Commit 49be0dd9 authored by Thijs de Jong's avatar Thijs de Jong

Merge branch 'fix/pizzas-admin-views-organiser' into 'master'

Fix permission in admin views of pizzas

See merge request !1345
parents b37c42a4 bccb5528
......@@ -40,6 +40,14 @@ pizzas.apps module
:undoc-members:
:show-inheritance:
pizzas.decorators module
------------------------
.. automodule:: pizzas.decorators
:members:
:undoc-members:
:show-inheritance:
pizzas.models module
--------------------
......
......@@ -5,7 +5,7 @@ from django.utils.text import capfirst
from django.utils.translation import ugettext_lazy as _
from django.views.generic import TemplateView
from events.decorators import organiser_only
from pizzas.decorators import organiser_only
from payments.models import Payment
from pizzas.models import PizzaEvent, Order
......
"""The decorators defined by the pizzas package"""
from django.core.exceptions import PermissionDenied
from events import services
from pizzas.models import PizzaEvent
def organiser_only(view_function):
"""See OrganiserOnly"""
return OrganiserOnly(view_function)
class OrganiserOnly(object):
"""
Decorator that denies access to the page if:
1. There is no `pk` in the request
2. The specified pizza event does not exist
3. The user is no organiser of the specified pizza event
"""
def __init__(self, view_function):
self.view_function = view_function
def __call__(self, request, *args, **kwargs):
pizza_event = None
if 'pk' in kwargs:
try:
pizza_event = PizzaEvent.objects.get(pk=kwargs.get('pk'))
except PizzaEvent.DoesNotExist:
pass
if pizza_event and services.is_organiser(request.member,
pizza_event.event):
return self.view_function(request, *args, **kwargs)
raise PermissionDenied
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment