implement the object permission directly
This commit is contained in:
parent
3f206daaf4
commit
c49fa57994
|
@ -34,10 +34,9 @@ def test_customer_detail_view(create_admin_user):
|
|||
|
||||
def test_customer_detail_view_no_permissions():
|
||||
User = get_user_model()
|
||||
User.objects.create_user("pharma-admin", "admin@pharma.com",
|
||||
"password", is_staff=True)
|
||||
User.objects.create_user("pharma-admin", "admin@pharma.com", "password")
|
||||
client = Client()
|
||||
customer = mixer.blend('customers.Customer')
|
||||
client.login(username="pharma-admin", password="password")
|
||||
response = client.get('/customer/' + str(customer.id) + '/')
|
||||
assert response.status_code == 302 and 'login' in response.url
|
||||
assert response.status_code == 404
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
from django.contrib.auth.decorators import login_required
|
||||
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||
from django.http.response import Http404
|
||||
from django.http.response import HttpResponse
|
||||
from django.shortcuts import get_object_or_404
|
||||
from django.shortcuts import render
|
||||
|
@ -44,12 +45,17 @@ def htmx_create_customer(request):
|
|||
|
||||
|
||||
@login_required
|
||||
@permission_required('customers.view_customer', (Customer, 'id', 'pk'))
|
||||
def customer_detail_view(request, pk):
|
||||
context = {'customer': get_object_or_404(Customer, pk=pk)}
|
||||
return TemplateResponse(request,
|
||||
"customers/customer_details.html",
|
||||
context)
|
||||
customer = get_object_or_404(Customer, pk=pk)
|
||||
permission = request.user.has_perm('customers.view_customer',
|
||||
customer)
|
||||
if permission:
|
||||
context = {'customer': customer}
|
||||
return TemplateResponse(request,
|
||||
"customers/customer_details.html",
|
||||
context)
|
||||
else:
|
||||
raise Http404()
|
||||
|
||||
|
||||
class CustomerCreateView(LoginRequiredMixin, CreateView):
|
||||
|
|
Loading…
Reference in New Issue