Changeset c5922c7 in rattail-demo


Ignore:
Timestamp:
08/06/2020 01:53:45 AM (3 years ago)
Author:
Lance Edgar <lance@…>
Branches:
master
Children:
ebe0c2b
Parents:
25a7d46
Message:

Be smarter about how we prevent edit/delete for some people, employees

instead of just hard-coding UUID for 'chuck'

Location:
rattail_demo/web/views
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • rattail_demo/web/views/employees.py

    r25a7d46 rc5922c7  
    1 # -*- coding: utf-8 -*-
     1# -*- coding: utf-8; -*-
    22"""
    33Employee views
    44"""
    55
    6 from __future__ import unicode_literals, absolute_import
    7 
    86from tailbone.views import employees as base
     7from tailbone.config import protected_usernames
    98
    109
    11 class EmployeesView(base.EmployeesView):
     10class EmployeeView(base.EmployeesView):
    1211    """
    1312    Prevent edit/delete for Chuck Norris
    1413    """
    1514
     15    def __init__(self, request, **kwargs):
     16        super(EmployeeView, self).__init__(request, **kwargs)
     17        self.protected_usernames = protected_usernames(self.rattail_config)
     18
     19    def is_employee_protected(self, employee):
     20        if self.protected_usernames:
     21            for user in employee.person.users:
     22                if user.username in self.protected_usernames:
     23                    return True
     24        return False
     25
    1626    def editable_instance(self, employee):
    17         return employee.person_uuid != '30d1fe06bcf411e6a7c23ca9f40bc550'
     27        if self.request.is_root:
     28            return True
     29        return not self.is_employee_protected(employee)
    1830
    1931    def deletable_instance(self, employee):
    20         return employee.person_uuid != '30d1fe06bcf411e6a7c23ca9f40bc550'
     32        if self.request.is_root:
     33            return True
     34        return not self.is_employee_protected(employee)
    2135
    2236
     
    2842                    renderer='json', permission='employees.list')
    2943
    30     EmployeesView.defaults(config)
     44    EmployeeView.defaults(config)

  • rattail_demo/web/views/people.py

    r25a7d46 rc5922c7  
    66from tailbone.views import people as base
    77from tailbone_corepos.views import people as corepos_base
     8from tailbone.config import protected_usernames
    89
    910
     
    1314    """
    1415
     16    def __init__(self, request, **kwargs):
     17        super(PersonView, self).__init__(request, **kwargs)
     18        self.protected_usernames = protected_usernames(self.rattail_config)
     19
     20    def is_person_protected(self, person):
     21        if self.protected_usernames:
     22            for user in person.users:
     23                if user.username in self.protected_usernames:
     24                    return True
     25        return False
     26
    1527    def editable_instance(self, person):
    16         return person.uuid != '30d1fe06bcf411e6a7c23ca9f40bc550'
     28        if self.request.is_root:
     29            return True
     30        return not self.is_person_protected(person)
    1731
    1832    def deletable_instance(self, person):
    19         return person.uuid != '30d1fe06bcf411e6a7c23ca9f40bc550'
     33        if self.request.is_root:
     34            return True
     35        return not self.is_person_protected(person)
    2036
    2137
Note: See TracChangeset for help on using the changeset viewer.