
return redirect('/import_status/%d' % (job.id,))
|
||||||
return HttpResponseBadRequest()
|
return HttpResponseBadRequest()
|
||||||
|
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
|
@permission_required('bookwyrm.create_invites', raise_exception=True)
|
||||||
def create_invite(request):
|
def create_invite(request):
|
||||||
''' creates a user invite database entry '''
|
''' creates a user invite database entry '''
|
||||||
form = forms.CreateInviteForm(request.POST)
|
form = forms.CreateInviteForm(request.POST)
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
''' views for pages you can go to in the application '''
|
''' views for pages you can go to in the application '''
|
||||||
import re
|
import re
|
||||||
|
|
||||||
from django.contrib.auth.decorators import login_required
|
from django.contrib.auth.decorators import login_required, permission_required
|
||||||
from django.db.models import Avg, Count, Q
|
from django.db.models import Avg, Count, Q
|
||||||
from django.http import HttpResponseBadRequest, HttpResponseNotFound,\
|
from django.http import HttpResponseBadRequest, HttpResponseNotFound,\
|
||||||
JsonResponse
|
JsonResponse
|
||||||
|
@ -228,6 +228,7 @@ def invite_page(request, code):
|
||||||
return TemplateResponse(request, 'invite.html', data)
|
return TemplateResponse(request, 'invite.html', data)
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
|
@permission_required('bookwyrm.create_invites', raise_exception=True)
|
||||||
def manage_invites(request):
|
def manage_invites(request):
|
||||||
''' invite management page '''
|
''' invite management page '''
|
||||||
data = {
|
data = {
|
||||||
|
@ -453,6 +454,7 @@ def book_page(request, book_id):
|
||||||
|
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
|
@permission_required('bookwyrm.edit_book', raise_exception=True)
|
||||||
def edit_book_page(request, book_id):
|
def edit_book_page(request, book_id):
|
||||||
''' info about a book '''
|
''' info about a book '''
|
||||||
book = books_manager.get_edition(book_id)
|
book = books_manager.get_edition(book_id)
|
||||||
|
|
Loading…
Reference in a new issue