added missing/incomplete permissions to views

This commit is contained in:
2025-08-03 11:52:01 +03:00
parent 13c4c324fc
commit 75b3adfc71
14 changed files with 103 additions and 153 deletions
+14 -3
View File
@@ -1,5 +1,6 @@
from datetime import datetime
from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
from django.db.models import Sum
from django.shortcuts import render
from django.urls import reverse_lazy
@@ -22,12 +23,15 @@ from django.http import FileResponse, HttpResponse, response
from reportlab.pdfgen import canvas
# Create your views here.
class PaymentCreateView(CreateView):
class PaymentCreateView(LoginRequiredMixin, UserPassesTestMixin, CreateView):
model = Payment
form_class = PaymentCreateForm
template_name = 'employee/payment-create.html'
success_url = reverse_lazy('not_paid')
def test_func(self):
return self.request.user.has_employee_perm('can_manage_payments') or self.request.user.is_superuser
def form_valid(self, form):
last_payment = Payment.objects.order_by('-invoice_number').first()
@@ -109,12 +113,19 @@ class PaymentCreateView(CreateView):
return form
class PaymentListView(ListView):
class PaymentListView(LoginRequiredMixin, UserPassesTestMixin, ListView):
model = Payment
template_name = 'common/payment-list.html'
context_object_name = 'objects'
paginate_by = 20
def test_func(self):
return (self.request.user.is_superuser or
self.request.user.user_type == 'CA' or
self.request.user.has_employee_perm('can_view_payments') or
self.request.user.has_company_perm('can_view_payment')
)
def get_queryset(self):
queryset = super().get_queryset()
user = self.request.user
@@ -128,7 +139,7 @@ class PaymentListView(ListView):
return queryset
def some_view(request):
def some_view(request): # test create pdf invoice
buffer = io.BytesIO()
doc = SimpleDocTemplate(buffer, pagesize=A4)
story = []