add security perms for views

author Guillaume Pellerin <yomguy@parisson.com>

Fri, 19 Dec 2014 09:44:15 +0000 (10:44 +0100)

committer Guillaume Pellerin <yomguy@parisson.com>

Fri, 19 Dec 2014 09:44:15 +0000 (10:44 +0100)
author Guillaume Pellerin <yomguy@parisson.com>
Fri, 19 Dec 2014 09:44:15 +0000 (10:44 +0100)
committer Guillaume Pellerin <yomguy@parisson.com>
Fri, 19 Dec 2014 09:44:15 +0000 (10:44 +0100)
diff --git a/telemeta/views/collection.py b/telemeta/views/collection.py

index db5916eb98107641b32b6bf15ec00640e4f1b03d..252ee112ad87f92a0e29ed1b409b41ff83917ec5 100644 (file)
--- a/telemeta/views/collection.py
+++ b/telemeta/views/collection.py
@@ -324,6 +324,10 @@ class CollectionEditView(CollectionViewMixin, UpdateWithInlinesView):
          context['collection'] = collection
          return context
  
+    @method_decorator(permission_required('telemeta.change_mediacollection'))
+    def dispatch(self, *args, **kwargs):
+        return super(CollectionEditView, self).dispatch(*args, **kwargs)
+
  
  class CollectionAddView(CollectionViewMixin, CreateWithInlinesView):
  
@@ -333,6 +337,10 @@ class CollectionAddView(CollectionViewMixin, CreateWithInlinesView):
      def get_success_url(self):
          return reverse_lazy('telemeta-collection-detail', kwargs={'public_id':self.object.code})
  
+    @method_decorator(permission_required('telemeta.add_mediacollection'))
+    def dispatch(self, *args, **kwargs):
+        return super(CollectionAddView, self).dispatch(*args, **kwargs)
+
  
  class CollectionCopyView(CollectionAddView):
  
@@ -348,4 +356,9 @@ class CollectionCopyView(CollectionAddView):
          context = super(CollectionCopyView, self).get_context_data(**kwargs)
          collection = self.get_object()
          context['collection'] = collection
-        return context
-\ No newline at end of file
+        return context
+
+    @method_decorator(permission_required('telemeta.add_mediacollection'))
+    def dispatch(self, *args, **kwargs):
+        return super(CollectionCopyView, self).dispatch(*args, **kwargs)
+
diff --git a/telemeta/views/core.py b/telemeta/views/core.py

index e69e609755279057f10c00f8341cdc9831e235f5..c98f3adeb5cfc1017b3f523c11e812a6bff0d8b1 100644 (file)
--- a/telemeta/views/core.py
+++ b/telemeta/views/core.py
@@ -52,7 +52,7 @@ from django.utils.decorators import method_decorator
  from django.contrib.auth import authenticate, login
  from django.template import RequestContext, loader
  from django import template
-from django.http import HttpResponse, HttpResponseRedirect
+from django.http import HttpResponse, HttpResponseRedirect, StreamingHttpResponse
  from django.http import Http404
  from django.shortcuts import render_to_response, redirect, get_object_or_404
  from django.views.generic import *
diff --git a/telemeta/views/item.py b/telemeta/views/item.py

index c70bebaa52dfacb78c9ed3c76ad00925932a5416..0daabfa34509ecab62673154b1727716095f3fc8 100644 (file)
--- a/telemeta/views/item.py
+++ b/telemeta/views/item.py
@@ -585,10 +585,10 @@ class ItemView(ItemBaseMixin):
                      metadata=None
                  proc.set_metadata(metadata)
  
-                response = HttpResponse(stream_from_processor(decoder, proc, flag), mimetype = mime_type)
+                response = HttpResponse(stream_from_processor(decoder, proc, flag), mimetype=mime_type)
              else:
                  # cache > stream
-                response = HttpResponse(self.cache_export.read_stream_bin(file), mimetype = mime_type)
+                response = HttpResponse(self.cache_export.read_stream_bin(file), mimetype=mime_type)
  
          response['Content-Disposition'] = 'attachment'
          return response
@@ -764,6 +764,10 @@ class ItemEditView(ItemViewMixin, UpdateWithInlinesView):
          context['auto_zoom'] = True
          return context
  
+    @method_decorator(permission_required('telemeta.change_mediaitem'))
+    def dispatch(self, *args, **kwargs):
+        return super(ItemEditView, self).dispatch(*args, **kwargs)
+
  
  class ItemAddView(ItemViewMixin, CreateWithInlinesView):
  
@@ -786,6 +790,10 @@ class ItemAddView(ItemViewMixin, CreateWithInlinesView):
      def get_success_url(self):
          return reverse_lazy('telemeta-item-detail', kwargs={'public_id':self.object.code})
  
+    @method_decorator(permission_required('telemeta.add_mediaitem'))
+    def dispatch(self, *args, **kwargs):
+        return super(ItemAddView, self).dispatch(*args, **kwargs)
+
  
  class ItemCopyView(ItemAddView):
  
@@ -812,6 +820,10 @@ class ItemCopyView(ItemAddView):
          context['auto_zoom'] = True
          return context
  
+    @method_decorator(permission_required('telemeta.add_mediaitem'))
+    def dispatch(self, *args, **kwargs):
+        return super(ItemCopyView, self).dispatch(*args, **kwargs)
+
  
  class ItemDetailView(ItemViewMixin, DetailView):
  
diff --git a/telemeta/views/resource.py b/telemeta/views/resource.py

index a4ab498ec9f4c0c8ba46d6510b860ff10319b2e1..710618c4c95cb0f68a4f38e5371055c5aab0a644 100644 (file)
--- a/telemeta/views/resource.py
+++ b/telemeta/views/resource.py
@@ -300,6 +300,11 @@ class ResourceAddView(ResourceMixin, CreateView):
      def get_success_url(self):
          return reverse_lazy('telemeta-resource-list', kwargs={'type':self.kwargs['type']})
  
+    @method_decorator(permission_required('telemeta.add_mediacorpus'))
+    @method_decorator(permission_required('telemeta.add_mediafonds'))
+    def dispatch(self, *args, **kwargs):
+        return super(ResourceAddView, self).dispatch(*args, **kwargs)
+
  
  class ResourceCopyView(ResourceSingleMixin, ResourceAddView):
  
@@ -312,6 +317,11 @@ class ResourceCopyView(ResourceSingleMixin, ResourceAddView):
          return reverse_lazy('telemeta-resource-list', kwargs={'type':self.kwargs['type']})
          # return reverse_lazy('telemeta-resource-detail', kwargs={'type':self.kwargs['type'], 'public_id':self.kwargs['public_id']})
  
+    @method_decorator(permission_required('telemeta.add_mediacorpus'))
+    @method_decorator(permission_required('telemeta.add_mediafonds'))
+    def dispatch(self, *args, **kwargs):
+        return super(ResourceCopyView, self).dispatch(*args, **kwargs)
+
  
  class ResourceDeleteView(ResourceSingleMixin, DeleteView):
  
@@ -320,6 +330,11 @@ class ResourceDeleteView(ResourceSingleMixin, DeleteView):
      def get_success_url(self):
           return reverse_lazy('telemeta-resource-list', kwargs={'type':self.kwargs['type']})
  
+    @method_decorator(permission_required('telemeta.delete_mediacorpus'))
+    @method_decorator(permission_required('telemeta.delete_mediafonds'))
+    def dispatch(self, *args, **kwargs):
+        return super(ResourceDeleteView, self).dispatch(*args, **kwargs)
+
  
  class ResourceEditView(ResourceSingleMixin, UpdateWithInlinesView):
  
@@ -327,3 +342,9 @@ class ResourceEditView(ResourceSingleMixin, UpdateWithInlinesView):
  
      def get_success_url(self):
          return reverse_lazy('telemeta-resource-detail', kwargs={'type':self.kwargs['type'], 'public_id':self.kwargs['public_id']})
+
+    @method_decorator(permission_required('telemeta.change_mediacorpus'))
+    @method_decorator(permission_required('telemeta.change_mediafonds'))
+    def dispatch(self, *args, **kwargs):
+        return super(ResourceEditView, self).dispatch(*args, **kwargs)
+
author	Guillaume Pellerin <yomguy@parisson.com>
	Fri, 19 Dec 2014 09:44:15 +0000 (10:44 +0100)
committer	Guillaume Pellerin <yomguy@parisson.com>
	Fri, 19 Dec 2014 09:44:15 +0000 (10:44 +0100)
telemeta/views/collection.py		patch \| blob \| history
telemeta/views/core.py		patch \| blob \| history
telemeta/views/item.py		patch \| blob \| history
telemeta/views/resource.py		patch \| blob \| history