From 443979379ba8b233da98b7d8559ab560a2762a98 Mon Sep 17 00:00:00 2001 From: Evan Hallein Date: Mon, 15 Jan 2024 14:20:42 +0800 Subject: [PATCH] group check wamtram2 views --- wamtram2/views.py | 52 +++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 46 insertions(+), 6 deletions(-) diff --git a/wamtram2/views.py b/wamtram2/views.py index c46dce4c5..aef138a70 100644 --- a/wamtram2/views.py +++ b/wamtram2/views.py @@ -5,7 +5,7 @@ from django.views import generic from django.conf import settings from wastd.utils import Breadcrumb -from django.http import HttpResponseRedirect +from django.http import HttpResponseRedirect, HttpResponseForbidden from .models import TrtTurtles,TrtTags,TrtPitTags, TrtEntryBatches,TrtDataEntry,TrtPersons,TrtObservations from .forms import TrtDataEntryForm, SearchForm, TrtEntryBatchesForm @@ -52,6 +52,12 @@ class EntryBatchesListView(LoginRequiredMixin,ListView): context_object_name = 'batches' paginate_by = 50 + def dispatch(self, request, *args, **kwargs): + # FIXME: Permission check + if not (request.user.groups.filter(name='Tagging Data Entry').exists() or request.user.groups.filter(name='Tagging Data Curation').exists() or request.user.is_superuser): + return HttpResponseForbidden("You do not have permission to view this record") + return super().dispatch(request, *args, **kwargs) + def get_queryset(self): """ Returns the queryset of objects for the list view. @@ -104,6 +110,12 @@ class EntryBatchDetailView(LoginRequiredMixin,FormMixin,generic.ListView): paginate_by = 50 form_class = TrtEntryBatchesForm + def dispatch(self, request, *args, **kwargs): + # FIXME: Permission check + if not (request.user.groups.filter(name='Tagging Data Entry').exists() or request.user.groups.filter(name='Tagging Data Curation').exists() or request.user.is_superuser): + return HttpResponseForbidden("You do not have permission to view this record") + return super().dispatch(request, *args, **kwargs) + def get(self, request, *args, **kwargs): """ Handle GET requests. @@ -208,6 +220,12 @@ class TrtDataEntryForm(LoginRequiredMixin, generic.FormView): template_name = 'wamtram2/trtdataentry_form.html' form_class = TrtDataEntryForm + def dispatch(self, request, *args, **kwargs): + # FIXME: Permission check + if not (request.user.groups.filter(name='Tagging Data Entry').exists() or request.user.groups.filter(name='Tagging Data Curation').exists() or request.user.is_superuser): + return HttpResponseForbidden("You do not have permission to view this record") + return super().dispatch(request, *args, **kwargs) + def get_form_kwargs(self): """ Returns the keyword arguments for instantiating the form. @@ -343,13 +361,19 @@ def get_context_data(self, **kwargs): -class DeleteBatchView(View): +class DeleteBatchView(LoginRequiredMixin,View): + def dispatch(self, request, *args, **kwargs): + # FIXME: Permission check + if not (request.user.groups.filter(name='Tagging Data Entry').exists() or request.user.groups.filter(name='Tagging Data Curation').exists() or request.user.is_superuser): + return HttpResponseForbidden("You do not have permission to view this record") + return super().dispatch(request, *args, **kwargs) + def get(self, request, batch_id): batch = get_object_or_404(TrtEntryBatches, entry_batch_id=batch_id) batch.delete() return redirect('wamtram2:entry_batches') -class ValidateDataEntryBatchView(View): +class ValidateDataEntryBatchView(LoginRequiredMixin,View): """ View class for validating a data entry batch. @@ -366,7 +390,12 @@ class ValidateDataEntryBatchView(View): - args: Additional positional arguments passed to the view. - kwargs: Additional keyword arguments passed to the view. """ - + def dispatch(self, request, *args, **kwargs): + # FIXME: Permission check + if not (request.user.groups.filter(name='Tagging Data Entry').exists() or request.user.groups.filter(name='Tagging Data Curation').exists() or request.user.is_superuser): + return HttpResponseForbidden("You do not have permission to view this record") + return super().dispatch(request, *args, **kwargs) + def get(self, request, *args, **kwargs): try: with connections['wamtram2'].cursor() as cursor: @@ -377,7 +406,7 @@ def get(self, request, *args, **kwargs): return redirect('wamtram2:entry_batch_detail', batch_id=self.kwargs['batch_id']) -class ProcessDataEntryBatchView(View): +class ProcessDataEntryBatchView(LoginRequiredMixin,View): """ View class for processing a data entry batch. @@ -399,6 +428,12 @@ class ProcessDataEntryBatchView(View): HttpResponseRedirect: Redirects the user to the detail page of the processed batch. """ + def dispatch(self, request, *args, **kwargs): + # FIXME: Permission check + if not (request.user.groups.filter(name='Tagging Data Entry').exists() or request.user.groups.filter(name='Tagging Data Curation').exists() or request.user.is_superuser): + return HttpResponseForbidden("You do not have permission to view this record") + return super().dispatch(request, *args, **kwargs) + def get(self, request, *args, **kwargs): try: with connections['wamtram2'].cursor() as cursor: @@ -412,6 +447,11 @@ class FindTurtleView(LoginRequiredMixin,View): """ View class for finding a turtle based on tag and pit tag ID. """ + def dispatch(self, request, *args, **kwargs): + # FIXME: Permission check + if not (request.user.groups.filter(name='Tagging Data Entry').exists() or request.user.groups.filter(name='Tagging Data Curation').exists() or request.user.is_superuser): + return HttpResponseForbidden("You do not have permission to view this record") + return super().dispatch(request, *args, **kwargs) def get(self, request, *args, **kwargs): batch_id = kwargs.get('batch_id') @@ -451,7 +491,7 @@ def post(self, request, *args, **kwargs): class ObservationDetailView(LoginRequiredMixin, generic.DetailView): model = TrtObservations template_name = 'wamtram2/observation_detail.html' - + def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) obj = get_object_or_404(TrtObservations, observation_id=self.kwargs.get('pk'))