rattail/rattail-demo
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Be smarter about how we prevent edit/delete for some people, employees

Browse source 
instead of just hard-coding UUID for 'chuck'
This commit is contained in:
Lance Edgar 2020-08-06 01:53:45 -05:00
parent 25a7d46588
commit c5922c74ea
2 changed files with 39 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
rattail_demo/web/views/employees.py
View file

@ -1,23 +1,37 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8; -*-
""" """
Employee views Employee views
""" """
from __future__ import unicode_literals, absolute_import
from tailbone.views import employees as base from tailbone.views import employees as base
from tailbone.config import protected_usernames
class EmployeesView(base.EmployeesView): class EmployeeView(base.EmployeesView):
""" """
Prevent edit/delete for Chuck Norris Prevent edit/delete for Chuck Norris
""" """
def __init__(self, request, **kwargs):
super(EmployeeView, self).__init__(request, **kwargs)
self.protected_usernames = protected_usernames(self.rattail_config)
def is_employee_protected(self, employee):
if self.protected_usernames:
for user in employee.person.users:
if user.username in self.protected_usernames:
return True
return False
def editable_instance(self, employee): def editable_instance(self, employee):
return employee.person_uuid != '30d1fe06bcf411e6a7c23ca9f40bc550' if self.request.is_root:
return True
return not self.is_employee_protected(employee)
def deletable_instance(self, employee): def deletable_instance(self, employee):
return employee.person_uuid != '30d1fe06bcf411e6a7c23ca9f40bc550' if self.request.is_root:
return True
return not self.is_employee_protected(employee)
def includeme(config): def includeme(config):
@ -27,4 +41,4 @@ def includeme(config):
config.add_view(base.EmployeesAutocomplete, route_name='employees.autocomplete', config.add_view(base.EmployeesAutocomplete, route_name='employees.autocomplete',
renderer='json', permission='employees.list') renderer='json', permission='employees.list')
EmployeesView.defaults(config) EmployeeView.defaults(config)

20
rattail_demo/web/views/people.py
View file

@ -5,6 +5,7 @@ Person views
from tailbone.views import people as base from tailbone.views import people as base
from tailbone_corepos.views import people as corepos_base from tailbone_corepos.views import people as corepos_base
from tailbone.config import protected_usernames
class PersonView(corepos_base.PersonView): class PersonView(corepos_base.PersonView):
@ -12,11 +13,26 @@ class PersonView(corepos_base.PersonView):
Prevent edit/delete for Chuck Norris Prevent edit/delete for Chuck Norris
""" """
def __init__(self, request, **kwargs):
super(PersonView, self).__init__(request, **kwargs)
self.protected_usernames = protected_usernames(self.rattail_config)
def is_person_protected(self, person):
if self.protected_usernames:
for user in person.users:
if user.username in self.protected_usernames:
return True
return False
def editable_instance(self, person): def editable_instance(self, person):
return person.uuid != '30d1fe06bcf411e6a7c23ca9f40bc550' if self.request.is_root:
return True
return not self.is_person_protected(person)
def deletable_instance(self, person): def deletable_instance(self, person):
return person.uuid != '30d1fe06bcf411e6a7c23ca9f40bc550' if self.request.is_root:
return True
return not self.is_person_protected(person)
def includeme(config): def includeme(config):