Enforce and test TODO_STAFF_ONLY setting
This commit is contained in:
Scot Hacker
parent
6953085285
commit
91b9a099a3
14 changed files with 81 additions and 51 deletions
|
|
@ -1,20 +1,25 @@
|
|||
from django.contrib import messages
|
||||
from django.contrib.auth.decorators import login_required
|
||||
from django.contrib.auth.decorators import login_required, user_passes_test
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.db import IntegrityError
|
||||
from django.http import HttpResponse
|
||||
from django.shortcuts import redirect, render
|
||||
from django.utils.text import slugify
|
||||
|
||||
from todo.forms import AddTaskListForm
|
||||
from todo.utils import staff_only
|
||||
from todo.utils import staff_check
|
||||
|
||||
|
||||
@staff_only
|
||||
@login_required
|
||||
@user_passes_test(staff_check)
|
||||
def add_list(request) -> HttpResponse:
|
||||
"""Allow users to add a new todo list to the group they're in.
|
||||
"""
|
||||
|
||||
# Only staffers can add lists.
|
||||
if not request.user.is_staff:
|
||||
raise PermissionDenied
|
||||
|
||||
if request.POST:
|
||||
form = AddTaskListForm(request.user, request.POST)
|
||||
if form.is_valid():
|
||||
|
|
@ -33,6 +38,7 @@ def add_list(request) -> HttpResponse:
|
|||
)
|
||||
else:
|
||||
if request.user.groups.all().count() == 1:
|
||||
# FIXME: Assuming first of user's groups here; better to prompt for group
|
||||
form = AddTaskListForm(request.user, initial={"group": request.user.groups.all()[0]})
|
||||
else:
|
||||
form = AddTaskListForm(request.user)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue