From 039a603f960852e16f28930e3f3e36c199fc6fe8 Mon Sep 17 00:00:00 2001 From: Thibaut Broggi Date: Wed, 29 Nov 2017 16:51:11 +0100 Subject: [PATCH] Add permission requirement for /user route --- apps/core/management/commands/init_groups.py | 5 +++-- apps/rp/views/users.py | 6 ++++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/apps/core/management/commands/init_groups.py b/apps/core/management/commands/init_groups.py index b32bee4..0b7f765 100644 --- a/apps/core/management/commands/init_groups.py +++ b/apps/core/management/commands/init_groups.py @@ -1,10 +1,11 @@ from django.core.management.base import BaseCommand from django.contrib.auth.models import User, Group, Permission -groups = ["jedi", "padawan"] +groups = ["droid", "jedi", "padawan"] permissions = { + "droid": [], "jedi": [ - "can_change_status", "can_change_priority", "can_vote", "can_edit" + "can_change_status", "can_change_priority", "can_vote", "can_edit", "can_edit_users" ], "padawan": ["can_vote", "add_article"] } diff --git a/apps/rp/views/users.py b/apps/rp/views/users.py index f63871b..5966bbd 100644 --- a/apps/rp/views/users.py +++ b/apps/rp/views/users.py @@ -1,11 +1,13 @@ from django.contrib.auth.models import User +from django.contrib.auth.mixins import PermissionRequiredMixin from django.views.generic.list import ListView -class UserListView(ListView): +class UserListView(PermissionRequiredMixin, ListView): model = User paginate_by = 20 - template_name = "rp/user_list.html" + template_name = 'rp/user_list.html' + permission_required = 'can_edit_users' def get_queryset(self): qs = super().get_queryset() -- GitLab