Commit 43390cfd authored by BERJON Matthieu's avatar BERJON Matthieu
Browse files

Checking of group belonging in webapp creation view



I created a mixin that check if a user belongs to one or more groups and
raise a `PermissionDenied` error if it's not the case.
I updated the `WebappCreate` view accordingly.

Signed-off-by: BERJON Matthieu's avatarMatthieu Berjon <matthieu.berjon@inria.fr>
parent c15fda67
from django.core.exceptions import PermissionDenied
class GroupRequiredMixin(object):
"""
group_required - list of strings, required param
"""
group_required = None
def dispatch(self, request, *args, **kwargs):
if not request.user.is_authenticated():
raise PermissionDenied
else:
user_groups = []
for group in request.user.groups.values_list('name', flat=True):
user_groups.append(group)
if len(set(user_groups).intersection(self.group_required)) <= 0:
raise PermissionDenied
return super(GroupRequiredMixin, self).dispatch(request, *args, **kwargs)
......@@ -26,6 +26,7 @@ from django.utils.text import slugify
from django.views.decorators.csrf import csrf_exempt
from django.views.generic import ListView, DetailView, UpdateView, FormView, CreateView, DeleteView, RedirectView, View
from .mixins import GroupRequiredMixin
from .helpers import get_ssh_data, upload_data
from .tokens import Token
from .models import Webapp, Job, User, AllgoUser, WebappVersion, Runner, Quota
......@@ -468,11 +469,12 @@ class WebappUpdate(SuccessMessageMixin, LoginRequiredMixin, UpdateView):
return super(WebappUpdate, self).form_invalid(form)
class WebappCreate(SuccessMessageMixin, LoginRequiredMixin, CreateView):
class WebappCreate(SuccessMessageMixin, LoginRequiredMixin, GroupRequiredMixin, CreateView):
model = Webapp
form_class = WebappForm
success_message = 'Webapp created successfully.'
template_name = 'webapp_add.html'
group_required = ['inria', ]
def get_success_url(self):
return reverse('main:user_webapp_list', args=(self.request.user,))
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment