From 21088a14121962fa7a1438a5569caaf1c2e2b33e Mon Sep 17 00:00:00 2001 From: Matthew Grove Date: Sat, 25 Mar 2023 13:54:55 +0000 Subject: [PATCH] [FEAT] Limit Map and Network views to admins --- breccia_mapper/templates/base.html | 16 ++++++++-------- breccia_mapper/views.py | 6 ++++++ export/views/base.py | 7 +------ people/views/map.py | 3 ++- people/views/network.py | 3 ++- 5 files changed, 19 insertions(+), 16 deletions(-) diff --git a/breccia_mapper/templates/base.html b/breccia_mapper/templates/base.html index f28387e..91120af 100755 --- a/breccia_mapper/templates/base.html +++ b/breccia_mapper/templates/base.html @@ -104,15 +104,15 @@ Activities -
  • - Map -
    • - -
  • - Network -
    • - {% if request.user.is_superuser %} +
  • + Map +
    • + +
  • + Network +
    • +
  • Export
    • diff --git a/breccia_mapper/views.py b/breccia_mapper/views.py index 935dcc3..1eeef10 100644 --- a/breccia_mapper/views.py +++ b/breccia_mapper/views.py @@ -9,6 +9,8 @@ from django.contrib.auth.mixins import LoginRequiredMixin from django.urls import reverse from django.views.generic import TemplateView from django.views.generic.edit import UpdateView +from django.contrib.auth.mixins import UserPassesTestMixin +import typing from . import forms @@ -19,6 +21,10 @@ class IndexView(TemplateView): # Template set in Django settings file - may be customised by a customisation app template_name = settings.TEMPLATE_NAME_INDEX +class UserIsStaffMixin(UserPassesTestMixin): + def test_func(self) -> typing.Optional[bool]: + return self.request.user.is_staff + class ConsentTextView(LoginRequiredMixin, UpdateView): """View with consent text and form for users to indicate consent.""" diff --git a/export/views/base.py b/export/views/base.py index 3ef441b..03436d4 100644 --- a/export/views/base.py +++ b/export/views/base.py @@ -1,21 +1,16 @@ import csv import typing -from django.contrib.auth.mixins import UserPassesTestMixin from django.http import HttpResponse from django.views.generic import TemplateView from django.views.generic.list import BaseListView +from breccia_mapper.views import UserIsStaffMixin class QuotedCsv(csv.excel): quoting = csv.QUOTE_NONNUMERIC -class UserIsStaffMixin(UserPassesTestMixin): - def test_func(self) -> typing.Optional[bool]: - return self.request.user.is_staff - - class CsvExportView(UserIsStaffMixin, BaseListView): model = None serializer_class = None diff --git a/people/views/map.py b/people/views/map.py index cd34d5d..7442ce6 100644 --- a/people/views/map.py +++ b/people/views/map.py @@ -7,6 +7,7 @@ from django.utils import timezone from django.views.generic import TemplateView from people import forms, models, permissions +from breccia_mapper.views import UserIsStaffMixin def get_map_data(obj: typing.Union[models.Person, models.Organisation]) -> typing.Dict[str, typing.Any]: @@ -33,7 +34,7 @@ def get_map_data(obj: typing.Union[models.Person, models.Organisation]) -> typin } -class MapView(LoginRequiredMixin, TemplateView): +class MapView(UserIsStaffMixin, LoginRequiredMixin, TemplateView): """View displaying a map of :class:`Person` and :class:`Organisation` locations.""" template_name = 'people/map.html' diff --git a/people/views/network.py b/people/views/network.py index 65dab85..cb7b0d0 100644 --- a/people/views/network.py +++ b/people/views/network.py @@ -11,6 +11,7 @@ from django.utils import timezone from django.views.generic import TemplateView from people import forms, models, serializers +from breccia_mapper.views import UserIsStaffMixin logger = logging.getLogger(__name__) # pylint: disable=invalid-name @@ -57,7 +58,7 @@ filter_people = filter_by_form_answers( ) -class NetworkView(LoginRequiredMixin, TemplateView): +class NetworkView(UserIsStaffMixin, LoginRequiredMixin, TemplateView): """View to display relationship network.""" template_name = 'people/network.html'