From 3901c21c6762cc2ccb537734fed2790f391a79a8 Mon Sep 17 00:00:00 2001 From: Jan Tuomi Date: Thu, 28 Sep 2017 20:28:19 +0300 Subject: [PATCH] Fix decorators in members --- members/views/applications.py | 17 +++++++++++------ members/views/members.py | 30 ++++++++++++++++++++---------- members/views/payments.py | 23 +++++++++++++++-------- members/views/utils.py | 8 +++++--- 4 files changed, 51 insertions(+), 27 deletions(-) diff --git a/members/views/applications.py b/members/views/applications.py index 86e100e..8324d53 100644 --- a/members/views/applications.py +++ b/members/views/applications.py @@ -1,5 +1,5 @@ from django.shortcuts import render -from django.contrib.auth.decorators import permission_required +from django.contrib.auth.decorators import permission_required, login_required from django.views.decorators.http import require_http_methods from django.views.decorators.csrf import ensure_csrf_cookie from django.http import HttpResponse, HttpResponseRedirect @@ -18,7 +18,8 @@ from members.forms import ApplicationForm @ensure_csrf_cookie @require_http_methods(["GET"]) -@permission_required('members.read_application', login_url='/login', raise_exception=True) +@login_required(login_url='/login') +@permission_required('members.read_application', raise_exception=True) def application_list(request, *args, **kwargs): """List member applications not yet processed.""" applications = Request.objects.all() @@ -40,7 +41,8 @@ def application_list(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["GET"]) -@permission_required('members.change_request', login_url='/login', raise_exception=True) +@login_required(login_url='/login') +@permission_required('members.change_request', raise_exception=True) def application_edit(request, *args, **kwargs): """Edit member request information.""" i = kwargs.pop('index', None) @@ -58,7 +60,8 @@ def application_edit(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["POST"]) -@permission_required('members.add_member', login_url='/login', raise_exception=True) +@login_required(login_url='/login') +@permission_required('members.add_member', raise_exception=True) def application_accept(request, *args, **kwargs): """Accept application.""" form = ApplicationForm(request.POST) @@ -86,7 +89,8 @@ def application_accept(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["POST"]) -@permission_required('members.delete_request', login_url='/login', raise_exception=True) +@login_required(login_url='/login') +@permission_required('members.delete_request', raise_exception=True) def application_delete(request, *args, **kwargs): """Delete member application.""" try: @@ -114,7 +118,8 @@ def application_delete(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["GET"]) -@permission_required('members.delete_request', login_url='/login', raise_exception=True) +@login_required(login_url='/login') +@permission_required('members.delete_request', raise_exception=True) def application_delete_confirm(request, *args, **kwargs): """Confirm application deletion.""" i = kwargs.pop('index', None) diff --git a/members/views/members.py b/members/views/members.py index 0b7c9db..0321296 100644 --- a/members/views/members.py +++ b/members/views/members.py @@ -1,5 +1,5 @@ from django.shortcuts import render -from django.contrib.auth.decorators import permission_required +from django.contrib.auth.decorators import permission_required, login_required from django.utils.decorators import method_decorator from django.views.decorators.http import require_http_methods from django.views.decorators.csrf import ensure_csrf_cookie @@ -27,7 +27,8 @@ from members.views.utils import * @ensure_csrf_cookie @require_http_methods(["GET"]) -@permission_required('members.read_member', login_url='/login', raise_exception=True) +@login_required(login_url='/login') +@permission_required('members.read_member', raise_exception=True) def member_list(request, *args, **kwargs): """Render members list.""" search = request.GET.get('q', None) @@ -53,7 +54,8 @@ def member_list(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["GET"]) -@permission_required('members.add_member', login_url='/login', raise_exception=True) +@login_required(login_url='/login') +@permission_required('members.add_member', raise_exception=True) def member_add(request, *args, **kwargs): """Render add member page.""" form = MemberForm() @@ -62,7 +64,8 @@ def member_add(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["GET"]) -@permission_required('members.delete_member', login_url='/login', raise_exception=True) +@login_required(login_url='/login') +@permission_required('members.delete_member', raise_exception=True) def member_delete_confirm(request, *args, **kwargs): """Render member deletion confirmation page.""" i = kwargs.pop('index', None) @@ -78,7 +81,8 @@ def member_delete_confirm(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["GET"]) -@permission_required('members.add_member', login_url='/login', raise_exception=True) +@login_required(login_url='/login') +@permission_required('members.add_member', raise_exception=True) def member_add_many(request, *args, **kwargs): """Render add multiple members page.""" return render(request, 'member_add_many.html', {}) @@ -86,7 +90,8 @@ def member_add_many(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["POST"]) -@permission_required('members.add_member', login_url='/login', raise_exception=True) +@login_required(login_url='/login') +@permission_required('members.add_member', raise_exception=True) def add_many_confirm(request, *args, **kwargs): models = request.session['models'] @@ -108,7 +113,8 @@ def add_many_confirm(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["POST"]) -@permission_required('members.add_member', login_url='/login', raise_exception=True) +@login_required(login_url='/login') +@permission_required('members.add_member', raise_exception=True) def member_submit(request, *args, **kwargs): """Add member based on data gained from member form.""" form = MemberForm(request.POST) @@ -128,7 +134,8 @@ def member_submit(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["POST"]) -@permission_required('members.change_member', login_url='/login', raise_exception=True) +@login_required(login_url='/login') +@permission_required('members.change_member', raise_exception=True) def member_update(request, *args, **kwargs): """Update member information.""" form = MemberForm(request.POST) @@ -154,7 +161,8 @@ def member_update(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["POST"]) -@permission_required('members.delete_member', login_url='/login', raise_exception=True) +@login_required(login_url='/login') +@permission_required('members.delete_member', raise_exception=True) def member_delete(request, *args, **kwargs): """Delete member.""" try: @@ -181,7 +189,8 @@ def member_delete(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["GET"]) -@permission_required('members.change_member', login_url='/login', raise_exception=True) +@login_required(login_url='/login') +@permission_required('members.change_member', raise_exception=True) def member_edit(request, *args, **kwargs): """Edit member information.""" i = kwargs.pop('index', None) @@ -197,6 +206,7 @@ def member_edit(request, *args, **kwargs): class MemberAutoComplete(autocomplete.Select2QuerySetView): + @method_decorator(login_required(login_url='/login')) def get_queryset(self): qs = Member.objects.all() diff --git a/members/views/payments.py b/members/views/payments.py index 988fcbe..4c9a587 100644 --- a/members/views/payments.py +++ b/members/views/payments.py @@ -1,5 +1,5 @@ from django.shortcuts import render -from django.contrib.auth.decorators import permission_required +from django.contrib.auth.decorators import permission_required, login_required from django.views.decorators.http import require_http_methods from django.views.decorators.csrf import ensure_csrf_cookie from django.http import HttpResponse, HttpResponseRedirect @@ -18,7 +18,8 @@ from members.forms import PaymentForm @ensure_csrf_cookie @require_http_methods(["GET"]) -@permission_required('members.read_payment', login_url='/login', raise_exception=True) +@login_required(login_url='/login') +@permission_required('members.read_payment', raise_exception=True) def payment_list(request, *args, **kwargs): """Render list of payments.""" search = request.GET.get('q', None) @@ -45,7 +46,8 @@ def payment_list(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["GET"]) -@permission_required('members.add_payment', login_url='/login', raise_exception=True) +@login_required(login_url='/login') +@permission_required('members.add_payment', raise_exception=True) def payment_add(request, *args, **kwargs): """Render add payment form.""" form = PaymentForm() @@ -54,7 +56,8 @@ def payment_add(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["POST"]) -@permission_required('members.add_payment', login_url='/login', raise_exception=True) +@login_required(login_url='/login') +@permission_required('members.add_payment', raise_exception=True) def payment_submit(request, *args, **kwargs): """Submit payment.""" form = PaymentForm(request.POST) @@ -75,7 +78,8 @@ def payment_submit(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["GET"]) -@permission_required('members.change_payment', login_url='/login', raise_exception=True) +@login_required(login_url='/login') +@permission_required('members.change_payment', raise_exception=True) def payment_edit(request, *args, **kwargs): """Edit payment.""" i = kwargs.pop('index', None) @@ -93,7 +97,8 @@ def payment_edit(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["GET"]) -@permission_required('members.delete_payment', login_url='/login', raise_exception=True) +@login_required(login_url='/login') +@permission_required('members.delete_payment', raise_exception=True) def payment_delete_confirm(request, *args, **kwargs): """Render payment delete confirmation page.""" i = kwargs.pop('index', None) @@ -111,7 +116,8 @@ def payment_delete_confirm(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["POST"]) -@permission_required('members.delete_payment', login_url='/login', raise_exception=True) +@login_required(login_url='/login') +@permission_required('members.delete_payment', raise_exception=True) def payment_delete(request, *args, **kwargs): """Delete payment.""" try: @@ -139,7 +145,8 @@ def payment_delete(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["POST"]) -@permission_required('members.change_payment', login_url='/login', raise_exception=True) +@login_required(login_url='/login') +@permission_required('members.change_payment', raise_exception=True) def payment_update(request, *args, **kwargs): """Update payment information.""" form = PaymentForm(request.POST) diff --git a/members/views/utils.py b/members/views/utils.py index acf2d04..8d8e7ae 100644 --- a/members/views/utils.py +++ b/members/views/utils.py @@ -1,5 +1,5 @@ from django.shortcuts import render -from django.contrib.auth.decorators import permission_required +from django.contrib.auth.decorators import permission_required, login_required from django.views.decorators.http import require_http_methods from django.views.decorators.csrf import ensure_csrf_cookie from django.http import HttpResponse, HttpResponseRedirect @@ -93,7 +93,8 @@ def convert_table_to_html(table, request): @ensure_csrf_cookie @require_http_methods(["GET"]) -@permission_required('members.change_member', login_url='/login', raise_exception=True) +@login_required(login_url='/login') +@permission_required('members.change_member', raise_exception=True) def settings_page(request, *args, **kwargs): """Render member app settings page.""" return render(request, 'settings.html', {}) @@ -101,7 +102,8 @@ def settings_page(request, *args, **kwargs): @ensure_csrf_cookie @require_http_methods(["POST"]) -@permission_required(['members.change_member', 'members.change_payment'], login_url='/login', raise_exception=True) +@login_required(login_url='/login') +@permission_required(['members.change_member', 'members.change_payment'], raise_exception=True) def import_csv(request, *args, **kwargs): """Get csv data imported to page and create members based on that.""" try: