implement viewmixins.StaffOrSelfLoginRequiredMixin

viewmixins.py

@@ -0,0 +1,42 @@
+"""
+This module defines mixins for gnuviechadmin views.
+
+"""
+from __future__ import unicode_literals
+
+from django.http import HttpResponseForbidden
+from django.utils.translation import ugettext as _
+
+from braces.views import LoginRequiredMixin
+
+
+class StaffOrSelfLoginRequiredMixin(LoginRequiredMixin):
+    """
+    Mixin that makes sure that a user is logged in and matches the current
+    customer or is a staff user.
+
+    """
+
+    def dispatch(self, request, *args, **kwargs):
+        if (
+            request.user.is_staff or
+            request.user == self.get_customer_object()
+        ):
+            return super(StaffOrSelfLoginRequiredMixin, self).dispatch(
+                request, *args, **kwargs
+            )
+        return HttpResponseForbidden(
+            _('You are not allowed to view this page.')
+        )
+
+    def get_customer_object(self):
+        """
+        Views based on this mixin have to implement this method to return
+        the customer that must be an object of the same class as the
+        django.contrib.auth user type.
+
+        :return: customer
+        :rtype: settings.AUTH_USER_MODEL
+
+        """
+        raise NotImplemented("subclass has to implement get_customer_object")