added missing/incomplete permissions to views
This commit is contained in:
@@ -1,3 +1,4 @@
|
||||
from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
|
||||
from django.shortcuts import render, redirect
|
||||
from django.views import View
|
||||
from django.views.generic import ListView
|
||||
@@ -7,12 +8,15 @@ from common.utils.utils import get_preinfo_by_number, get_container_by_number, f
|
||||
from containers.models import Container
|
||||
|
||||
|
||||
class ClientContainersListView(ListView):
|
||||
class ClientContainersListView(LoginRequiredMixin, UserPassesTestMixin, ListView):
|
||||
template_name = 'employee/containers-list.html'
|
||||
model = Container
|
||||
context_object_name = 'objects'
|
||||
paginate_by = 20
|
||||
|
||||
def test_func(self):
|
||||
return self.request.user.user_type in ('CA', 'CL')
|
||||
|
||||
def get_queryset(self):
|
||||
queryset = super().get_queryset()
|
||||
queryset = filter_queryset_by_user(queryset, self.request.user)
|
||||
@@ -25,12 +29,15 @@ class ClientContainersListView(ListView):
|
||||
return queryset
|
||||
|
||||
|
||||
class ReportContainersUnpaidListView(ListView):
|
||||
class ReportContainersUnpaidListView(LoginRequiredMixin, UserPassesTestMixin, ListView):
|
||||
template_name = 'employee/unpaid-list.html'
|
||||
model = Container
|
||||
context_object_name = 'objects'
|
||||
paginate_by = 20
|
||||
|
||||
def test_func(self):
|
||||
return self.request.user.has_company_perm('can_manage_payment') or self.request.user.user_type == 'CA'
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
context = super().get_context_data(**kwargs)
|
||||
context['companies'] = CompanyModel.objects.all().order_by('name')
|
||||
@@ -55,9 +62,12 @@ class ReportContainersUnpaidListView(ListView):
|
||||
return queryset.order_by('-expedited_on')
|
||||
|
||||
|
||||
class ContainerSearchView(View):
|
||||
class ContainerSearchView(LoginRequiredMixin, UserPassesTestMixin, View):
|
||||
template_name = 'barrier/container-search.html' # Single template for all searches
|
||||
|
||||
def test_func(self):
|
||||
return self.request.user.user_type in ('CA', 'CL')
|
||||
|
||||
def get(self, request):
|
||||
search_type = request.GET.get('param') # container_receive or container_expedition
|
||||
return render(request, self.template_name, {'search_type': search_type})
|
||||
|
||||
Reference in New Issue
Block a user