Generic updateView; Model Permissions

marktplatz/models.py

@@ -6,11 +6,12 @@ import shutil
 
 from django.db.models import *
 from django.core.validators import MinValueValidator, MaxValueValidator
+from django.core.exceptions import PermissionDenied
 from django.contrib.auth.models import User
 from django.core.files.storage import FileSystemStorage
-from django_countries.fields import CountryField
-from django.urls import reverse
+from django.shortcuts import get_object_or_404
 
+from django.urls import reverse
 from django.db import models
 from django.dispatch import receiver
 from django.db.models.signals import post_delete, post_save
@@ -25,6 +26,7 @@ from imagekit.processors import Thumbnail
 from imagekit.processors import ResizeToCover
 from imagekit.models import ProcessedImageField
 
+from django_countries.fields import CountryField
 from post_office import mail
 from constance import config
 
@@ -178,6 +180,25 @@ class Product(models.Model):
     # credits = ForeignKey(Credit, null = True, blank=True, on_delete=models.SET_NULL, help_text="")
     #interaction = ForeignKey(Interaction, null = True,on_delete = models.SET_NULL, help_text="")
 
+    def user_can_manage(self, user):
+        return user.contact.id == self.contact.id
+        # print (user.contact.id, self.contact.id)
+        # return user == self.user or user.has_perm('your_app.manage_object')
+
+    @classmethod
+    def get_manageable_or_404(cls, user, *args, **kwargs):
+        item = get_object_or_404(cls, *args, **kwargs)
+        if not item.user_can_manage(user):
+            raise PermissionDenied
+        return item
+
+    @classmethod
+    def check_manageable(cls, user, *args, **kwargs):
+        product = get_object_or_404(cls, *args, **kwargs)
+        if product.user_can_manage(user):
+            return True
+        return False
+
     def __str__(self):
         return str(self.name)
 

marktplatz/templates/marktplatz/myProducts.html

@@ -45,7 +45,7 @@ $('form').submit(function () {
         {{category.short_name}}{% if not forloop.last %} | {% endif %}
              {% endfor %}
         </td>
-        <td scope="col"> {% if product.edit %} <a href="{% url 'edit-product' product.pk %}"> Projekt bearbeiten</a> ; <a href="{% url 'add-image' product.pk %}"> Media bearbeiten </a> {% else %} Es kann nicht bearbeitet werden {% endif %} </td>
+        <td scope="col"> {% if product.edit %} <a href="{% url 'projekt-bearbeiten' product.pk %}"> Projekt bearbeiten</a> ; <a href="{% url 'add-image' product.pk %}"> Media bearbeiten </a> {% else %} Es kann nicht bearbeitet werden {% endif %} </td>
         <td scope="col"> <a href="{% url 'product-delete' pk=product.pk %}" target="" rel="">Löschen</a>   </td>
         <td scope="col"> <a href="{% url 'product-publish' pk=product.pk %}" target="" rel="">Freischaltung</a>   </td>
 

marktplatz/urls.py

@@ -32,7 +32,7 @@ urlpatterns = [
     path('neues-wohnprojekt/', views.WohnProjektCreateView.as_view(), name='neues-wohnprojekt'),
     path('neues-mobilitaetsprojekt/', views.MobilitaetsProjektCreateView.as_view(), name='neues-mobilitaetsprojekt'),
     path('meine-projekte/', views.UsersProducts.as_view(), name='meine-projekte'),
-    path('editProduct/<int:pk>', views.EditView.as_view(), name='edit-product'),
+    path('projekt-bearbeiten/<int:pk>', views.WohnProjektUpdateView.as_view(), name='projekt-bearbeiten'),
     path('add-image/<int:pk>', views.addImageView.as_view(), name='add-image'),
     # path('generic-test/', views.genericView.as_view(), name='generic-test'),
     path('pages/<slug:page>/', pagesView.as_view(template_name="marktplatz/generic.html"), name='pages-generic'),

marktplatz/utils.py

@@ -0,0 +1,22 @@
+from django.shortcuts import render, get_object_or_404, redirect
+from django.core.exceptions import PermissionDenied
+from django.http import HttpRequest, HttpResponse
+from .models import *
+
+def check_ownership(request: HttpRequest, *args, **kwargs) -> HttpRequest:
+    contact = Contact.objects.get(user=request.user)
+    # print ()
+
+    # try:
+    # product = Product.objects.get( pk=pk )
+    product = get_object_or_404( Product,  pk = kwargs['pk'] )
+    if (contact.id == product.contact.id ):
+        return True
+    return False
+
+    # get_object_or_404(Product, (Q(pk=pk) & Q(contact=contact)))
+    #
+    # if request.user = :
+    #     return request
+    # # Return a HTTP 403 back to the user
+    # raise PermissionDenied

marktplatz/views.py

@@ -7,19 +7,20 @@ from PIL import Image
 from PIL import ImageFont
 from PIL import ImageDraw
 
-from django.db import models
-from django.db.models import Count
-from django.core import serializers
-from django.core.files import File
-from django.core.mail import send_mail
-from django.urls import reverse, reverse_lazy
-from django.http import HttpResponseRedirect, Http404, HttpResponse
 from django.contrib import messages
 from django.contrib.auth import login, authenticate
 from django.contrib.auth.models import User
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.auth.decorators import login_required
 from django.contrib.auth.models import User, Group
+from django.core import serializers
+from django.core.files import File
+from django.core.mail import send_mail
+from django.core.exceptions import PermissionDenied
+from django.urls import reverse, reverse_lazy
+from django.http import HttpResponseRedirect, Http404, HttpResponse
+from django.db import models
+from django.db.models import Count
 from django.views import generic
 from django.views.generic import TemplateView
 from django.views.generic import FormView
@@ -30,11 +31,11 @@ from django.forms import formset_factory
 from django.forms import BaseModelFormSet
 from django.forms import modelformset_factory, inlineformset_factory
 from django.forms.models import model_to_dict
-from django_file_form.uploader import FileFormUploader
 # from django_countries import countries
 from django.template import Context, Template
 from django.conf import settings
 
+from django_file_form.uploader import FileFormUploader
 from constance import config
 from django.db.models import Q
 from newsletter.forms import *
@@ -43,6 +44,7 @@ from post_office import mail
 
 from marktplatz.models import *
 from .forms import *
+from .utils import *
 
 # Create your views here.
 def index(request):
@@ -698,7 +700,7 @@ class NewProductView(LoginRequiredMixin, FormView):
     model = Product
 
 
-class ProductCreateView(CreateView, LoginRequiredMixin):
+class ProductCreateView(LoginRequiredMixin, CreateView):
     template_name = 'marktplatz/product_create.html'
     model = Product
     form_class = ProductForm
@@ -776,6 +778,55 @@ class WohnProjektCreateView(ProductCreateView):
 #             return render(request, self.template_name, context)
 
 
+
+class ProductUpdateView(LoginRequiredMixin, UpdateView):
+    template_name = 'marktplatz/product_create.html'
+    model = Product
+    form_class = ProductForm
+    gotoPics = False
+    # success_url =
+
+
+    def dispatch(self, request, *args, **kwargs):
+        if not request.user.is_authenticated:
+            return self.handle_no_permission()
+
+        if self.model.check_manageable(request.user,  id= kwargs['pk']):
+            return super().dispatch(request, *args, **kwargs)
+        raise PermissionDenied
+
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+        context['info_txt'] = Template(config.INFO_TXT).render(Context(context))
+        return context
+
+    def post(self, request, *args, **kwargs):
+        if 'add-image' in request.POST:
+            self.gotoPics = True
+        return super().post(self, request, *args, **kwargs)
+
+    def get(self, request, *args, **kwargs):
+        return super().get(self, request, *args, **kwargs)
+
+    def form_valid(self, form):
+
+        product = form.save(commit=False)
+        product.contact = Contact.objects.get(user = self.request.user)
+        product.save()
+
+        if (self.gotoPics):
+            return HttpResponseRedirect(reverse('add-image', kwargs={'pk': product.pk}))
+        else:
+            return HttpResponseRedirect(  reverse('meine-projekte')  )
+
+
+
+class WohnProjektUpdateView(ProductUpdateView):
+    model = Wohnprojekt
+    form_class = WohnprojektForm
+
+
 class addImageView(LoginRequiredMixin, FormView):
     use_ajax = True
     template_name = 'marktplatz/file_upload.html'