From: yomguy Date: Fri, 25 Jan 2013 16:13:08 +0000 (+0100) Subject: add security to seminar pages access, redirect to desk X-Git-Tag: 0.9-probarreau~101 X-Git-Url: https://git.parisson.com/?a=commitdiff_plain;h=fed02c83d8050ec6b75e261190ef2927b800e2a7;p=teleforma.git add security to seminar pages access, redirect to desk --- diff --git a/teleforma/context_processors.py b/teleforma/context_processors.py index 8d97bf95..ec08417c 100644 --- a/teleforma/context_processors.py +++ b/teleforma/context_processors.py @@ -63,16 +63,16 @@ def seminar_progress(user, seminar): return 0 def seminar_validated(user, seminar): - validated = [False] + validated = [] questions = seminar.question.filter(status=3) if questions: for question in questions: - answers = Answer.objects.filter(question=question, user=user) + answers = Answer.objects.filter(question=question, user=user, + validated=True, treated=True) if answers: - if answers[0].validated: - validated.append(True) - else: - validated.append(False) + validated.append(True) + else: + validated.append(False) return not False in validated return False diff --git a/teleforma/templates/forms/includes/built_form.html b/teleforma/templates/forms/includes/built_form.html index 1a36c608..7bcf7d70 100644 --- a/teleforma/templates/forms/includes/built_form.html +++ b/teleforma/templates/forms/includes/built_form.html @@ -2,11 +2,11 @@

{{ form.intro }}

{% endif %} -
{% csrf_token %} {{ form_for_form.as_p }} - +
{{ form.button_text }}
diff --git a/teleforma/templates/teleforma/inc/question_list.html b/teleforma/templates/teleforma/inc/question_list.html index 1a4c1600..f87b7b7b 100644 --- a/teleforma/templates/teleforma/inc/question_list.html +++ b/teleforma/templates/teleforma/inc/question_list.html @@ -6,7 +6,7 @@ {% for question in questions.all %} - {{ question.title }}{% if question.rank %} n°{{ question.rank }}{% endif %} + {{ question.title }}{% if question.rank %} n°{{ question.rank }}{% endif %} {% if question|submitted:user and not question|validated:user %} {% trans "submitted on" %} {{ question|submitted:user }} diff --git a/teleforma/templates/teleforma/inc/question_step.html b/teleforma/templates/teleforma/inc/question_step.html index e74e6eea..426eb8fc 100644 --- a/teleforma/templates/teleforma/inc/question_step.html +++ b/teleforma/templates/teleforma/inc/question_step.html @@ -6,7 +6,7 @@ {% for question in questions.all %} - {{ question.title }}{% if question.rank %} n°{{ question.rank }}{% endif %} + {{ question.title }}{% if question.rank %} n°{{ question.rank }}{% endif %} {% if question|submitted:user and not question|validated:user %} diff --git a/teleforma/templates/teleforma/seminar_detail.html b/teleforma/templates/teleforma/seminar_detail.html index b6bf2e58..30ef9808 100644 --- a/teleforma/templates/teleforma/seminar_detail.html +++ b/teleforma/templates/teleforma/seminar_detail.html @@ -41,7 +41,7 @@ $(function () {
- +
{{ seminar.title }} @@ -54,13 +54,13 @@ $(function () {
{% block course_content %} - +

{% trans "Informations" %}

- {% include "teleforma/inc/seminar_description.html" %} + {% include "teleforma/inc/seminar_description.html" %}
{% if messages %}
@@ -70,7 +70,7 @@ $(function () {
{% endif %}
- + {% with seminar.docs_1 as docs %}
@@ -88,7 +88,7 @@ $(function () { {% include "teleforma/inc/media_package_list.html" %}
{% endwith %} - + {% with seminar.docs_2 as docs %}
@@ -128,7 +128,7 @@ $(function () {
{% endwith %} {% endif %} - + {% if seminar_validated and seminar_progress == 100 %}
diff --git a/teleforma/templates/teleforma/seminars.html b/teleforma/templates/teleforma/seminars.html index 8b80d4dd..0b68899e 100644 --- a/teleforma/templates/teleforma/seminars.html +++ b/teleforma/templates/teleforma/seminars.html @@ -88,8 +88,16 @@ $(function() { {% block course %}
+ {% if messages %} +
+ {% for message in messages %} + {{ message }}
+ {% endfor %} +
+ {% endif %} + {% for seminar in object_list %} - +
{{ seminar.title }} @@ -108,8 +116,8 @@ $(function() {
-
- {% include "teleforma/inc/seminar_description.html" %} +
+ {% include "teleforma/inc/seminar_description.html" %} {% trans "Access" %} diff --git a/teleforma/urls.py b/teleforma/urls.py index 81cdecfa..85fe954c 100644 --- a/teleforma/urls.py +++ b/teleforma/urls.py @@ -69,14 +69,14 @@ urlpatterns = patterns('', url(r'^desk/medias/(?P.*)/detail/$', MediaView.as_view(), name="teleforma-media-detail"), url(r'^desk/medias/(?P.*)/download/$', media.download, name="teleforma-media-download"), - url(r'^desk/seminars/(?P.*)/media/(?P.*)/video/$', - SeminarMediaView.as_view(template_name='teleforma/seminar_media_video.html'), + url(r'^desk/seminars/(?P.*)/media/(?P.*)/video/$', + SeminarMediaView.as_view(template_name='teleforma/seminar_media_video.html'), name="teleforma-media-video"), - url(r'^desk/seminars/(?P.*)/media/(?P.*)/audio/$', + url(r'^desk/seminars/(?P.*)/media/(?P.*)/audio/$', SeminarMediaView.as_view(template_name='teleforma/seminar_media_audio.html'), name="teleforma-media-audio"), - url(r'^desk/seminars/(?P.*)/preview/$', - SeminarMediaPreviewView.as_view(), + url(r'^desk/seminars/(?P.*)/preview/$', + SeminarMediaPreviewView.as_view(), name="teleforma-media-preview-video"), url(r'^desk/documents/(?P.*)/detail/$', DocumentView.as_view(), @@ -97,7 +97,7 @@ urlpatterns = patterns('', name="teleforma-conference-record"), # Questions - url(r'^desk/questions/(?P.*)/$', AnswerView.as_view(), + url(r'^desk/seminars/(?P.*)/questions/(?P.*)/$', AnswerView.as_view(), name="teleforma-question-answer"), url(r'^desk/answers/$', AnswersView.as_view(), name="teleforma-answers"), url(r'^desk/answers/(?P.*)/$', AnswerDetailView.as_view(), name="teleforma-answer-detail"), @@ -107,11 +107,11 @@ urlpatterns = patterns('', url(r'^desk/seminars/(?P.*)/form/$', evaluation_form_detail, name="teleforma-seminar-form"), # Testimonial - url(r'^desk/seminars/(?P.*)/testimonial/$', TestimonialView.as_view(), + url(r'^desk/seminars/(?P.*)/testimonial/$', TestimonialView.as_view(), name="teleforma-seminar-testimonial"), - url(r'^desk/seminars/(?P.*)/testimonial/download/$', TestimonialDownloadView.as_view(), + url(r'^desk/seminars/(?P.*)/testimonial/download/$', TestimonialDownloadView.as_view(), name="teleforma-seminar-testimonial-download"), - url(r'^desk/testimonials/$', TestimonialListView.as_view(), + url(r'^desk/testimonials/$', TestimonialListView.as_view(), name="teleforma-testimonials"), # Postman diff --git a/teleforma/views/pro.py b/teleforma/views/pro.py index a466588c..96d2cc73 100644 --- a/teleforma/views/pro.py +++ b/teleforma/views/pro.py @@ -103,21 +103,38 @@ def set_revision(user, seminar): else: SeminarRevision.objects.create(seminar=seminar, user=user) -class SeminarView(DetailView): + +class SeminarAccessMixin(object): + + def render_to_response(self, context): + seminar = context['seminar'] + if not seminar in all_seminars(self.request)['all_seminars']: + messages.warning(self.request, _("You do NOT have access to this resource and then have been redirected to your desk.")) + return redirect('teleforma-desk') + return super(SeminarAccessMixin, self).render_to_response(context) + + +class SeminarView(SeminarAccessMixin, DetailView): model = Seminar template_name='teleforma/seminar_detail.html' @method_decorator(login_required) def dispatch(self, *args, **kwargs): + # self.pk = kwargs.get('pk') + # seminar = self.get_object() return super(SeminarView, self).dispatch(*args, **kwargs) + # def get_object(self, queryset=None): + # return Media.objects.get(id=self.pk) + def get_context_data(self, **kwargs): context = super(SeminarView, self).get_context_data(**kwargs) seminar = self.get_object() user = self.request.user progress = seminar_progress(user, seminar) validated = seminar_validated(user, seminar) + context['seminar'] = seminar context['seminar_progress'] = progress context['seminar_validated'] = validated if progress == 100 and not validated: @@ -133,15 +150,14 @@ class SeminarsView(ListView): model = Seminar template_name='teleforma/seminars.html' - def get_queryset(self): - return all_seminars(self.request, date_order=True)['all_seminars'] - @method_decorator(login_required) def dispatch(self, *args, **kwargs): return super(SeminarsView, self).dispatch(*args, **kwargs) + def get_queryset(self): + return all_seminars(self.request, date_order=True)['all_seminars'] -class AnswerView(FormView): +class AnswerView(SeminarAccessMixin, FormView): model = Answer form_class = AnswerForm @@ -190,7 +206,7 @@ class AnswerView(FormView): return reverse('teleforma-seminar-detail', kwargs={'pk':self.question.seminar.id}) -class SeminarMediaView(MediaView): +class SeminarMediaView(SeminarAccessMixin, MediaView): template_name = 'teleforma/seminar_media_video.html'