me/breccia-mapper
1
0
Fork 0
mirror of https://github.com/Southampton-RSG/breccia-mapper.git synced 2026-03-03 11:27:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Add access controls to Person views

Browse Source 
See #6
This commit is contained in:
James Graham
2020-02-27 08:16:01 +00:00
parent e47ee453bd
commit 6d12202c8a
4 changed files with 66 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
people/permissions.py Normal file
View File

@@ -0,0 +1,33 @@
"""
Permission mixins for views relating to :class:`Person`s.
"""
from django.contrib.auth.mixins import UserPassesTestMixin
from . import models
class UserIsLinkedPersonMixin(UserPassesTestMixin):
"""
Grant access if the user is staff or has a :class:`Person` record and
this is the one referred to in the view.
"""
related_person_field = None
permission_denied_message = 'You do not have permission to view this page.'
def get_test_person(self) -> models.Person:
"""
Get the :class:`Person` to test the user against.
"""
if self.related_person_field is None:
test_person = self.get_object()
if not isinstance(test_person, models.Person):
raise AttributeError('View incorrectly configured: \'related_person_field\' must be defined.')
return test_person
return getattr(self.get_object(), self.related_person_field)
def test_func(self) -> bool:
return self.request.user.is_staff or self.get_test_person() == self.request.user.person