Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

added request to can_edit callable in all cases and small tweak to mo…

…re lazily load can_edit callable
  • Loading branch information...
commit 76bac3731844fca2fcc575e1e18688f699f8b6f7 1 parent 1422d70
@brosner brosner authored
View
7 boxes/authorization.py
@@ -3,12 +3,12 @@
from boxes.utils import load_path_attr
-def default_can_edit(*args, **kwargs):
+def default_can_edit(request, *args, **kwargs):
"""
This is meant to be overridden in your project per domain specific
requirements.
"""
- return True
+ return request.user.is_staff
def load_can_edit():
@@ -18,6 +18,3 @@ def load_can_edit():
return default_can_edit
return load_path_attr(import_path)
-
-
-can_edit = load_can_edit()
View
9 boxes/templatetags/boxes_tags.py
@@ -6,7 +6,7 @@
from django.template.defaulttags import kwarg_re
from boxes.models import Box
-from boxes.authorization import can_edit
+from boxes.authorization import load_can_edit
register = template.Library()
@@ -43,6 +43,11 @@ def __init__(self, label, args, kwargs):
self.kwargs = kwargs
def render(self, context):
+ try:
+ request = context["request"]
+ except KeyError:
+ raise Exception("aaaa")
+
label = self.label.resolve(context)
args = [arg.resolve(context) for arg in self.args]
kwargs = dict([
@@ -50,7 +55,7 @@ def render(self, context):
for k, v in self.kwargs.items()
])
- show_edit_link = can_edit(*args, **kwargs)
+ show_edit_link = load_can_edit()(request, *args, **kwargs)
try:
box = Box.objects.get(label=label)
View
6 boxes/views.py
@@ -2,7 +2,7 @@
from django.shortcuts import get_object_or_404, render_to_response
from django.template import RequestContext
-from boxes.authorization import can_edit
+from boxes.authorization import load_can_edit
from boxes.forms import BoxForm
from boxes.models import Box
@@ -21,7 +21,7 @@ def get_auth_vars(request):
def box_edit(request, pk):
box = get_object_or_404(Box, pk=pk)
if request.method == "POST":
- #if not can_edit(**get_auth_vars(request)):
+ #if not load_can_edit()(request, **get_auth_vars(request)):
# return HttpResponseForbidden()
form = BoxForm(request.POST, instance=box)
@@ -40,7 +40,7 @@ def box_edit(request, pk):
def box_create(request, label):
if request.method == "POST":
- #if not can_edit(**get_auth_vars(request)):
+ #if not load_can_edit()(request, **get_auth_vars(request)):
# return HttpResponseForbidden()
form = BoxForm(request.POST)
Please sign in to comment.
Something went wrong with that request. Please try again.