Skip to content

Commit

Permalink
Merge pull request #808 from hackerspace-ntnu/fix-event-permissions
Browse files Browse the repository at this point in the history
Fix event permissions by checking user through all event responsible





This will probably bite me in the ass later
  • Loading branch information
CJGutz authored Apr 8, 2024
2 parents 655d511 + ea04afc commit 880c25c
Show file tree
Hide file tree
Showing 4 changed files with 36 additions and 14 deletions.
12 changes: 6 additions & 6 deletions news/templates/news/_event_admin_menu.html
Original file line number Diff line number Diff line change
Expand Up @@ -8,27 +8,27 @@ <h5>{% trans "Administrator-meny" %}</h5>
<div class="row">
<div class="col s12">
<ul class='collection'>
{% if perms.news.change_event %}
{% if event_admin_perm %}
<li class="collection-item"><a href="/events/{{ event.id }}/edit">
<i class="material-icons">edit</i>
<span class="collection-icon-text">{% trans "Rediger arrangement" %}</span></a>
</li>
{% endif %}
{% if event.registration and user in event.responsibles %}
{% if event.registration and event_admin_perm %}
<li class="collection-item"><a href="/events/{{ event.id }}/attended">
<i class="material-icons">check</i>
<span class="collection-icon-text">{% trans "Registrer oppmøte" %}</span>
</a></li>
{% endif %}
{% if event.skills.all and user in event.responsibles %}
{% if event.skills.all and event_admin_perm %}
<li class="collection-item">
<a href="/events/{{ event.id }}/skills">
<i class="material-icons">how_to_reg</i>
<span class="collection-icon-text">{% trans "Gi ferdigheter" %}</span>
</a>
</li>
{% endif %}
{% if perms.news.delete_event %}
{% if perms.news.delete_event and event_admin_perm %}
<li class="collection-item"><a href="/events/{{ event.id }}/delete" class="modal-trigger hs-red-text">
<i class="material-icons">delete</i>
<span class="collection-icon-text">{% trans "Slett arrangement" %}</span></a>
Expand All @@ -37,7 +37,7 @@ <h5>{% trans "Administrator-meny" %}</h5>
</ul>
</div>
</div>
{% if event.registration and user in event.responsibles %}
{% if event.registration and event_admin_perm %}
<div class="row">
<div class="col s12 m12 l6">
<ul class="collection with-header">
Expand Down Expand Up @@ -88,7 +88,7 @@ <h5>{% trans "Alle påmeldte" %}</h5>
</div>
</div>
{% if event.servering %}
{% if user in event.responsibles or user.is_superuser %}
{% if event_admin_perm %}
<div class="row">
<div class="col s12 m12">
<ul class="collection with-header">
Expand Down
2 changes: 1 addition & 1 deletion news/templates/news/attendee_form.html
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

{% block content %}
{% translate "Oppmøte" as trans_registrations %}
{% include "website/page_overview/content_title.html" title=trans_registrations %}
{% include "website/page_overview/content_title.html" with title=trans_registrations %}
<div class="container">
<div class="section">
<form method="post">
Expand Down
2 changes: 1 addition & 1 deletion news/templates/news/skills_form.html
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

{% block content %}
{% translate "Skills" as trans_skills %}
{% include "website/page_overview/content_title.html" title=trans_skills %}
{% include "website/page_overview/content_title.html" with title=trans_skills %}
<div class="container">
<div class="section">
<form method="post">
Expand Down
34 changes: 28 additions & 6 deletions news/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -63,30 +63,35 @@ def dispatch(self, request, *args, **kwargs):

def get_context_data(self, **kwargs):
context_data = super().get_context_data(**kwargs)
user = self.request.user
context_data["userstatus"] = "ikke pålogget"
context_data["expired_event"] = datetime.now() > self.object.time_end
context_data[
"food_preferences"
] = self.object.get_food_preferences_of_registered()

if self.request.user.is_authenticated:
context_data["userstatus"] = self.object.userstatus(self.request.user)
if self.object.is_waiting(self.request.user):
if user.is_authenticated:
context_data["userstatus"] = self.object.userstatus(user)
if self.object.is_waiting(user):
context_data["get_position"] = (
"Du er nummer "
+ str(self.object.get_position(user=self.request.user))
+ str(self.object.get_position(user=user))
+ " på ventelisten"
)
else:
context_data["get_position"] = "Du er ikke på ventelisten."

if self.object.skills.all():
context_data["user_skills"] = self.request.user.profile.skills.all()
context_data["user_skills"] = user.profile.skills.all()
context_data[
"unreachable_skills"
] = self.request.user.profile.filter_skills_reachability(
] = user.profile.filter_skills_reachability(
self.object.skills.all(), reachable=False
)
context_data["event_admin_perm"] = (
user.has_perm("news.change_event")
and user in self.object.responsibles.all()
) or user.is_superuser

return context_data

Expand Down Expand Up @@ -145,6 +150,14 @@ class EventAttendeeEditView(PermissionRequiredMixin, UpdateView):
model = Event
fields = ["title"]

def get_permission_required(self):
user = self.request.user
perms = user and (
user.is_superuser
or self.get_object().responsibles.filter(id=user.id).exists()
)
return (perms,)

def get_context_data(self, **kwargs):
context = super(EventAttendeeEditView, self).get_context_data(**kwargs)
if self.request.POST:
Expand All @@ -159,6 +172,7 @@ def form_valid(self, form):
context = self.get_context_data(form=form)
formset = context["registrations"]
if formset.is_valid():
print(self.object)
response = super().form_valid(form)
formset.instance = self.object
formset.save()
Expand All @@ -179,6 +193,14 @@ class EventAttendeeSkillsView(PermissionRequiredMixin, UpdateView):
model = Event
fields = ["title"]

def get_permission_required(self):
user = self.request.user
perms = user and (
user.is_superuser
or self.get_object().responsibles.filter(id=user.id).exists()
)
return (perms,)

def get_context_data(self, **kwargs):
context = super(EventAttendeeSkillsView, self).get_context_data(**kwargs)
if self.request.POST:
Expand Down

0 comments on commit 880c25c

Please sign in to comment.