restricted accessrights to membersapi
This commit is contained in:
okalintu
@@ -1,5 +1,6 @@
|
||||
from django.shortcuts import render, get_object_or_404
|
||||
from django.contrib.auth.decorators import permission_required
|
||||
from django.views.decorators.http import require_http_methods
|
||||
from django.views.decorators.csrf import ensure_csrf_cookie
|
||||
from django.http import HttpResponse, HttpResponseBadRequest
|
||||
from django.core.exceptions import ValidationError
|
||||
@@ -7,16 +8,21 @@ from members.models import Member, MemberRequest
|
||||
import json
|
||||
|
||||
@ensure_csrf_cookie
|
||||
@require_http_methods(["GET"])
|
||||
@permission_required('members.change_member', login_url='/login')
|
||||
def index(request, *args, **kwargs):
|
||||
return render(request, 'members_index.html',{})
|
||||
|
||||
@ensure_csrf_cookie
|
||||
@require_http_methods(["GET"])
|
||||
@permission_required('members.change_member', login_url='/login')
|
||||
def members(request, *args, **kwargs):
|
||||
mems = list(map(lambda m: m.get_dict(),Member.objects.all()))
|
||||
return HttpResponse(json.dumps(mems))
|
||||
|
||||
@ensure_csrf_cookie
|
||||
@require_http_methods(["GET", "POST", "DELETE","PUT"])
|
||||
@permission_required('members.change_member', login_url='/login')
|
||||
def member(request,*args, **kwargs):
|
||||
|
||||
# get, put and delete together since all operate on existing objects
|
||||
@@ -60,6 +66,8 @@ def member(request,*args, **kwargs):
|
||||
return HttpResponseBadRequest('{"error" : "Invalid parameters supplied"}')
|
||||
|
||||
@ensure_csrf_cookie
|
||||
@require_http_methods(["POST"])
|
||||
@permission_required('members.change_member', login_url='/login')
|
||||
def csv_import(request, *args, **kwargs):
|
||||
data = request.body.decode("utf-8")
|
||||
resp_data = Member.import_csv(data)
|
||||
@@ -69,6 +77,8 @@ def csv_import(request, *args, **kwargs):
|
||||
return resp
|
||||
|
||||
@ensure_csrf_cookie
|
||||
@require_http_methods(["GET"])
|
||||
@permission_required('members.change_member', login_url='/login')
|
||||
def member_requests(request, *args, **kwargs):
|
||||
reqs = list(map(lambda r: r.get_dict(),MemberRequest.objects.all()))
|
||||
return HttpResponse(json.dumps(reqs))
|
||||
@@ -85,6 +95,8 @@ def new_member_request(request, *args, **kwargs):
|
||||
return HttpResponseBadRequest('{"error" : "Invalid parameters supplied"}')
|
||||
|
||||
@ensure_csrf_cookie
|
||||
@require_http_methods(["GET", "POST", "DELETE"])
|
||||
@permission_required('members.change_member', login_url='/login')
|
||||
def handle_mem_request(request, idx, *args, **kwargs):
|
||||
try:
|
||||
req = MemberRequest.objects.get(pk=idx)
|
||||
|
||||
Reference in New Issue
Block a user