Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
concrexit
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
70
Issues
70
List
Boards
Labels
Service Desk
Milestones
Merge Requests
10
Merge Requests
10
Operations
Operations
Incidents
Analytics
Analytics
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
thalia
concrexit
Commits
822f3506
Verified
Commit
822f3506
authored
Aug 04, 2019
by
Sébastiaan Versteeg
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix pizza order permissions
parent
35588448
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
21 additions
and
10 deletions
+21
-10
website/pizzas/admin.py
website/pizzas/admin.py
+17
-10
website/pizzas/admin_views.py
website/pizzas/admin_views.py
+4
-0
No files found.
website/pizzas/admin.py
View file @
822f3506
...
...
@@ -2,15 +2,14 @@ from django.conf import settings
from
django.contrib
import
admin
from
django.core.exceptions
import
PermissionDenied
from
django.urls
import
reverse
,
path
from
django.utils
import
timezone
from
django.utils.html
import
format_html
from
django.utils.translation
import
ugettext_lazy
as
_
from
events
import
services
from
events.services
import
is_organiser
from
pizzas
import
admin_views
from
utils.admin
import
DoNextModelAdmin
from
.models
import
Order
,
PizzaEvent
,
Product
from
events.models
import
Event
from
events.services
import
is_organiser
@
admin
.
register
(
Product
)
...
...
@@ -26,6 +25,7 @@ class PizzaEventAdmin(admin.ModelAdmin):
date_hierarchy
=
'start'
exclude
=
(
'end_reminder'
,)
search_fields
=
[
f'event__title_
{
l
[
0
]
}
'
for
l
in
settings
.
LANGUAGES
]
autocomplete_fields
=
(
'event'
,)
def
notification_enabled
(
self
,
obj
):
return
obj
.
send_notification
...
...
@@ -33,18 +33,25 @@ class PizzaEventAdmin(admin.ModelAdmin):
notification_enabled
.
admin_order_field
=
'send_notification'
notification_enabled
.
boolean
=
True
def
has_change_permission
(
self
,
request
,
obj
=
None
):
"""Only allow access to the change form if the user is an organiser"""
if
(
obj
is
not
None
and
not
services
.
is_organiser
(
request
.
member
,
obj
.
event
)):
return
False
return
super
().
has_change_permission
(
request
,
obj
)
def
has_delete_permission
(
self
,
request
,
obj
=
None
):
"""Only allow access to delete if the user is an organiser"""
if
(
obj
is
not
None
and
not
services
.
is_organiser
(
request
.
member
,
obj
.
event
)):
return
False
return
super
().
has_delete_permission
(
request
,
obj
)
def
orders
(
self
,
obj
):
url
=
reverse
(
'admin:pizzas_pizzaevent_details'
,
kwargs
=
{
'pk'
:
obj
.
pk
})
return
format_html
(
'<a href="{url}">{text}</a>'
,
url
=
url
,
text
=
_
(
"Orders"
))
def
formfield_for_foreignkey
(
self
,
db_field
,
request
,
**
kwargs
):
if
db_field
.
name
==
"event"
:
kwargs
[
"queryset"
]
=
Event
.
objects
.
filter
(
end__gte
=
timezone
.
now
())
return
super
(
PizzaEventAdmin
,
self
).
formfield_for_foreignkey
(
db_field
,
request
,
**
kwargs
)
def
get_urls
(
self
):
urls
=
super
().
get_urls
()
custom_urls
=
[
...
...
website/pizzas/admin_views.py
View file @
822f3506
"""Admin views provided by the pizzas package"""
from
django.shortcuts
import
get_object_or_404
from
django.utils.decorators
import
method_decorator
from
django.utils.text
import
capfirst
from
django.utils.translation
import
ugettext_lazy
as
_
from
django.views.generic
import
TemplateView
from
events.decorators
import
organiser_only
from
payments.models
import
Payment
from
pizzas.models
import
PizzaEvent
,
Order
@
method_decorator
(
organiser_only
,
name
=
'dispatch'
)
class
PizzaOrderSummary
(
TemplateView
):
template_name
=
'pizzas/admin/summary.html'
admin
=
None
...
...
@@ -57,6 +60,7 @@ class PizzaOrderSummary(TemplateView):
return
context
@
method_decorator
(
organiser_only
,
name
=
'dispatch'
)
class
PizzaOrderDetails
(
TemplateView
):
template_name
=
'pizzas/admin/orders.html'
admin
=
None
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment