Add permission requirement for /user route

039a603f · Thibaut Broggi · 220f4be0 · 039a603f · 039a603f
Verified Commit 039a603f authored Nov 29, 2017 by Thibaut Broggi
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 4 deletions

apps/core/management/commands/init_groups.py apps/core/management/commands/init_groups.py +3 -2

apps/rp/views/users.py apps/rp/views/users.py +4 -2

No files found.
--- a/apps/core/management/commands/init_groups.py
+++ b/apps/core/management/commands/init_groups.py
 from django.core.management.base import BaseCommand
 from django.contrib.auth.models import User, Group, Permission

-groups = ["jedi", "padawan"]
+groups = ["droid", "jedi", "padawan"]
 permissions = {
+    "droid": [],
    "jedi": [
-        "can_change_status", "can_change_priority", "can_vote", "can_edit"
+        "can_change_status", "can_change_priority", "can_vote", "can_edit", "can_edit_users"
    ],
    "padawan": ["can_vote", "add_article"]
 }

--- a/apps/rp/views/users.py
+++ b/apps/rp/views/users.py
 from django.contrib.auth.models import User
+from django.contrib.auth.mixins import PermissionRequiredMixin

 from django.views.generic.list import ListView

-class UserListView(ListView):
+class UserListView(PermissionRequiredMixin, ListView):
    model = User
    paginate_by = 20
-    template_name = "rp/user_list.html"
+    template_name = 'rp/user_list.html'
+    permission_required = 'can_edit_users'

    def get_queryset(self):
        qs = super().get_queryset()