Permission decorators for views

This commit is contained in:
Mouse Reeve 2020-10-01 12:59:38 -07:00
parent d78c271107
commit 9209039761
2 changed files with 7 additions and 2 deletions

View file

@ -3,7 +3,7 @@ from io import BytesIO, TextIOWrapper
from PIL import Image from PIL import Image
from django.contrib.auth import authenticate, login, logout from django.contrib.auth import authenticate, login, logout
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required, permission_required
from django.core.files.base import ContentFile from django.core.files.base import ContentFile
from django.http import HttpResponseBadRequest, HttpResponseNotFound from django.http import HttpResponseBadRequest, HttpResponseNotFound
from django.shortcuts import redirect from django.shortcuts import redirect
@ -141,6 +141,7 @@ def resolve_book(request):
@login_required @login_required
@permission_required('bookwyrm.edit_book', raise_exception=True)
def edit_book(request, book_id): def edit_book(request, book_id):
''' edit a book cool ''' ''' edit a book cool '''
if not request.method == 'POST': if not request.method == 'POST':
@ -433,7 +434,9 @@ def import_data(request):
return redirect('/import_status/%d' % (job.id,)) return redirect('/import_status/%d' % (job.id,))
return HttpResponseBadRequest() return HttpResponseBadRequest()
@login_required @login_required
@permission_required('bookwyrm.create_invites', raise_exception=True)
def create_invite(request): def create_invite(request):
''' creates a user invite database entry ''' ''' creates a user invite database entry '''
form = forms.CreateInviteForm(request.POST) form = forms.CreateInviteForm(request.POST)

View file

@ -1,7 +1,7 @@
''' views for pages you can go to in the application ''' ''' views for pages you can go to in the application '''
import re import re
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required, permission_required
from django.db.models import Avg, Count, Q from django.db.models import Avg, Count, Q
from django.http import HttpResponseBadRequest, HttpResponseNotFound,\ from django.http import HttpResponseBadRequest, HttpResponseNotFound,\
JsonResponse JsonResponse
@ -228,6 +228,7 @@ def invite_page(request, code):
return TemplateResponse(request, 'invite.html', data) return TemplateResponse(request, 'invite.html', data)
@login_required @login_required
@permission_required('bookwyrm.create_invites', raise_exception=True)
def manage_invites(request): def manage_invites(request):
''' invite management page ''' ''' invite management page '''
data = { data = {
@ -453,6 +454,7 @@ def book_page(request, book_id):
@login_required @login_required
@permission_required('bookwyrm.edit_book', raise_exception=True)
def edit_book_page(request, book_id): def edit_book_page(request, book_id):
''' info about a book ''' ''' info about a book '''
book = books_manager.get_edition(book_id) book = books_manager.get_edition(book_id)