added missing/incomplete permissions to views

This commit is contained in:
2025-08-03 11:52:01 +03:00
parent 13c4c324fc
commit 75b3adfc71
14 changed files with 103 additions and 153 deletions
+13 -3
View File
@@ -1,3 +1,4 @@
from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
from django.shortcuts import render, redirect
from django.views import View
from django.views.generic import ListView
@@ -7,12 +8,15 @@ from common.utils.utils import get_preinfo_by_number, get_container_by_number, f
from containers.models import Container
class ClientContainersListView(ListView):
class ClientContainersListView(LoginRequiredMixin, UserPassesTestMixin, ListView):
template_name = 'employee/containers-list.html'
model = Container
context_object_name = 'objects'
paginate_by = 20
def test_func(self):
return self.request.user.user_type in ('CA', 'CL')
def get_queryset(self):
queryset = super().get_queryset()
queryset = filter_queryset_by_user(queryset, self.request.user)
@@ -25,12 +29,15 @@ class ClientContainersListView(ListView):
return queryset
class ReportContainersUnpaidListView(ListView):
class ReportContainersUnpaidListView(LoginRequiredMixin, UserPassesTestMixin, ListView):
template_name = 'employee/unpaid-list.html'
model = Container
context_object_name = 'objects'
paginate_by = 20
def test_func(self):
return self.request.user.has_company_perm('can_manage_payment') or self.request.user.user_type == 'CA'
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
context['companies'] = CompanyModel.objects.all().order_by('name')
@@ -55,9 +62,12 @@ class ReportContainersUnpaidListView(ListView):
return queryset.order_by('-expedited_on')
class ContainerSearchView(View):
class ContainerSearchView(LoginRequiredMixin, UserPassesTestMixin, View):
template_name = 'barrier/container-search.html' # Single template for all searches
def test_func(self):
return self.request.user.user_type in ('CA', 'CL')
def get(self, request):
search_type = request.GET.get('param') # container_receive or container_expedition
return render(request, self.template_name, {'search_type': search_type})