From: Emilie Date: Wed, 21 Sep 2016 16:23:54 +0000 (+0200) Subject: Person List: only admin user can access autocomplete url X-Git-Url: https://git.parisson.com/?a=commitdiff_plain;h=9ad7ece203327cedc32e3f1a18dce8e506476d35;p=mezzo.git Person List: only admin user can access autocomplete url --- diff --git a/app/organization/network/urls.py b/app/organization/network/urls.py index b1411764..25bc3cb2 100644 --- a/app/organization/network/urls.py +++ b/app/organization/network/urls.py @@ -3,7 +3,7 @@ from __future__ import unicode_literals import django.views.i18n from django.conf.urls import patterns, include, url from django.conf.urls.i18n import i18n_patterns - +from django.contrib.auth.decorators import permission_required from mezzanine.core.views import direct_to_template from mezzanine.conf import settings @@ -13,6 +13,6 @@ from organization.network.views import * urlpatterns = [ url(r'^(?P.*)/teams/$', TeamListView.as_view(), name="organization-network-team-list"), url(r'^person/(?P.*)/$', PersonDetailView.as_view(), name="organization-network-person-detail"), - url("^person-list-block-autocomplete/$", PersonListBlockAutocompleteView.as_view(), name='person-list-block-autocomplete'), - url("^person-autocomplete/$", PersonListView.as_view(), name='person-autocomplete'), + url("^person-list-block-autocomplete/$", permission_required('person.can_edit')(PersonListBlockAutocompleteView.as_view()), name='person-list-block-autocomplete'), + url("^person-autocomplete/$", permission_required('person.can_edit')(PersonListView.as_view()), name='person-autocomplete'), ] diff --git a/app/organization/network/views.py b/app/organization/network/views.py index 16233cae..e2d95898 100644 --- a/app/organization/network/views.py +++ b/app/organization/network/views.py @@ -84,8 +84,6 @@ class PersonListBlockAutocompleteView(autocomplete.Select2QuerySetView): class PersonListView(autocomplete.Select2QuerySetView): def get_queryset(self): - # if not self.request.is_authenticated(): - # return PersonListBlock.objects.none() qs = Person.objects.all() diff --git a/app/organization/pages/urls.py b/app/organization/pages/urls.py index 12d58fad..711bbf53 100644 --- a/app/organization/pages/urls.py +++ b/app/organization/pages/urls.py @@ -3,7 +3,7 @@ from __future__ import unicode_literals from django.conf.urls import patterns, include, url from django.conf.urls.i18n import i18n_patterns from django.contrib import admin - +from django.contrib.auth.decorators import permission_required from mezzanine.core.views import direct_to_template from mezzanine.conf import settings from organization.pages.views import * @@ -12,8 +12,8 @@ _slash = "/" if settings.APPEND_SLASH else "" urlpatterns = [ url("^$", HomeView.as_view(), name="home"), - url("^dynamic-content-home-slider/$", DynamicContentHomeSliderView.as_view(), name='dynamic-content-home-slider'), - url("^dynamic-content-home-body/$", DynamicContentHomeBodyView.as_view(), name='dynamic-content-home-body'), + url("^dynamic-content-home-slider/$", permission_required('home.can_edit')(DynamicContentHomeSliderView.as_view()), name='dynamic-content-home-slider'), + url("^dynamic-content-home-body/$", permission_required('home.can_edit')(DynamicContentHomeBodyView.as_view()), name='dynamic-content-home-body'), url("^home/$", HomeView.as_view(), name='organization-home'), ] diff --git a/app/organization/pages/views.py b/app/organization/pages/views.py index 387c51f5..eb14813d 100644 --- a/app/organization/pages/views.py +++ b/app/organization/pages/views.py @@ -1,5 +1,7 @@ from django.shortcuts import render from django.views.generic import DetailView, ListView, TemplateView +from django.contrib.auth.decorators import login_required +from django.utils.decorators import method_decorator from dal import autocomplete from dal_select2_queryset_sequence.views import Select2QuerySetSequenceView from django.core.urlresolvers import reverse, reverse_lazy @@ -31,6 +33,7 @@ class HomeView(SlugMixin, ListView): class DynamicContentHomeSliderView(Select2QuerySetSequenceView): + def get_queryset(self): articles = Article.objects.all() @@ -56,6 +59,7 @@ class DynamicContentHomeSliderView(Select2QuerySetSequenceView): class DynamicContentHomeBodyView(Select2QuerySetSequenceView): + def get_queryset(self): articles = Article.objects.all()