Add Hdabo administration to profile page + protect Hdabo with is_staff decorateor
--- a/src/hdabo/urls.py Fri Dec 12 11:04:02 2014 +0100
+++ b/src/hdabo/urls.py Fri Dec 12 13:39:26 2014 +0100
@@ -1,7 +1,7 @@
from django.conf.urls import patterns, include, url
from django.contrib import admin
from django.contrib.auth import urls as auth_url, views as auth_views
-from django.contrib.auth.decorators import login_required
+from django.contrib.admin.views.decorators import staff_member_required
from .views import AddOrUpdateFolder, Folders, SearchDatasheet, DeleteFolder
@@ -23,7 +23,7 @@
url(r'^logout/', 'django.contrib.auth.views.logout_then_login'),
url(r'^admin/', include(admin.site.urls)),
url(r'^search/', include('haystack.urls')),
- url(r'^$', 'hdabo.views.home', name='home'),
+ url(r'^$', 'hdabo.views.home', name='hdabo_home'),
url(r'^list/$', 'hdabo.views.orga_list', name='orga_list'),
url(r'^list/(?P<orga_id>[\w-]+)$', 'hdabo.views.list_for_orga', name='list_for_orga'),
url(r'^list/(?P<orga_id>[\w-]+)/(?P<valid>[\w-]+)/$', 'hdabo.views.list_for_orga', name='list_for_orga'),
@@ -49,9 +49,9 @@
url(r'^updatetagalias$', 'hdabo.views.update_tag_alias'),
url(r'^updatetagcategory$', 'hdabo.views.update_tag_category'),
url(r'^ordertagsdatasheet$', 'hdabo.views.reorder_tag_datasheet'),
- url(r'^folders/$', login_required(Folders.as_view()), name='folders'),
- url(r'^folder/$', login_required(AddOrUpdateFolder.as_view()), name='add_or_update_folder'),
- url(r'^folder/(?P<folder_pk>[\w-]+)$', login_required(AddOrUpdateFolder.as_view()), name='add_or_update_folder'),
+ url(r'^folders/$', staff_member_required(Folders.as_view()), name='folders'),
+ url(r'^folder/$', staff_member_required(AddOrUpdateFolder.as_view()), name='add_or_update_folder'),
+ url(r'^folder/(?P<folder_pk>[\w-]+)$', staff_member_required(AddOrUpdateFolder.as_view()), name='add_or_update_folder'),
url(r'^searchajax/$', SearchDatasheet(), name='searchajax'),
- url(r'^deletefolder/(?P<folder_pk>[\w-]+)$', login_required(DeleteFolder.as_view()), name='delete_folder'),
+ url(r'^deletefolder/(?P<folder_pk>[\w-]+)$', staff_member_required(DeleteFolder.as_view()), name='delete_folder'),
)
--- a/src/hdabo/views.py Fri Dec 12 11:04:02 2014 +0100
+++ b/src/hdabo/views.py Fri Dec 12 13:39:26 2014 +0100
@@ -1,7 +1,7 @@
# -*- coding: utf-8 -*-
from django.conf import settings
-from django.contrib.auth.decorators import login_required #@UnusedImport
+from django.contrib.admin.views.decorators import staff_member_required
from django.core.paginator import Paginator
from django.db import connection
from django.db.models import Max, Count, Min
@@ -22,12 +22,12 @@
from django.http.response import HttpResponse
-@login_required
+@staff_member_required
def home(request):
return render_to_response("home.html", context_instance=RequestContext(request))
-@login_required
+@staff_member_required
def orga_list(request):
orgas = Organisation.objects.all().order_by('name')
@@ -55,7 +55,7 @@
context_instance=RequestContext(request))
-@login_required
+@staff_member_required
def display_datasheet(request, ds_id=None):
if ds_id :
@@ -135,7 +135,7 @@
context_instance=RequestContext(request))
-@login_required
+@staff_member_required
def list_for_orga(request, orga_id=None, valid=None, start_index=None):
orga = Organisation.objects.get(id=orga_id)
@@ -189,7 +189,7 @@
context_instance=RequestContext(request))
-@login_required
+@staff_member_required
def all_tags(request, num_page=None, nb_by_page=None, sort="+pop", searched=None):
# If the view is asked after a form sent with post vars, it means that searched is a post var.
@@ -230,7 +230,7 @@
context_instance=RequestContext(request))
-@login_required
+@staff_member_required
def tag_up_down(request):
ds_id = request.POST["datasheet_id"]
# post vars new_order and old_order indicate the position (from 1) of the tag in the list.
@@ -264,7 +264,7 @@
return get_tag_table(request=request, ds_id=ds_id, valid=0)
-@login_required
+@staff_member_required
def get_tag_table(request=None, ds_id=None, valid=None):
ordered_tags = TaggedSheet.objects.filter(datasheet__hda_id=ds_id).order_by('order')
@@ -274,7 +274,7 @@
context_instance=RequestContext(request))
-@login_required
+@staff_member_required
def get_all_tags_table(request, num_page=None, nb_by_page=None, sort="+pop", searched=None):
current_page, p, num_page, nb_by_page = get_current_page(num_page, nb_by_page, sort, searched) #@UnusedVariable
@@ -328,7 +328,7 @@
return current_page, p, num_page, nb_by_page
-@login_required
+@staff_member_required
def remove_tag_from_list(request=None):
ds_id = request.POST["datasheet_id"]
@@ -346,7 +346,7 @@
return get_tag_table(request=request, ds_id=ds_id, valid=0)
-@login_required
+@staff_member_required
def modify_tag(request):
tag_id = request.POST["id"]
@@ -382,7 +382,7 @@
return get_all_tags_table(request=request, num_page=request.POST["num_page"], nb_by_page=request.POST["nb_by_page"], sort=request.POST["sort"], searched=request.POST["searched"])
-@login_required
+@staff_member_required
def modify_tag_datasheet(request):
tag_id = request.POST["id"]
@@ -417,7 +417,7 @@
-@login_required
+@staff_member_required
def reset_wikipedia_info(request):
# 2 cases :
# - ordered tag for one datasheet : POST["datasheet_id"] is not null
@@ -446,7 +446,7 @@
return get_all_tags_table(request=request, num_page=request.POST["num_page"], nb_by_page=request.POST["nb_by_page"], sort=request.POST["sort"], searched=request.POST["searched"])
-@login_required
+@staff_member_required
def add_tag(request=None):
ds_id = request.POST["datasheet_id"]
@@ -472,7 +472,7 @@
return get_tag_table(request=request, ds_id=ds_id, valid=0)
-@login_required
+@staff_member_required
def remove_wp_link(request=None):
# 2 cases :
# - ordered tag for one datasheet : POST["datasheet_id"] is not null
@@ -506,7 +506,7 @@
return get_all_tags_table(request=request, num_page=request.POST["num_page"], nb_by_page=request.POST["nb_by_page"], sort=request.POST["sort"], searched=request.POST["searched"])
-@login_required
+@staff_member_required
def validate_datasheet(request=None, ds_id=None, valid=None):
# We set if valid is true of false, function of the url parameters
if valid == "1" or valid == "true" or not valid :
@@ -535,7 +535,7 @@
return redirect('home')
-@login_required
+@staff_member_required
def update_tag_alias(request):
# 2 cases :
# - ordered tag for one datasheet : POST["datasheet_id"] is not null
@@ -560,7 +560,7 @@
return categories
-@login_required
+@staff_member_required
def update_tag_category(request):
tag_id = request.POST["id"]
@@ -577,7 +577,7 @@
else :
return get_all_tags_table(request=request, num_page=request.POST["num_page"], nb_by_page=request.POST["nb_by_page"], sort=request.POST["sort"], searched=request.POST["searched"])
-@login_required
+@staff_member_required
def reorder_tag_datasheet(request):
ds_id = request.REQUEST['datasheet_id']
--- a/src/hdalab/templates/profile_home.html Fri Dec 12 11:04:02 2014 +0100
+++ b/src/hdalab/templates/profile_home.html Fri Dec 12 13:39:26 2014 +0100
@@ -38,7 +38,8 @@
<p>
<a href="{% url 'manage_renkans' %}" >{% trans 'Administrer les Renkan' %}</a>
/ <a href="{% url 'edito_home' %}" >{% trans 'Editorialisation' %}</a>
- / <a href="{% url 'admin:index' %}" >{% trans 'Administrer Hdabo' %}</a>
+ / <a href="{% url 'admin:index' %}" >{% trans 'Administration Hdalab' %}</a>
+ / <a href="{% url 'hdabo_home' %}" >{% trans 'Administrer Hdabo' %}</a>
</p>
</div>
{% endif %}