Barn/django-project
1
0
Fork 0
Code Issues 6 Pull requests Packages Projects 1 Releases Activity

Compare commits

base: Barn:f38fb8d410d45a7c4fa1e9b8bfa8c38dbbaf2482
Branches Tags
Barn:master
..
compare: Barn:bc440dfa2ab071a32a73043a13b6aa4efa99d0a6
Branches Tags
Barn:master

2 commits
f38fb8d410 ... bc440dfa2a

Author SHA1 Message Date
Benjamin bc440dfa2a Add restrictions for editing recipe title 2023-03-11 18:20:22 +01:00
Benjamin 8f79bf5dd2 Limit version editing to creator and superusers 2023-03-11 17:52:44 +01:00
2 changed files with 15 additions and 2 deletions
Show stats Expand all files Collapse all files

15
recipes/views.py
View file

@ -1,4 +1,4 @@
from django.shortcuts import render, get_object_or_404
from django.shortcuts import render, get_object_or_404, redirect
from .models import Recipe, Version, Ingredient
from .forms import RecipeForm, VersionForm, IngredientFormSet
from django.contrib.auth.decorators import login_required
@ -72,6 +72,16 @@ def add_recipe(request):
def edit_recipe(request, slug):
recipe = get_object_or_404(Recipe, slug=slug)
# It is assumed every recipe has at least one version
if not request.user.is_superuser:
users = set()
for version in recipe.versions.all(): # type: ignore
users.add(version.user)
if len(users) > 1 or (len(users) == 1 and next(iter(users)) != request.user):
return redirect(f"/accounts/login/?next={request.path}")
if request.method == 'POST':
form = RecipeForm(request.POST, instance=recipe, prefix=RECIPE_FORM_PREFIX)
if form.is_valid():
@ -113,6 +123,9 @@ def edit_version(request, slug_recipe, slug_version):
recipe = get_object_or_404(Recipe, slug=slug_recipe)
version = get_object_or_404(Version, recipe=recipe, slug=slug_version)
if version.user != request.user and not request.user.is_superuser:
return redirect(f"/accounts/login/?next={request.path}")
if request.method == 'POST':
version_form = VersionForm(request.POST, prefix=VERSION_FORM_PREFIX, instance=version, author_placeholder=get_name_of_user(request.user))
ingredients_formset = IngredientFormSet(request.POST, queryset=version.ingredients.all(), prefix=INGREDIENTS_FORMSET_PREFIX) # type: ignore

2
templates/registration/login.html
View file

@ -11,7 +11,7 @@
{% if next %}
<section>
{% if user.is_authenticated %}
<p>You are not authorized to access this site. Please inform Benjamin to get the corresponding authorization or log in with an account with the necessary permissions.</p>
<p>You are not authorized to access this site. Please log in with an account with the necessary permissions.</p>
{% else %}
<p>Please log in to view this site.</p>
{% endif %}