From 5e803b23fcde7d13206fcf78f705d69ece5ac893 Mon Sep 17 00:00:00 2001 From: yomguy Date: Wed, 18 Apr 2012 09:47:33 +0200 Subject: [PATCH] begin item security middleware, fix pagination --- teleforma/middleware.py | 27 ++++++++++++++++++++++----- teleforma/views.py | 4 ++-- 2 files changed, 24 insertions(+), 7 deletions(-) diff --git a/teleforma/middleware.py b/teleforma/middleware.py index 2dd2e6ec..628eff30 100644 --- a/teleforma/middleware.py +++ b/teleforma/middleware.py @@ -2,7 +2,7 @@ from telemeta.models.system import * from teleforma.models import * -class OnlyOneUserMiddleware(object): +class OnlyOneUser(object): def process_request(self, request): if not request.user.is_anonymous(): @@ -18,8 +18,25 @@ class OnlyOneUserMiddleware(object): profile.save() -class ExportSecurity(object): +class ItemExportSecurity(object): - def process_view(self, item_export): - pass - + def process_view(self, request, ItemView.item_export, *args, **kwargs): + id = args[0] + ext = args[1] + item = MediaItem.objects.get(public_id=id) + student = request.user.student.all() + if student: + courses = request.user.student.get().training.courses.all() + media = item.media.all() + if media: + media_courses = media.course.all() + for course in media_courses: + if not course in courses: + return 404 + else: + return None + else: + return None + else: + return None + diff --git a/teleforma/views.py b/teleforma/views.py index 67ea4642..c4fa8022 100755 --- a/teleforma/views.py +++ b/teleforma/views.py @@ -158,11 +158,11 @@ class UsersView(ListView): model = User template_name='telemeta/users.html' context_object_name = 'users' - paginate_by = 12 + #paginate_by = 12 def get_queryset(self): return User.objects.all().select_related(depth=1).order_by('last_name') - + def get_context_data(self, **kwargs): context = super(UsersView, self).get_context_data(**kwargs) context['trainings'] = Training.objects.all() -- 2.39.5