added missing/incomplete permissions to views
This commit is contained in:
+14
-3
@@ -1,5 +1,6 @@
|
||||
from datetime import datetime
|
||||
|
||||
from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
|
||||
from django.db.models import Sum
|
||||
from django.shortcuts import render
|
||||
from django.urls import reverse_lazy
|
||||
@@ -22,12 +23,15 @@ from django.http import FileResponse, HttpResponse, response
|
||||
from reportlab.pdfgen import canvas
|
||||
|
||||
# Create your views here.
|
||||
class PaymentCreateView(CreateView):
|
||||
class PaymentCreateView(LoginRequiredMixin, UserPassesTestMixin, CreateView):
|
||||
model = Payment
|
||||
form_class = PaymentCreateForm
|
||||
template_name = 'employee/payment-create.html'
|
||||
success_url = reverse_lazy('not_paid')
|
||||
|
||||
def test_func(self):
|
||||
return self.request.user.has_employee_perm('can_manage_payments') or self.request.user.is_superuser
|
||||
|
||||
def form_valid(self, form):
|
||||
|
||||
last_payment = Payment.objects.order_by('-invoice_number').first()
|
||||
@@ -109,12 +113,19 @@ class PaymentCreateView(CreateView):
|
||||
return form
|
||||
|
||||
|
||||
class PaymentListView(ListView):
|
||||
class PaymentListView(LoginRequiredMixin, UserPassesTestMixin, ListView):
|
||||
model = Payment
|
||||
template_name = 'common/payment-list.html'
|
||||
context_object_name = 'objects'
|
||||
paginate_by = 20
|
||||
|
||||
def test_func(self):
|
||||
return (self.request.user.is_superuser or
|
||||
self.request.user.user_type == 'CA' or
|
||||
self.request.user.has_employee_perm('can_view_payments') or
|
||||
self.request.user.has_company_perm('can_view_payment')
|
||||
)
|
||||
|
||||
def get_queryset(self):
|
||||
queryset = super().get_queryset()
|
||||
user = self.request.user
|
||||
@@ -128,7 +139,7 @@ class PaymentListView(ListView):
|
||||
return queryset
|
||||
|
||||
|
||||
def some_view(request):
|
||||
def some_view(request): # test create pdf invoice
|
||||
buffer = io.BytesIO()
|
||||
doc = SimpleDocTemplate(buffer, pagesize=A4)
|
||||
story = []
|
||||
|
||||
Reference in New Issue
Block a user