MicroPyramid · ashwin31 · Jul 24, 2016 · Jul 18, 2016 · Jul 18, 2016 · Jul 18, 2016
diff --git a/django_blog_it/django_blog_it/mixins.py b/django_blog_it/django_blog_it/mixins.py
@@ -17,12 +17,32 @@ def dispatch(self, request, *args, **kwargs):
         user = self.request.user
         if not (user.is_authenticated and user.is_active):
             return HttpResponseRedirect('/dashboard/')
-        if not user.is_superuser:
+        user_role = UserRole.objects.filter(user=request.user).last()
+        if user_role:
+            user_role = True if user_role.role == "Admin" else False
+        else:
+            user_role = False
+        if not (user.is_superuser or user_role):
             messages.warning(request, "You don't have permission")
             return HttpResponseRedirect(request.META.get('HTTP_REFERER', "/"))
         return super(AdminOnlyMixin, self).dispatch(request, *args, **kwargs)
 
 
+class AuthorNotAllowedMixin(object):
+
+    def dispatch(self, request, *args, **kwargs):
+        user = self.request.user
+        if not (user.is_authenticated and user.is_active):
+            return HttpResponseRedirect('/dashboard/')
+        user_role = UserRole.objects.filter(user=request.user).last()
+        if user_role:
+            user_role = user_role.role in ["Admin", "Publisher"]
+        if not (user.is_superuser or user_role):
+            messages.warning(request, "You don't have permission")
+            return HttpResponseRedirect(request.META.get('HTTP_REFERER', "/"))
+        return super(AuthorNotAllowedMixin, self).dispatch(request, *args, **kwargs)
+
+
 class AdminMixin(object):
 
     def dispatch(self, request, *args, **kwargs):
@@ -39,7 +59,7 @@ def dispatch(self, request, *args, **kwargs):
 class PostAccessRequiredMixin(object):
 
     def dispatch(self, request, *args, **kwargs):
-        self.object = get_object_or_404(Post, slug=kwargs['blog_slug'])
+        self.object = get_object_or_404(Post, slug=kwargs.get('blog_slug'))
 
         # Checking the permissions
         if not(
@@ -48,6 +68,7 @@ def dispatch(self, request, *args, **kwargs):
             get_user_role(request.user) != 'Author'
         ):
             # TODO: Add "PermissionDenied" message
+            messages.warning(request, "You don't have permission")
             return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
 
         return super(PostAccessRequiredMixin, self).dispatch(

diff --git a/django_blog_it/django_blog_it/models.py b/django_blog_it/django_blog_it/models.py
@@ -144,13 +144,13 @@ def email_to_admins_on_post_create(self):
             user = self.user
             author_name = user.first_name + user.last_name if user.first_name else user.email
             text = "New blog post has been created by {0} with the name {1} in the category {2}.".format(author_name, self.title, self.category.name)
-            print(send_mail(
+            send_mail(
                 subject="New Blog Post created",
                 message=text,
                 from_email=email,
                 recipient_list=admin_emails,
                 fail_silently=False,
-            ))
+            )
 
 
 def create_slug(tempslug):

diff --git a/django_blog_it/django_blog_it/templates/dashboard/blog/new_blog_list.html b/django_blog_it/django_blog_it/templates/dashboard/blog/new_blog_list.html
@@ -23,7 +23,7 @@
         </div>
         <div class="filters_row">
             <div class="col-md-6 filter_left">
-                {% if request.user.is_superuser %}
+                {% if request.user.is_superuser or request.user.userrole_set.last.role == "Admin"%}
                 <div class="bulk_button" style="display:none">
                   <form class="bulk_actions_form" method='get'>
                     {% csrf_token %}
@@ -59,10 +59,13 @@
               <div class="container-fluid">
                 {% paginate 5 blog_list %}
                 {% show_pageitems %}
+            {% with request.user.userrole_set.last as user_role %}
                 <table class="table table-bordered table-striped" id="my_table">
                     <thead>
                         <tr>
+                        {% if request.user.is_superuser or user_role.role == "Admin"%}
                             <th width="5%" class="text-center"><input name="bulk_actions" id="selectAll" type="checkbox"></th>
+                        {% endif %}
                             <th width="30%">Title</th>
                             <th width="10%">Author</th>
                             <th width="15%">Category</th>
@@ -74,7 +77,10 @@
                     {% for blog in blog_list %}
                         <tbody>
                             <tr>
-                                <td class="text-center"><input name="bulk_actions" class="bulk_actions" value="{{ blog.id }}" type="checkbox"></td>
+                            {% if request.user.is_superuser or user_role.role == "Admin"%}
+                                <td class="text-center"><input name="bulk_actions" class="bulk_actions" value="{{ blog.id }}" type="checkbox">
+                                </td>
+                            {% endif %}
                                 <td><a href="#">{{ blog.title }}</a></td>
                                 <td>{{ blog.user }}</td>
                                 <td>{{ blog.category }}</td>
@@ -117,6 +123,7 @@
 
                     {% endfor %}
                 </table>
+            {% endwith %}
             <!-- end div of table -->
 
             <!-- pagination -->

diff --git a/django_blog_it/django_blog_it/templates/dashboard/category/new_categories_list.html b/django_blog_it/django_blog_it/templates/dashboard/category/new_categories_list.html
@@ -10,6 +10,7 @@
 </style>
 {% endblock %}
 {% block content %}
+{% with request.user.userrole_set.last as user_role %}
     <div class="row no_row_margin heading_count">
       <div class="heading col-md-6">Categories</div>
       <div class="count_add-new col-md-6 text-right">
@@ -21,7 +22,7 @@
     </div>
     <div class="filters_row">
       <div class="col-md-6 filter_left">
-        {% if request.user.is_superuser %}
+        {% if request.user.is_superuser or user_role.role == "Admin" %}
           <form class="bulk_actions_form" method='get'>
             {% csrf_token %}
             <select class="form-control" name="bulk_actions_select" id='bulk_actions_select'>
@@ -56,26 +57,33 @@
             <table class="table table-bordered table-striped" id="my_table">
                 <thead>
                     <tr>
+                    {% if request.user.is_superuser or user_role.role == "Admin" %}
                         <th width="5%" class="text-center"><input name="bulk_actions" id="selectAll" type="checkbox"></th>
-                        <th width='40%'>Title</th>
+                    {% endif %}
+                        <th width='30%'>Title</th>
                         <th width='10%' class="text-center">Status</th>
                         <th width="10%" class="text-center">Posts Count</th>
+                    {% if request.user.is_superuser or user_role.role == "Admin" %}
                         <th width='15%' colspan="2">Actions</th>
+                    {% endif %}
                     </tr>
                 </thead>
 
                 {% for category in categories_list %}
                     <tbody>
                         <tr>
-                            <td class="text-center"><input name="bulk_actions" class="bulk_actions" value="{{ category.id }}" type="checkbox"></td>
+                        {% if request.user.is_superuser or user_role.role == "Admin" %}
+                            <td class="text-center"><input name="bulk_actions" class="bulk_actions" value="{{ category.id }}" type="checkbox">
+                            </td>
+                        {% endif %}
                             <td><a href="#">{{ category.name }}</a></td>
                             <td class="status_on_off text-center">
                                 <a href="{% url 'category_status_update' category.slug %}" {% if category.is_active %}class="status_on" title="Active"{% else %}class="status_off" title="In-Active"{% endif %} data-toggle="tooltip" data-placement="bottom"><i class="fa fa-circle" aria-hidden="true"></i></a>
                             </td>
                             <td class="post_count text-center">
                                 <a href="#">{{ category.category_posts }}</a>
                             </td>
-                            {% if request.user.is_superuser or request.user == category.user or request.user|get_user_role_name != 'Author' %}
+                            {% if request.user.is_superuser or user_role.role == "Admin" %}
                                 <td class="actions">
                                     <a href="{% url 'edit_category' category_slug=category.slug %}" class="edit"><i class="fa fa-edit"></i> Edit</a><a href="{% url 'delete_category' category_slug=category.slug %}" class="delete" data-confirm="true"><i class="fa fa-trash-o"></i> Delete</a>
                                 </td>
@@ -97,6 +105,7 @@ <h2 align="center">There are no categories here!</h2>
           {% endif %}
         </div>
     </div>
+{% endwith %}
 {% endblock %}
 {% block js_script %}
 

diff --git a/django_blog_it/django_blog_it/templates/dashboard/menu/list.html b/django_blog_it/django_blog_it/templates/dashboard/menu/list.html
@@ -12,7 +12,7 @@
 </style>
 {% endblock %}
 {% block content %}
-
+{% with request.user.userrole_set.last as user_role %}
     <div class="row" id="head_style">
         <h1 align="center"><i class="fa fa-database"></i> Menus list</h1>
         <p align="center" class="lead">
@@ -22,7 +22,7 @@ <h1 align="center"><i class="fa fa-database"></i> Menus list</h1>
         </p>
          <!-- end div of add blog button -->
 
-            {% if request.user.is_superuser %}
+            {% if request.user.is_superuser or user_role.role == "Admin"%}
             <div class="bulk_button pull-left">
                <!-- Bulk actions -->
                 <div class="btn-group">
@@ -79,7 +79,9 @@ <h1 align="center"><i class="fa fa-database"></i> Menus list</h1>
             <table class="table table-bordered table-hover" id="my_table">
                 <thead>
                     <tr>
+                    {% if request.user.is_superuser or user_role.role == "Admin"%}
                         <th><input name="bulk_actions" id="selectAll" type="checkbox"></th>
+                    {% endif %}
                         <th>Title</th>
                         <th>Status</th>
                         <th colspan="2">Actions</th>
@@ -90,7 +92,9 @@ <h1 align="center"><i class="fa fa-database"></i> Menus list</h1>
                     {% recurse menu_list.menu_set.all|dictsort:"lvl"  with menu_list as menu_list %}
                     {% loop %}
                         <tr>
+                        {% if request.user.is_superuser or user_role.role == "Admin"%}
                             <td><input name="bulk_actions" class="bulk_actions" value="{{ menu_list.id }}" type="checkbox"></td>
+                        {% endif %}
                             <td class="pull-left">{% for i in level|add:"-1"|get_range %}------{% endfor %}{{ menu_list.title }}</td>
 
                             {% if menu_list.status %}
@@ -122,6 +126,7 @@ <h2 align="center">There are no menus here!</h2>
     {% endif %}
 
     </div>
+{% endwith %}
 {% endblock %}
 {% block js_script %}
 

diff --git a/django_blog_it/django_blog_it/templates/dashboard/menu/new_list.html b/django_blog_it/django_blog_it/templates/dashboard/menu/new_list.html
@@ -12,6 +12,7 @@
 </style>
 {% endblock %}
 {% block content %}
+{% with request.user.userrole_set.last as user_role %}
     <div class="row no_row_margin heading_count">
       <div class="heading col-md-6">Menu Items</div>
       <div class="count_add-new col-md-6 text-right">
@@ -23,7 +24,7 @@
     </div>
     <div class="filters_row">
         <div class="col-md-6 filter_left">
-        {% if request.user.is_superuser %}
+        {% if request.user.is_superuser or user_role.role == "Admin"%}
           <form class="bulk_actions_form" method='get'>
             {% csrf_token %}
             <select class="form-control" name="bulk_actions_select" id='bulk_actions_select'>
@@ -58,20 +59,26 @@
             <table class="table table-bordered table-striped" id="my_table">
                 <thead>
                     <tr>
+                    {% if request.user.is_superuser or user_role.role == "Admin"%}
                         <th width='5%' class="text-center"><input name="bulk_actions" id="selectAll" type="checkbox"></th>
+                    {% endif %}
                         <th width='40%'>Menu Title</th>
                         <th width='30%'>URL</th>
                         <th width="10%" class="text-center">Status</th>
+                    {% if request.user.is_superuser or user_role.role == "Admin"%}
                         <th width='15%' colspan="2">Actions</th>
+                    {% endif %}    
                     </tr>
                 </thead>
                 <tbody>
                 {% recurse menu_list.menu_set.all|dictsort:"lvl"  with menu_list as menu_list %}
                 {% loop %}
                     <tr>
+                    {% if request.user.is_superuser or user_role.role == "Admin"%}
                         <td class="text-center">
                             <input name="bulk_actions" class="bulk_actions" value="{{ menu_list.id }}" type="checkbox" />
                         </td>
+                    {% endif %}
                         <td class="{% if level|add:"-1"|get_range %}sub_menu{% endif %}">
                             {% for i in level|add:"-1"|get_range %}&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{% endfor %}<a href="#">{{ menu_list.title }}</a>
                         </td>
@@ -80,7 +87,7 @@
                             <a href="{% url 'menu_status_update' menu_list.id %}" {% if menu_list.status %}class="status_on" title="Active" {% else %}class="status_off" title="In Active"{% endif %} data-toggle="tooltip" data-placement="bottom"><i class="fa fa-circle" aria-hidden="true"></i></a>
                         </td>
 
-                        {% if request.user.is_superuser %}
+                        {% if request.user.is_superuser or user_role.role == "Admin"%}
                         <td class="actions">
                             <a href="{% url 'edit_menu' menu_list.id %}" class="edit"><i class="fa fa-edit"></i> Edit</a>
                             <a href="#" class="delete" data-confirm="true"><i class="fa fa-trash"></i> Delete</a>
@@ -104,6 +111,7 @@ <h2 align="center">There are no menus here!</h2>
         {% endif %}
         </div>
     </div>
+{% endwith %}
 {% endblock %}
 {% block js_script %}
     <script type="text/javascript">

diff --git a/django_blog_it/django_blog_it/templates/dashboard/new_base.html b/django_blog_it/django_blog_it/templates/dashboard/new_base.html
@@ -6,6 +6,7 @@
     <meta name="viewport" content="width=device-width, initial-scale=1">
     {% load staticfiles %}
     <!-- for online links -->
+    <link rel="shortcut icon" href="{%static 'images/favicon.png' %}">
     <link href='https://fonts.googleapis.com/css?family=Montserrat:400,700' rel='stylesheet' type='text/css'>
     <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css">
     <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css">
@@ -51,7 +52,11 @@
                   </li> -->
                   <li class="categories"><a href="{% url 'categories' %}">Categories </a></li>
                   <li class="menu"><a href="{% url 'menus' %}">Menu </a></li>
+              {% with request.user.userrole_set.last as user_role %}
+                {% if request.user.is_superuser or user_role.role == "Admin"%}
                   <li class="users"><a href="{% url 'users' %}">Users </a></li>
+                {% endif %}
+              {% endwith %}
                   <li class="pages"><a href="{% url 'pages' %}">Pages </a></li>
                   <li class="themes"><a href="{% url 'themes' %}">Themes</a></li>
                 </ul>

diff --git a/django_blog_it/django_blog_it/templates/dashboard/pages/new_list.html b/django_blog_it/django_blog_it/templates/dashboard/pages/new_list.html
@@ -10,6 +10,7 @@
 </style>
 {% endblock %}
 {% block content %}
+{% with request.user.userrole_set.last as user_role %}
   <div class="row no_row_margin heading_count">
     <div class="heading col-md-6">Pages</div>
     <div class="count_add-new col-md-6 text-right">
@@ -21,7 +22,7 @@
   </div>
   <div class="filters_row">
     <div class="col-md-6 filter_left">
-      {% if request.user.is_superuser %}
+      {% if request.user.is_superuser or user_role.role == "Admin"%}
         <form class="bulk_actions_form" method='get'>
           {% csrf_token %}
           <select class="form-control" name="bulk_actions_select" id='bulk_actions_select'>
@@ -56,23 +57,29 @@
       <table class="table table-bordered table-striped" id="my_table">
         <thead>
           <tr>
+          {% if request.user.is_superuser or user_role.role == "Admin"%}
             <th width='5%' class="text-center"><input name="bulk_actions" id="selectAll" type="checkbox"></th>
+          {% endif %}
             <th width='20%'>Title</th>
             <th width='10%'>Slug</th>
             <th width='5%' class="text-center">Status</th>
+          {% if request.user.is_superuser or user_role.role == "Admin"%}
             <th width='15%' colspan="3">Actions</th>
+          {% endif %}
           </tr>
         </thead>
         {% for page in pages_list %}
         <tbody>
           <tr>
+          {% if request.user.is_superuser or user_role.role == "Admin"%}
             <td class="text-center"><input name="bulk_actions" class="bulk_actions" value="{{ page.id }}" type="checkbox"></td>
+          {% endif %}
             <td><a href="#">{{ page.title }}</a></td>
             <td>{{ page.slug }}</td>
             <td class="status_on_off text-center">
               <a href="{% url 'page_status_update' page.slug %}" {% if page.is_active %}class="status_on" title="Active"{% else %}class="status_off" title="In-Active"{% endif %} data-toggle="tooltip" data-placement="bottom"><i class="fa fa-circle" aria-hidden="true"></i></a>
             </td>
-            {% if request.user.is_superuser or request.user|get_user_role_name != 'Author' %}
+            {% if request.user.is_superuser or user_role.role == "Admin"%}
             <td class="actions">
               <a href="{% url 'page_view' page_slug=page.slug %}" class="view"><i class="fa fa-eye"></i> View</a>
               <a href="{% url 'edit_page' page_slug=page.slug %}" class="edit"><i class="fa fa-edit"></i> Edit</a>
@@ -94,6 +101,7 @@ <h2 align="center">There are no pages here!</h2>
       {% endif %}
     </div>
   </div>
+{% endwith %}
 {% endblock %}
 {% block js_script %}
 <script type="text/javascript">