From 3c4d34cce56dfb75e0e4115c3938ce5b2e6efd83 Mon Sep 17 00:00:00 2001 From: Jan Dittberner Date: Sat, 24 Jan 2015 15:38:08 +0100 Subject: [PATCH] implement viewmixins.StaffOrSelfLoginRequiredMixin --- viewmixins.py | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 viewmixins.py diff --git a/viewmixins.py b/viewmixins.py new file mode 100644 index 0000000..fc7f106 --- /dev/null +++ b/viewmixins.py @@ -0,0 +1,42 @@ +""" +This module defines mixins for gnuviechadmin views. + +""" +from __future__ import unicode_literals + +from django.http import HttpResponseForbidden +from django.utils.translation import ugettext as _ + +from braces.views import LoginRequiredMixin + + +class StaffOrSelfLoginRequiredMixin(LoginRequiredMixin): + """ + Mixin that makes sure that a user is logged in and matches the current + customer or is a staff user. + + """ + + def dispatch(self, request, *args, **kwargs): + if ( + request.user.is_staff or + request.user == self.get_customer_object() + ): + return super(StaffOrSelfLoginRequiredMixin, self).dispatch( + request, *args, **kwargs + ) + return HttpResponseForbidden( + _('You are not allowed to view this page.') + ) + + def get_customer_object(self): + """ + Views based on this mixin have to implement this method to return + the customer that must be an object of the same class as the + django.contrib.auth user type. + + :return: customer + :rtype: settings.AUTH_USER_MODEL + + """ + raise NotImplemented("subclass has to implement get_customer_object")