Permalink
Browse files

add security perms for views

  • Loading branch information...
yomguy committed Dec 19, 2014
1 parent 89f0b76 commit 23444e4696c74427d8e1de2d99de17c373649418
Showing with 50 additions and 4 deletions.
  1. +14 −1 telemeta/views/collection.py
  2. +1 −1 telemeta/views/core.py
  3. +14 −2 telemeta/views/item.py
  4. +21 −0 telemeta/views/resource.py
@@ -324,6 +324,10 @@ def get_context_data(self, **kwargs):
context['collection'] = collection
return context
+ @method_decorator(permission_required('telemeta.change_mediacollection'))
+ def dispatch(self, *args, **kwargs):
+ return super(CollectionEditView, self).dispatch(*args, **kwargs)
+
class CollectionAddView(CollectionViewMixin, CreateWithInlinesView):
@@ -333,6 +337,10 @@ class CollectionAddView(CollectionViewMixin, CreateWithInlinesView):
def get_success_url(self):
return reverse_lazy('telemeta-collection-detail', kwargs={'public_id':self.object.code})
+ @method_decorator(permission_required('telemeta.add_mediacollection'))
+ def dispatch(self, *args, **kwargs):
+ return super(CollectionAddView, self).dispatch(*args, **kwargs)
+
class CollectionCopyView(CollectionAddView):
@@ -348,4 +356,9 @@ def get_context_data(self, **kwargs):
context = super(CollectionCopyView, self).get_context_data(**kwargs)
collection = self.get_object()
context['collection'] = collection
- return context
+ return context
+
+ @method_decorator(permission_required('telemeta.add_mediacollection'))
+ def dispatch(self, *args, **kwargs):
+ return super(CollectionCopyView, self).dispatch(*args, **kwargs)
+
View
@@ -52,7 +52,7 @@
from django.contrib.auth import authenticate, login
from django.template import RequestContext, loader
from django import template
-from django.http import HttpResponse, HttpResponseRedirect
+from django.http import HttpResponse, HttpResponseRedirect, StreamingHttpResponse
from django.http import Http404
from django.shortcuts import render_to_response, redirect, get_object_or_404
from django.views.generic import *
View
@@ -585,10 +585,10 @@ def item_export(self, request, public_id, extension):
metadata=None
proc.set_metadata(metadata)
- response = HttpResponse(stream_from_processor(decoder, proc, flag), mimetype = mime_type)
+ response = HttpResponse(stream_from_processor(decoder, proc, flag), mimetype=mime_type)
else:
# cache > stream
- response = HttpResponse(self.cache_export.read_stream_bin(file), mimetype = mime_type)
+ response = HttpResponse(self.cache_export.read_stream_bin(file), mimetype=mime_type)
response['Content-Disposition'] = 'attachment'
return response
@@ -764,6 +764,10 @@ def get_context_data(self, **kwargs):
context['auto_zoom'] = True
return context
+ @method_decorator(permission_required('telemeta.change_mediaitem'))
+ def dispatch(self, *args, **kwargs):
+ return super(ItemEditView, self).dispatch(*args, **kwargs)
+
class ItemAddView(ItemViewMixin, CreateWithInlinesView):
@@ -786,6 +790,10 @@ def get_initial(self):
def get_success_url(self):
return reverse_lazy('telemeta-item-detail', kwargs={'public_id':self.object.code})
+ @method_decorator(permission_required('telemeta.add_mediaitem'))
+ def dispatch(self, *args, **kwargs):
+ return super(ItemAddView, self).dispatch(*args, **kwargs)
+
class ItemCopyView(ItemAddView):
@@ -812,6 +820,10 @@ def get_context_data(self, **kwargs):
context['auto_zoom'] = True
return context
+ @method_decorator(permission_required('telemeta.add_mediaitem'))
+ def dispatch(self, *args, **kwargs):
+ return super(ItemCopyView, self).dispatch(*args, **kwargs)
+
class ItemDetailView(ItemViewMixin, DetailView):
View
@@ -300,6 +300,11 @@ def get_queryset(self):
def get_success_url(self):
return reverse_lazy('telemeta-resource-list', kwargs={'type':self.kwargs['type']})
+ @method_decorator(permission_required('telemeta.add_mediacorpus'))
+ @method_decorator(permission_required('telemeta.add_mediafonds'))
+ def dispatch(self, *args, **kwargs):
+ return super(ResourceAddView, self).dispatch(*args, **kwargs)
+
class ResourceCopyView(ResourceSingleMixin, ResourceAddView):
@@ -312,6 +317,11 @@ def get_success_url(self):
return reverse_lazy('telemeta-resource-list', kwargs={'type':self.kwargs['type']})
# return reverse_lazy('telemeta-resource-detail', kwargs={'type':self.kwargs['type'], 'public_id':self.kwargs['public_id']})
+ @method_decorator(permission_required('telemeta.add_mediacorpus'))
+ @method_decorator(permission_required('telemeta.add_mediafonds'))
+ def dispatch(self, *args, **kwargs):
+ return super(ResourceCopyView, self).dispatch(*args, **kwargs)
+
class ResourceDeleteView(ResourceSingleMixin, DeleteView):
@@ -320,10 +330,21 @@ class ResourceDeleteView(ResourceSingleMixin, DeleteView):
def get_success_url(self):
return reverse_lazy('telemeta-resource-list', kwargs={'type':self.kwargs['type']})
+ @method_decorator(permission_required('telemeta.delete_mediacorpus'))
+ @method_decorator(permission_required('telemeta.delete_mediafonds'))
+ def dispatch(self, *args, **kwargs):
+ return super(ResourceDeleteView, self).dispatch(*args, **kwargs)
+
class ResourceEditView(ResourceSingleMixin, UpdateWithInlinesView):
template_name = 'telemeta/resource_edit.html'
def get_success_url(self):
return reverse_lazy('telemeta-resource-detail', kwargs={'type':self.kwargs['type'], 'public_id':self.kwargs['public_id']})
+
+ @method_decorator(permission_required('telemeta.change_mediacorpus'))
+ @method_decorator(permission_required('telemeta.change_mediafonds'))
+ def dispatch(self, *args, **kwargs):
+ return super(ResourceEditView, self).dispatch(*args, **kwargs)
+

0 comments on commit 23444e4

Please sign in to comment.