-
Notifications
You must be signed in to change notification settings - Fork 1
/
permissions.py
42 lines (31 loc) 路 1.37 KB
/
permissions.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
from django.contrib import messages
from django.contrib.auth.mixins import UserPassesTestMixin
from django.utils.translation import gettext_lazy as _
from apps.sections.middleware.section_space import HttpRequest
from apps.sections.models import SectionMembership
class UserIsPrivilegedInCurrentSectionMixin(UserPassesTestMixin):
"""
View mixin checking wheever is logged user in privileged role (editor or admin)
in current section space.
"""
request: HttpRequest
permission_denied_message = _("Page is restricted to privileged roles.")
def test_func(self):
membership = self.request.membership
if self.request.user.is_superuser:
# superuser can do anything
if not self.request.htmx:
messages.warning(self.request, _("Accesing as superuser, be aware!"))
return True
if not membership:
# no membership? definitely no access
return False
if membership.section != self.request.in_space_of_section:
# TODO: should not happen? is always True?
# !membership OR (membership.section==in_space_of_section)
return False
if not SectionMembership.Role(membership.role).is_privileged:
# right section, but without sufficient role
return False
# TODO: check anything else?
return True