Restrict file format list view to superusers and staff

2012-01-08 07:36:32 -04:00
parent 1039b80831
commit c897fa169d
2 changed files with 30 additions and 23 deletions
--- a/apps/converter/init.py
+++ b/apps/converter/init.py
@@ -9,7 +9,10 @@ from project_tools.api import register_tool
 from .utils import load_backend
 from .conf.settings import GRAPHICS_BACKEND

-formats_list = {'text': _('file formats'), 'view': 'formats_list', 'famfam': 'pictures', 'icon': 'pictures.png'}
+def is_superuser(context):
+    return context['request'].user.is_staff or context['request'].user.is_superuser
+
+formats_list = {'text': _('file formats'), 'view': 'formats_list', 'famfam': 'pictures', 'icon': 'pictures.png', 'condition': is_superuser}

 register_sidebar_template(['formats_list'], 'converter_file_formats_help.html')

--- a/apps/converter/views.py
+++ b/apps/converter/views.py
@@ -1,32 +1,36 @@
+from __future__ import absolute_import
+
 from django.utils.translation import ugettext_lazy as _
 from django.shortcuts import render_to_response
 from django.template import RequestContext
+from django.core.exceptions import PermissionDenied

 from common.utils import encapsulate

-from converter.api import get_format_list
-from converter.conf.settings import GRAPHICS_BACKEND
+from .api import get_format_list
+from .conf.settings import GRAPHICS_BACKEND


 def formats_list(request):
-    #check_permissions(request.user, [PERMISSION_DOCUMENT_VIEW])
+    if request.user.is_superuser or request.user.is_staff:
+        context = {
+            'title': _(u'suported file formats'),
+            'hide_object': True,
+            'object_list': sorted(get_format_list()),
+            'extra_columns': [
+                {
+                    'name': _(u'name'),
+                    'attribute': encapsulate(lambda x: x[0])
+                },
+                {
+                    'name': _(u'description'),
+                    'attribute': encapsulate(lambda x: x[1])
+                }
+            ],
+            'backend': GRAPHICS_BACKEND,
+        }

-    context = {
-        'title': _(u'suported file formats'),
-        'hide_object': True,
-        'object_list': sorted(get_format_list()),
-        'extra_columns': [
-            {
-                'name': _(u'name'),
-                'attribute': encapsulate(lambda x: x[0])
-            },
-            {
-                'name': _(u'description'),
-                'attribute': encapsulate(lambda x: x[1])
-            }
-        ],
-        'backend': GRAPHICS_BACKEND,
-    }
-
-    return render_to_response('generic_list.html', context,
-        context_instance=RequestContext(request))
+        return render_to_response('generic_list.html', context,
+            context_instance=RequestContext(request))
+    else:
+        raise PermissionDenied