coins-demo/todo/views/del_list.py

from django.contrib import messages
from django.contrib.auth.decorators import login_required, user_passes_test
from django.core.exceptions import PermissionDenied
from django.http import HttpResponse
from django.shortcuts import get_object_or_404, redirect, render

from todo.models import Task, TaskList
from todo.utils import staff_check


@login_required
@user_passes_test(staff_check)
def del_list(request, list_id: int, list_slug: str) -> HttpResponse:
    """Delete an entire list. Only staff members should be allowed to access this view.
    """
    task_list = get_object_or_404(TaskList, id=list_id)

    # Ensure user has permission to delete list. Get the group this list belongs to,
    # and check whether current user is a member of that group AND a staffer.
    if task_list.group not in request.user.groups.all():
        raise PermissionDenied    
    if not request.user.is_staff:
        raise PermissionDenied

    if request.method == "POST":
        TaskList.objects.get(id=task_list.id).delete()
        messages.success(request, "{list_name} is gone.".format(list_name=task_list.name))
        return redirect("todo:lists")
    else:
        task_count_done = Task.objects.filter(task_list=task_list.id, completed=True).count()
        task_count_undone = Task.objects.filter(task_list=task_list.id, completed=False).count()
        task_count_total = Task.objects.filter(task_list=task_list.id).count()

    context = {
        "task_list": task_list,
        "task_count_done": task_count_done,
        "task_count_undone": task_count_undone,
        "task_count_total": task_count_total,
    }

    return render(request, "todo/del_list.html", context)
Split up views into separate modules 2018-12-21 10:00:36 +00:00			`from django.contrib import messages`
Enforce and test TODO_STAFF_ONLY setting 2019-01-10 08:39:21 +00:00			`from django.contrib.auth.decorators import login_required, user_passes_test`
Split up views into separate modules 2018-12-21 10:00:36 +00:00			`from django.core.exceptions import PermissionDenied`
Move index.md to docs dir 2019-01-11 07:18:09 +00:00			`from django.http import HttpResponse`
			`from django.shortcuts import get_object_or_404, redirect, render`
Split up views into separate modules 2018-12-21 10:00:36 +00:00
			`from todo.models import Task, TaskList`
Enforce and test TODO_STAFF_ONLY setting 2019-01-10 08:39:21 +00:00			`from todo.utils import staff_check`
Split up views into separate modules 2018-12-21 10:00:36 +00:00

			`@login_required`
Enforce and test TODO_STAFF_ONLY setting 2019-01-10 08:39:21 +00:00			`@user_passes_test(staff_check)`
Split up views into separate modules 2018-12-21 10:00:36 +00:00			`def del_list(request, list_id: int, list_slug: str) -> HttpResponse:`
			`"""Delete an entire list. Only staff members should be allowed to access this view.`
			`"""`
			`task_list = get_object_or_404(TaskList, id=list_id)`

Enforce and test TODO_STAFF_ONLY setting 2019-01-10 08:39:21 +00:00			`# Ensure user has permission to delete list. Get the group this list belongs to,`
			`# and check whether current user is a member of that group AND a staffer.`
Delete perms: must be staff and in group (#82) * Delete perms: must be staff and in group * separate group check and staff check * test_del_list => test_del_list_not_in_list_group 2019-07-24 05:30:07 +00:00			`if task_list.group not in request.user.groups.all():`
			`raise PermissionDenied`
			`if not request.user.is_staff:`
Split up views into separate modules 2018-12-21 10:00:36 +00:00			`raise PermissionDenied`

			`if request.method == "POST":`
			`TaskList.objects.get(id=task_list.id).delete()`
			`messages.success(request, "{list_name} is gone.".format(list_name=task_list.name))`
			`return redirect("todo:lists")`
			`else:`
			`task_count_done = Task.objects.filter(task_list=task_list.id, completed=True).count()`
			`task_count_undone = Task.objects.filter(task_list=task_list.id, completed=False).count()`
			`task_count_total = Task.objects.filter(task_list=task_list.id).count()`

			`context = {`
			`"task_list": task_list,`
			`"task_count_done": task_count_done,`
			`"task_count_undone": task_count_undone,`
			`"task_count_total": task_count_total,`
			`}`

			`return render(request, "todo/del_list.html", context)`