forked from mirrors/bookwyrm
Permission decorators for views
This commit is contained in:
parent
d78c271107
commit
9209039761
2 changed files with 7 additions and 2 deletions
|
@ -3,7 +3,7 @@ from io import BytesIO, TextIOWrapper
|
|||
from PIL import Image
|
||||
|
||||
from django.contrib.auth import authenticate, login, logout
|
||||
from django.contrib.auth.decorators import login_required
|
||||
from django.contrib.auth.decorators import login_required, permission_required
|
||||
from django.core.files.base import ContentFile
|
||||
from django.http import HttpResponseBadRequest, HttpResponseNotFound
|
||||
from django.shortcuts import redirect
|
||||
|
@ -141,6 +141,7 @@ def resolve_book(request):
|
|||
|
||||
|
||||
@login_required
|
||||
@permission_required('bookwyrm.edit_book', raise_exception=True)
|
||||
def edit_book(request, book_id):
|
||||
''' edit a book cool '''
|
||||
if not request.method == 'POST':
|
||||
|
@ -433,7 +434,9 @@ def import_data(request):
|
|||
return redirect('/import_status/%d' % (job.id,))
|
||||
return HttpResponseBadRequest()
|
||||
|
||||
|
||||
@login_required
|
||||
@permission_required('bookwyrm.create_invites', raise_exception=True)
|
||||
def create_invite(request):
|
||||
''' creates a user invite database entry '''
|
||||
form = forms.CreateInviteForm(request.POST)
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
''' views for pages you can go to in the application '''
|
||||
import re
|
||||
|
||||
from django.contrib.auth.decorators import login_required
|
||||
from django.contrib.auth.decorators import login_required, permission_required
|
||||
from django.db.models import Avg, Count, Q
|
||||
from django.http import HttpResponseBadRequest, HttpResponseNotFound,\
|
||||
JsonResponse
|
||||
|
@ -228,6 +228,7 @@ def invite_page(request, code):
|
|||
return TemplateResponse(request, 'invite.html', data)
|
||||
|
||||
@login_required
|
||||
@permission_required('bookwyrm.create_invites', raise_exception=True)
|
||||
def manage_invites(request):
|
||||
''' invite management page '''
|
||||
data = {
|
||||
|
@ -453,6 +454,7 @@ def book_page(request, book_id):
|
|||
|
||||
|
||||
@login_required
|
||||
@permission_required('bookwyrm.edit_book', raise_exception=True)
|
||||
def edit_book_page(request, book_id):
|
||||
''' info about a book '''
|
||||
book = books_manager.get_edition(book_id)
|
||||
|
|
Loading…
Reference in a new issue