Be smarter about how we prevent edit/delete for some people, employees

instead of just hard-coding UUID for 'chuck'
2020-08-06 01:53:45 -05:00 · 2020-08-06 01:53:45 -05:00 · c5922c74ea
parent 25a7d46588
commit c5922c74ea
2 changed files with 39 additions and 9 deletions
--- a/rattail_demo/web/views/employees.py
+++ b/rattail_demo/web/views/employees.py
@ -1,23 +1,37 @@
-# -*- coding: utf-8 -*-
+# -*- coding: utf-8; -*-
 """
 Employee views
 """

-from __future__ import unicode_literals, absolute_import
-
 from tailbone.views import employees as base
+from tailbone.config import protected_usernames


-class EmployeesView(base.EmployeesView):
+class EmployeeView(base.EmployeesView):
    """
    Prevent edit/delete for Chuck Norris
    """

+    def __init__(self, request, **kwargs):
+        super(EmployeeView, self).__init__(request, **kwargs)
+        self.protected_usernames = protected_usernames(self.rattail_config)
+
+    def is_employee_protected(self, employee):
+        if self.protected_usernames:
+            for user in employee.person.users:
+                if user.username in self.protected_usernames:
+                    return True
+        return False
+
    def editable_instance(self, employee):
-        return employee.person_uuid != '30d1fe06bcf411e6a7c23ca9f40bc550'
+        if self.request.is_root:
+            return True
+        return not self.is_employee_protected(employee)

    def deletable_instance(self, employee):
-        return employee.person_uuid != '30d1fe06bcf411e6a7c23ca9f40bc550'
+        if self.request.is_root:
+            return True
+        return not self.is_employee_protected(employee)


 def includeme(config):
@ -27,4 +41,4 @@ def includeme(config):
    config.add_view(base.EmployeesAutocomplete, route_name='employees.autocomplete',
                    renderer='json', permission='employees.list')

-    EmployeesView.defaults(config)
+    EmployeeView.defaults(config)
--- a/rattail_demo/web/views/people.py
+++ b/rattail_demo/web/views/people.py
@ -5,6 +5,7 @@ Person views

 from tailbone.views import people as base
 from tailbone_corepos.views import people as corepos_base
+from tailbone.config import protected_usernames


 class PersonView(corepos_base.PersonView):
@ -12,11 +13,26 @@ class PersonView(corepos_base.PersonView):
    Prevent edit/delete for Chuck Norris
    """

+    def __init__(self, request, **kwargs):
+        super(PersonView, self).__init__(request, **kwargs)
+        self.protected_usernames = protected_usernames(self.rattail_config)
+
+    def is_person_protected(self, person):
+        if self.protected_usernames:
+            for user in person.users:
+                if user.username in self.protected_usernames:
+                    return True
+        return False
+
    def editable_instance(self, person):
-        return person.uuid != '30d1fe06bcf411e6a7c23ca9f40bc550'
+        if self.request.is_root:
+            return True
+        return not self.is_person_protected(person)

    def deletable_instance(self, person):
-        return person.uuid != '30d1fe06bcf411e6a7c23ca9f40bc550'
+        if self.request.is_root:
+            return True
+        return not self.is_person_protected(person)


 def includeme(config):