mirror of
https://gitlab.com/animath/si/plateforme.git
synced 2025-11-04 11:12:18 +01:00
Fix the permission to see a user page
This commit is contained in:
Yohann D'ANELLO
@@ -25,7 +25,7 @@ from django_tables2 import SingleTableView
|
||||
from magic import Magic
|
||||
from participation.models import Passage, Solution, Synthesis, Tournament
|
||||
from tfjm.tokens import email_validation_token
|
||||
from tfjm.views import AdminMixin, UserMixin, VolunteerMixin
|
||||
from tfjm.views import AdminMixin, UserMixin, UserRegistrationMixin, VolunteerMixin
|
||||
|
||||
from .forms import AddOrganizerForm, AdminRegistrationForm, CoachRegistrationForm, HealthSheetForm, \
|
||||
ParentalAuthorizationForm, PaymentForm, PhotoAuthorizationForm, SignupForm, StudentRegistrationForm, UserForm, \
|
||||
@@ -226,7 +226,7 @@ class MyAccountDetailView(LoginRequiredMixin, RedirectView):
|
||||
return reverse_lazy("registration:user_detail", args=(self.request.user.pk,))
|
||||
|
||||
|
||||
class UserDetailView(UserMixin, DetailView):
|
||||
class UserDetailView(LoginRequiredMixin, DetailView):
|
||||
"""
|
||||
Display the detail about a user.
|
||||
"""
|
||||
@@ -271,12 +271,6 @@ class UserUpdateView(UserMixin, UpdateView):
|
||||
form_class = UserForm
|
||||
template_name = "registration/update_user.html"
|
||||
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
if not self.request.user.is_authenticated or \
|
||||
not self.request.user.registration.is_admin and self.request.user != self.get_object():
|
||||
return self.handle_no_permission()
|
||||
return super().dispatch(request, *args, **kwargs)
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
context = super().get_context_data(**kwargs)
|
||||
user = self.get_object()
|
||||
@@ -309,7 +303,7 @@ class UserUpdateView(UserMixin, UpdateView):
|
||||
return reverse_lazy("registration:user_detail", args=(self.object.pk,))
|
||||
|
||||
|
||||
class UserUploadPhotoAuthorizationView(UserMixin, UpdateView):
|
||||
class UserUploadPhotoAuthorizationView(UserRegistrationMixin, UpdateView):
|
||||
"""
|
||||
A participant can send its photo authorization.
|
||||
"""
|
||||
@@ -318,12 +312,6 @@ class UserUploadPhotoAuthorizationView(UserMixin, UpdateView):
|
||||
template_name = "registration/upload_photo_authorization.html"
|
||||
extra_context = dict(title=_("Upload photo authorization"))
|
||||
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
if not self.request.user.is_authenticated or \
|
||||
not self.request.user.registration.is_admin and self.request.user != self.get_object().user:
|
||||
return self.handle_no_permission()
|
||||
return super().dispatch(request, *args, **kwargs)
|
||||
|
||||
@transaction.atomic
|
||||
def form_valid(self, form):
|
||||
old_instance = StudentRegistration.objects.get(pk=self.object.pk)
|
||||
@@ -336,7 +324,7 @@ class UserUploadPhotoAuthorizationView(UserMixin, UpdateView):
|
||||
return reverse_lazy("registration:user_detail", args=(self.object.user.pk,))
|
||||
|
||||
|
||||
class UserUploadHealthSheetView(UserMixin, UpdateView):
|
||||
class UserUploadHealthSheetView(UserRegistrationMixin, UpdateView):
|
||||
"""
|
||||
A participant can send its health sheet.
|
||||
"""
|
||||
@@ -345,12 +333,6 @@ class UserUploadHealthSheetView(UserMixin, UpdateView):
|
||||
template_name = "registration/upload_health_sheet.html"
|
||||
extra_context = dict(title=_("Upload health sheet"))
|
||||
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
if not self.request.user.is_authenticated or \
|
||||
not self.request.user.registration.is_admin and self.request.user != self.get_object().user:
|
||||
return self.handle_no_permission()
|
||||
return super().dispatch(request, *args, **kwargs)
|
||||
|
||||
@transaction.atomic
|
||||
def form_valid(self, form):
|
||||
old_instance = StudentRegistration.objects.get(pk=self.object.pk)
|
||||
@@ -363,7 +345,7 @@ class UserUploadHealthSheetView(UserMixin, UpdateView):
|
||||
return reverse_lazy("registration:user_detail", args=(self.object.user.pk,))
|
||||
|
||||
|
||||
class UserUploadParentalAuthorizationView(UserMixin, UpdateView):
|
||||
class UserUploadParentalAuthorizationView(UserRegistrationMixin, UpdateView):
|
||||
"""
|
||||
A participant can send its parental authorization.
|
||||
"""
|
||||
@@ -372,12 +354,6 @@ class UserUploadParentalAuthorizationView(UserMixin, UpdateView):
|
||||
template_name = "registration/upload_parental_authorization.html"
|
||||
extra_context = dict(title=_("Upload parental authorization"))
|
||||
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
if not self.request.user.is_authenticated or \
|
||||
not self.request.user.registration.is_admin and self.request.user != self.get_object().user:
|
||||
return self.handle_no_permission()
|
||||
return super().dispatch(request, *args, **kwargs)
|
||||
|
||||
@transaction.atomic
|
||||
def form_valid(self, form):
|
||||
old_instance = StudentRegistration.objects.get(pk=self.object.pk)
|
||||
|
||||
Reference in New Issue
Block a user