mirror of
https://github.com/bookwyrm-social/bookwyrm.git
synced 2024-09-24 04:20:03 +00:00
Invite perms checks
This commit is contained in:
parent
1e988cae6c
commit
9d8d85ebc1
3 changed files with 17 additions and 3 deletions
|
@ -146,6 +146,13 @@ class SiteInvite(models.Model):
|
||||||
user = models.ForeignKey(User, on_delete=models.CASCADE)
|
user = models.ForeignKey(User, on_delete=models.CASCADE)
|
||||||
invitees = models.ManyToManyField(User, related_name="invitees")
|
invitees = models.ManyToManyField(User, related_name="invitees")
|
||||||
|
|
||||||
|
# pylint: disable=no-self-use
|
||||||
|
def raise_not_editable(self, viewer):
|
||||||
|
"""Admins only"""
|
||||||
|
if viewer.has_perm("bookwyrm.create_invites"):
|
||||||
|
return
|
||||||
|
raise PermissionDenied()
|
||||||
|
|
||||||
def valid(self):
|
def valid(self):
|
||||||
"""make sure it hasn't expired or been used"""
|
"""make sure it hasn't expired or been used"""
|
||||||
return (self.expiry is None or self.expiry > timezone.now()) and (
|
return (self.expiry is None or self.expiry > timezone.now()) and (
|
||||||
|
@ -169,6 +176,12 @@ class InviteRequest(BookWyrmModel):
|
||||||
invite_sent = models.BooleanField(default=False)
|
invite_sent = models.BooleanField(default=False)
|
||||||
ignored = models.BooleanField(default=False)
|
ignored = models.BooleanField(default=False)
|
||||||
|
|
||||||
|
def raise_not_editable(self, viewer):
|
||||||
|
"""Only check perms on edit, not create"""
|
||||||
|
if not self.id or viewer.has_perm("bookwyrm.create_invites"):
|
||||||
|
return
|
||||||
|
raise PermissionDenied()
|
||||||
|
|
||||||
def save(self, *args, **kwargs):
|
def save(self, *args, **kwargs):
|
||||||
"""don't create a request for a registered email"""
|
"""don't create a request for a registered email"""
|
||||||
if not self.id and User.objects.filter(email=self.email).exists():
|
if not self.id and User.objects.filter(email=self.email).exists():
|
||||||
|
|
|
@ -14,6 +14,7 @@ from bookwyrm.tests.validate_html import validate_html
|
||||||
class InviteViews(TestCase):
|
class InviteViews(TestCase):
|
||||||
"""every response to a get request, html or json"""
|
"""every response to a get request, html or json"""
|
||||||
|
|
||||||
|
# pylint: disable=invalid-name
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
"""we need basic test data and mocks"""
|
"""we need basic test data and mocks"""
|
||||||
self.factory = RequestFactory()
|
self.factory = RequestFactory()
|
||||||
|
|
|
@ -52,9 +52,9 @@ class ManageInvites(View):
|
||||||
if not form.is_valid():
|
if not form.is_valid():
|
||||||
return HttpResponseBadRequest(f"ERRORS: {form.errors}")
|
return HttpResponseBadRequest(f"ERRORS: {form.errors}")
|
||||||
|
|
||||||
invite = form.save(commit=False)
|
invite = form.save(request, commit=False)
|
||||||
invite.user = request.user
|
invite.user = request.user
|
||||||
invite.save()
|
invite.save(request)
|
||||||
|
|
||||||
paginated = Paginator(
|
paginated = Paginator(
|
||||||
models.SiteInvite.objects.filter(user=request.user).order_by(
|
models.SiteInvite.objects.filter(user=request.user).order_by(
|
||||||
|
@ -170,7 +170,7 @@ class InviteRequest(View):
|
||||||
received = False
|
received = False
|
||||||
if form.is_valid():
|
if form.is_valid():
|
||||||
received = True
|
received = True
|
||||||
form.save()
|
form.save(request)
|
||||||
|
|
||||||
data = {"request_form": form, "request_received": received}
|
data = {"request_form": form, "request_received": received}
|
||||||
return TemplateResponse(request, "landing/landing.html", data)
|
return TemplateResponse(request, "landing/landing.html", data)
|
||||||
|
|
Loading…
Reference in a new issue