CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-09 15:54:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Basic permission logic

Browse Source
This commit is contained in:
Raphael Michel
2014-09-12 21:51:50 +02:00
parent f20cec3caf
commit 1b579a7e45
6 changed files with 47 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/tixl/settings.py
View File

@@ -52,7 +52,7 @@ MIDDLEWARE_CLASSES = (
'django.contrib.auth.middleware.SessionAuthenticationMiddleware', 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware', 'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware',
'tixlcontrol.middleware.LoginRequiredMiddleware', 'tixlcontrol.middleware.PermissionMiddleware',
) )
TEMPLATE_CONTEXT_PROCESSORS = ( TEMPLATE_CONTEXT_PROCESSORS = (

4
src/tixlcontrol/context.py
View File

@@ -3,7 +3,9 @@ from django.core.urlresolvers import resolve
def contextprocessor(request): def contextprocessor(request):
return { ctx = {
'url_name': resolve(request.path_info).url_name, 'url_name': resolve(request.path_info).url_name,
'settings': settings, 'settings': settings,
} }
return ctx

55
src/tixlcontrol/middleware.py
View File

@@ -4,13 +4,18 @@ from django.utils.encoding import force_str
from django.utils.six.moves.urllib.parse import urlparse from django.utils.six.moves.urllib.parse import urlparse
from django.shortcuts import resolve_url from django.shortcuts import resolve_url
from django.contrib.auth import REDIRECT_FIELD_NAME from django.contrib.auth import REDIRECT_FIELD_NAME
from django.http import HttpResponseNotFound
from tixlbase.models import Event
class LoginRequiredMiddleware: class PermissionMiddleware:
""" """
This middleware enforces all requests to the control app This middleware enforces all requests to the control app
to require login. to require login.
Additionally, it enforces all requests to "control:event." URLs
to be for an event the user has basic access to.
""" """
EXCEPTIONS = ( EXCEPTIONS = (
@@ -18,22 +23,34 @@ class LoginRequiredMiddleware:
) )
def process_request(self, request): def process_request(self, request):
url = resolve(request.path_info)
url_namespace = url.namespace
url_name = url.url_name
if url_namespace != 'control' or url_name in self.EXCEPTIONS:
return
if not request.user.is_authenticated(): if not request.user.is_authenticated():
url_namespace = resolve(request.path_info).namespace # Taken from django/contrib/auth/decorators.py
url_name = resolve(request.path_info).url_name path = request.build_absolute_uri()
if url_namespace == 'control' and url_name not in self.EXCEPTIONS: # urlparse chokes on lazy objects in Python 3, force to str
# Taken from django/contrib/auth/decorators.py resolved_login_url = force_str(
path = request.build_absolute_uri() resolve_url(settings.LOGIN_URL_CONTROL))
# urlparse chokes on lazy objects in Python 3, force to str # If the login url is the same scheme and net location then just
resolved_login_url = force_str( # use the path as the "next" url.
resolve_url(settings.LOGIN_URL_CONTROL)) login_scheme, login_netloc = urlparse(resolved_login_url)[:2]
# If the login url is the same scheme and net location then just current_scheme, current_netloc = urlparse(path)[:2]
# use the path as the "next" url. if ((not login_scheme or login_scheme == current_scheme) and
login_scheme, login_netloc = urlparse(resolved_login_url)[:2] (not login_netloc or login_netloc == current_netloc)):
current_scheme, current_netloc = urlparse(path)[:2] path = request.get_full_path()
if ((not login_scheme or login_scheme == current_scheme) and from django.contrib.auth.views import redirect_to_login
(not login_netloc or login_netloc == current_netloc)): return redirect_to_login(
path = request.get_full_path() path, resolved_login_url, REDIRECT_FIELD_NAME)
from django.contrib.auth.views import redirect_to_login
return redirect_to_login( if 'event.' in url_name and 'event' in url.kwargs:
path, resolved_login_url, REDIRECT_FIELD_NAME) try:
request.event = Event.objects.get(
slug=url.kwargs['event'],
permitted__id__exact=request.user.id
)
except:
return HttpResponseNotFound(_("The selected event was not found or you have no permission to administrate it."))

2
src/tixlcontrol/templates/tixlcontrol/events/index.html
View File

@@ -16,7 +16,7 @@
<tbody> <tbody>
{% for e in events %} {% for e in events %}
<tr> <tr>
<td><strong><a href="">{{ e.name }}</a></strong></td> <td><strong><a href="{% url "control:event.index" event=e.slug %}">{{ e.name }}</a></strong></td>
<td>{{ e.organizer }}</td> <td>{{ e.organizer }}</td>
<td>{{ e.get_date_from_display }}</td> <td>{{ e.get_date_from_display }}</td>
<td>{{ e.get_date_to_display }}</td> <td>{{ e.get_date_to_display }}</td>

1
src/tixlcontrol/urls.py
View File

@@ -3,6 +3,7 @@ from tixlcontrol.views import main
urlpatterns = patterns('', urlpatterns = patterns('',
url(r'^$', 'tixlcontrol.views.main.index', name='index'), url(r'^$', 'tixlcontrol.views.main.index', name='index'),
url(r'^event/(?P<event>\w+)/$', 'tixlcontrol.views.event.index', name='event.index'),
url(r'^events/$', main.EventList.as_view(), name='events'), url(r'^events/$', main.EventList.as_view(), name='events'),
url(r'^logout$', 'tixlcontrol.views.auth.logout', name='auth.logout'), url(r'^logout$', 'tixlcontrol.views.auth.logout', name='auth.logout'),
url(r'^login$', 'tixlcontrol.views.auth.login', name='auth.login'), url(r'^login$', 'tixlcontrol.views.auth.login', name='auth.login'),

5
src/tixlcontrol/views/event.py Normal file
View File

@@ -0,0 +1,5 @@
from django.shortcuts import render
def index(request, event):
pass