implement viewmixins.StaffOrSelfLoginRequiredMixin

2015-01-24 15:38:08 +01:00 · 2015-01-24 15:38:08 +01:00 · 3c4d34cce5
commit 3c4d34cce5
parent 546441d499
1 changed files with 42 additions and 0 deletions
--- a/viewmixins.py
+++ b/viewmixins.py
@ -0,0 +1,42 @@
+"""
+This module defines mixins for gnuviechadmin views.
+
+"""
+from __future__ import unicode_literals
+
+from django.http import HttpResponseForbidden
+from django.utils.translation import ugettext as _
+
+from braces.views import LoginRequiredMixin
+
+
+class StaffOrSelfLoginRequiredMixin(LoginRequiredMixin):
+    """
+    Mixin that makes sure that a user is logged in and matches the current
+    customer or is a staff user.
+
+    """
+
+    def dispatch(self, request, *args, **kwargs):
+        if (
+            request.user.is_staff or
+            request.user == self.get_customer_object()
+        ):
+            return super(StaffOrSelfLoginRequiredMixin, self).dispatch(
+                request, *args, **kwargs
+            )
+        return HttpResponseForbidden(
+            _('You are not allowed to view this page.')
+        )
+
+    def get_customer_object(self):
+        """
+        Views based on this mixin have to implement this method to return
+        the customer that must be an object of the same class as the
+        django.contrib.auth user type.
+
+        :return: customer
+        :rtype: settings.AUTH_USER_MODEL
+
+        """
+        raise NotImplemented("subclass has to implement get_customer_object")