gitea
/
depot_django
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added missing/incomplete permissions to views

Browse Source
deploy_branch
kikimor 7 months ago
parent 13c4c324fc
commit 75b3adfc71
14 changed files with 103 additions and 153 deletions
Show Stats Download Patch File Download Diff File

19
.idea/workspace.xml
Unescape Escape View File

@ -5,35 +5,20 @@
</component>
<component name="ChangeListManager">
<list default="true" id="7410a44d-51b9-408b-85ad-4fa46776b372" name="Changes" comment="commit unversioned files ;)">
<change afterPath="$PROJECT_DIR$/accounts/templatetags/permission_tags.py" afterDir="false" />
<change afterPath="$PROJECT_DIR$/templates/common/payment-list.html" afterDir="false" />
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
<change beforePath="$PROJECT_DIR$/accounts/migrations/0008_populate_permissions.py" beforeDir="false" afterPath="$PROJECT_DIR$/accounts/migrations/0008_populate_permissions.py" afterDir="false" />
<change beforePath="$PROJECT_DIR$/accounts/models.py" beforeDir="false" afterPath="$PROJECT_DIR$/accounts/models.py" afterDir="false" />
<change beforePath="$PROJECT_DIR$/accounts/views.py" beforeDir="false" afterPath="$PROJECT_DIR$/accounts/views.py" afterDir="false" />
<change beforePath="$PROJECT_DIR$/booking/views/client_views.py" beforeDir="false" afterPath="$PROJECT_DIR$/booking/views/client_views.py" afterDir="false" />
<change beforePath="$PROJECT_DIR$/booking/views/employee_views.py" beforeDir="false" afterPath="$PROJECT_DIR$/booking/views/employee_views.py" afterDir="false" />
<change beforePath="$PROJECT_DIR$/common/views/barrier_views.py" beforeDir="false" afterPath="$PROJECT_DIR$/common/views/barrier_views.py" afterDir="false" />
<change beforePath="$PROJECT_DIR$/common/views/client_views.py" beforeDir="false" afterPath="$PROJECT_DIR$/common/views/client_views.py" afterDir="false" />
<change beforePath="$PROJECT_DIR$/common/views/employee_views.py" beforeDir="false" afterPath="$PROJECT_DIR$/common/views/employee_views.py" afterDir="false" />
<change beforePath="$PROJECT_DIR$/containers/views/barrier_views.py" beforeDir="false" afterPath="$PROJECT_DIR$/containers/views/barrier_views.py" afterDir="false" />
<change beforePath="$PROJECT_DIR$/containers/views/client_views.py" beforeDir="false" afterPath="$PROJECT_DIR$/containers/views/client_views.py" afterDir="false" />
<change beforePath="$PROJECT_DIR$/containers/views/common.py" beforeDir="false" afterPath="$PROJECT_DIR$/containers/views/common.py" afterDir="false" />
<change beforePath="$PROJECT_DIR$/containers/views/employee_views.py" beforeDir="false" afterPath="$PROJECT_DIR$/containers/views/employee_views.py" afterDir="false" />
<change beforePath="$PROJECT_DIR$/payments/urls.py" beforeDir="false" afterPath="$PROJECT_DIR$/payments/urls.py" afterDir="false" />
<change beforePath="$PROJECT_DIR$/payments/views.py" beforeDir="false" afterPath="$PROJECT_DIR$/payments/views.py" afterDir="false" />
<change beforePath="$PROJECT_DIR$/preinfo/views/client_views.py" beforeDir="false" afterPath="$PROJECT_DIR$/preinfo/views/client_views.py" afterDir="false" />
<change beforePath="$PROJECT_DIR$/preinfo/views/employee_views.py" beforeDir="false" afterPath="$PROJECT_DIR$/preinfo/views/employee_views.py" afterDir="false" />
<change beforePath="$PROJECT_DIR$/readme.md" beforeDir="false" afterPath="$PROJECT_DIR$/readme.md" afterDir="false" />
<change beforePath="$PROJECT_DIR$/templates/client-sidebar.html" beforeDir="false" afterPath="$PROJECT_DIR$/templates/client-sidebar.html" afterDir="false" />
<change beforePath="$PROJECT_DIR$/templates/client/booking-list.html" beforeDir="false" afterPath="$PROJECT_DIR$/templates/client/booking-list.html" afterDir="false" />
<change beforePath="$PROJECT_DIR$/templates/client/preinfo-list.html" beforeDir="false" afterPath="$PROJECT_DIR$/templates/client/preinfo-list.html" afterDir="false" />
<change beforePath="$PROJECT_DIR$/templates/common/container-details.html" beforeDir="false" afterPath="$PROJECT_DIR$/templates/common/container-details.html" afterDir="false" />
<change beforePath="$PROJECT_DIR$/templates/employee-sidebar.html" beforeDir="false" afterPath="$PROJECT_DIR$/templates/employee-sidebar.html" afterDir="false" />
<change beforePath="$PROJECT_DIR$/templates/employee/booking-list.html" beforeDir="false" afterPath="$PROJECT_DIR$/templates/employee/booking-list.html" afterDir="false" />
<change beforePath="$PROJECT_DIR$/templates/employee/containers-list.html" beforeDir="false" afterPath="$PROJECT_DIR$/templates/employee/containers-list.html" afterDir="false" />
<change beforePath="$PROJECT_DIR$/templates/employee/payment-create.html" beforeDir="false" afterPath="$PROJECT_DIR$/templates/employee/payment-create.html" afterDir="false" />
<change beforePath="$PROJECT_DIR$/templates/employee/payment-list.html" beforeDir="false" afterPath="$PROJECT_DIR$/templates/employee/unpaid-list.html" afterDir="false" />
<change beforePath="$PROJECT_DIR$/templates/employee/preinfo-list.html" beforeDir="false" afterPath="$PROJECT_DIR$/templates/employee/preinfo-list.html" afterDir="false" />
<change beforePath="$PROJECT_DIR$/web_depot.tar" beforeDir="false" afterPath="$PROJECT_DIR$/web_depot.tar" afterDir="false" />
</list>
<option name="SHOW_DIALOG" value="false" />
<option name="HIGHLIGHT_CONFLICTS" value="true" />

54
accounts/views.py
Unescape Escape View File

@ -12,7 +12,7 @@ from accounts.forms import LoginForm, RegisterForm, UserChangePasswordForm, User
from accounts.models import DepotUser
from django.contrib.auth.decorators import login_required, user_passes_test
from django.contrib.auth.mixins import AccessMixin, LoginRequiredMixin
from django.contrib.auth.mixins import AccessMixin, LoginRequiredMixin, UserPassesTestMixin
# Create your views here.
@ -28,27 +28,21 @@ class DepotLoginView(LoginView):
def is_company_admin(user):
return user.is_authenticated and user.is_company_admin
@method_decorator(login_required, name='dispatch')
class RegisterView(AccessMixin, FormView):
class RegisterView(LoginRequiredMixin, UserPassesTestMixin, FormView):
template_name = 'registration/register.html'
form_class = RegisterForm
# model = get_user_model()
success_url = reverse_lazy('dashboard')
def dispatch(self, request, *args, **kwargs):
user: DepotUser = request.user
if not (user.is_superuser or user.user_type == DepotUser.UserType.COMPANY_ADMIN):
return self.handle_no_permission()
return super().dispatch(request, *args, **kwargs)
def test_func(self):
user = self.request.user
return user.is_superuser or user.user_type == DepotUser.UserType.COMPANY_ADMIN
def form_valid(self, form):
# Create user from form data
user = form.save(commit=False)
user_type = form.cleaned_data['user_type']
user.save()
# Clear irrelevant permissions based on user type
if user_type == DepotUser.UserType.CLIENT:
user.employee_permissions.clear()
user.company_permissions.set(form.cleaned_data['company_permissions'])
@ -90,17 +84,15 @@ class RegisterView(AccessMixin, FormView):
return form
class UserListView(ListView):
class UserListView(LoginRequiredMixin, UserPassesTestMixin, ListView):
template_name = 'registration/user-list.html'
model = get_user_model()
context_object_name = 'objects'
paginate_by = 20 # Number of containers per page
# base_template = 'employee-base.html'
paginate_by = 20
# def get_context_data(self, **kwargs):
# context = super().get_context_data(**kwargs)
# context['base_template'] = self.base_template
# return context
def test_func(self):
user = self.request.user
return user.is_superuser or user.user_type == DepotUser.UserType.COMPANY_ADMIN
def get_queryset(self):
queryset = super().get_queryset()
@ -111,7 +103,6 @@ class UserListView(ListView):
if data_filter != 'all':
queryset = queryset.filter(is_active=True)
# Filter users based on permissions
if user.is_superuser:
return queryset.all()
elif user.user_type == DepotUser.UserType.COMPANY_ADMIN:
@ -119,18 +110,15 @@ class UserListView(ListView):
else:
return queryset.none()
class UserUpdateView(UpdateView):
class UserUpdateView(LoginRequiredMixin, UserPassesTestMixin, UpdateView):
template_name = 'registration/register.html'
form_class = UserEditForm
model = get_user_model()
success_url = reverse_lazy('user_list')
def dispatch(self, request, *args, **kwargs):
user: DepotUser = request.user
if not (user.is_superuser or user.user_type == DepotUser.UserType.COMPANY_ADMIN):
return self.handle_no_permission()
return super().dispatch(request, *args, **kwargs)
def test_func(self):
user = self.request.user
return user.is_superuser or user.user_type == DepotUser.UserType.COMPANY_ADMIN
def form_valid(self, form):
user = form.save(commit=False)
@ -175,14 +163,16 @@ class UserUpdateView(UpdateView):
return form
class UserActiveView(LoginRequiredMixin, View):
class UserActiveView(LoginRequiredMixin, UserPassesTestMixin, View):
success_url = reverse_lazy('user_list')
def test_func(self):
user = self.request.user
return user.is_superuser or user.user_type == DepotUser.UserType.COMPANY_ADMIN
def post(self, request, pk, *args, **kwargs):
user = request.user
if not (user.is_superuser or getattr(user, 'user_type', None) == DepotUser.UserType.COMPANY_ADMIN):
return HttpResponseForbidden("You do not have permission to perform this action.")
target_user = get_object_or_404(get_user_model(), pk=pk)
if target_user == user:
return HttpResponseForbidden("You cannot change your own active status.")
@ -192,7 +182,7 @@ class UserActiveView(LoginRequiredMixin, View):
return JsonResponse({'success': True, 'is_active': target_user.is_active})
class CustomPasswordChangeView(PasswordChangeView):
class CustomPasswordChangeView(LoginRequiredMixin, PasswordChangeView):
template_name = 'registration/change_password.html'
def get_success_url(self):

10
booking/views/client_views.py
Unescape Escape View File

@ -13,16 +13,10 @@ class ClientBookingView(LoginRequiredMixin, UserPassesTestMixin, ListView):
template_name = 'client/booking-list.html'
paginate_by = 20
context_object_name = 'objects'
# base_template = 'client-base.html'
def test_func(self):
return self.request.user.has_company_perm('can_view_booking') or self.request.user.user_type == 'CA'
# def get_context_data(self, **kwargs):
# context = super().get_context_data(**kwargs)
# context['base_template'] = self.base_template
# return context
def get_queryset(self):
queryset = super().get_queryset()
user = self.request.user
@ -50,7 +44,7 @@ class CreateBookingView(LoginRequiredMixin, UserPassesTestMixin, LineFilterFormM
return super().form_valid(form)
def test_func(self):
return True # self.request.user.has_company_perm('can_edit_preinfo') or self.request.user.user_type == 'CA'
self.request.user.has_company_perm('can_edit_preinfo') or self.request.user.user_type == 'CA'
class ClientBookingUpdateView(LoginRequiredMixin, UserPassesTestMixin, LineFilterFormMixin, CreateView):
@ -65,4 +59,4 @@ class ClientBookingUpdateView(LoginRequiredMixin, UserPassesTestMixin, LineFilte
return super().form_valid(form)
def test_func(self):
return True # self.request.user.has_company_perm('can_edit_preinfo') or self.request.user.user_type == 'CA'
return self.request.user.has_company_perm('can_edit_preinfo') or self.request.user.user_type == 'CA'

13
booking/views/employee_views.py
Unescape Escape View File

@ -1,19 +1,18 @@
from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
from django.views.generic import ListView
from booking.models import Booking
class BookingListView(ListView):
class BookingListView(LoginRequiredMixin, UserPassesTestMixin, ListView):
template_name = 'employee/booking-list.html'
model = Booking
context_object_name = 'objects'
paginate_by = 20 # Number of containers per page
# base_template = 'employee-base.html'
paginate_by = 20
# def get_context_data(self, **kwargs):
# context = super().get_context_data(**kwargs)
# context['base_template'] = self.base_template
# return context
def test_func(self):
user = self.request.user
return self.request.user.user_type == 'EMP' or user.is_superuser
def get_queryset(self):
queryset = super().get_queryset()

6
common/views/barrier_views.py
Unescape Escape View File

@ -1,12 +1,16 @@
from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
from django.shortcuts import render
from django.views.generic import TemplateView
from containers.models import Container
class BarrierDashboardView(TemplateView):
class BarrierDashboardView(LoginRequiredMixin, UserPassesTestMixin, TemplateView):
template_name = 'barrier/barrier-dashboard.html'
def test_func(self):
return self.request.user.user_type == 'BA'
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
recent_containers = Container.objects.select_related('line', 'booking').order_by('-expedited_on', '-received_on')[:10]

13
common/views/client_views.py
Unescape Escape View File

@ -87,15 +87,9 @@ class ClientLineListView(LoginRequiredMixin, UserPassesTestMixin, ListView):
template_name = 'client/line-list.html'
context_object_name = 'objects'
paginate_by = 20
# base_template = 'client-base.html'
def test_func(self):
return True # self.request.user.has_employee_perm('can_view_preinfo') or self.request.user.user_type == 'CA'
# def get_context_data(self, **kwargs):
# context = super().get_context_data(**kwargs)
# context['base_template'] = self.base_template
# return context
return self.request.user.user_type == 'CA'
def get_queryset(self):
queryset = super().get_queryset()
@ -115,11 +109,10 @@ class ClientLineCreateView(LoginRequiredMixin, UserPassesTestMixin, CreateView):
model = LinesModel
template_name = 'client/line-create.html'
form_class = LineCreateForm
success_url = reverse_lazy('client-line')
def test_func(self):
return True # self.request.user.has_company_perm('can_create_preinfo') or self.request.user.user_type == 'CA'
return self.request.user.user_type == 'CA'
def get_form(self, form_class=None):
form = super().get_form(form_class)
@ -139,7 +132,7 @@ class ClientLineUpdateView(LoginRequiredMixin, UserPassesTestMixin, UpdateView):
success_url = reverse_lazy('client-company')
def test_func(self):
return True # self.request.user.ha.s_company_perm('can_edit_preinfo') or self.request.user.user_type == 'CA'
return self.request.user.user_type == 'CA'
def get_form(self, form_class=None):
form = super().get_form(form_class)

51
common/views/employee_views.py
Unescape Escape View File

@ -10,13 +10,16 @@ from containers.models import Container
from preinfo.models import Preinfo
class EmployeeDashboardView(TemplateView):
class EmployeeDashboardView(LoginRequiredMixin, UserPassesTestMixin, TemplateView):
template_name = 'employee-dashboard-content.html'
extra_context = {
'title': 'Employee Dashboard',
'description': 'This is the depot employee dashboard page.',
}
def test_func(self):
return self.request.user.user_type == 'EMP' or self.request.user.is_superuser
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
containers = Container.objects.filter(expedited=False).count()
@ -30,18 +33,12 @@ class EmployeeDashboardView(TemplateView):
class EmployeeCompanyListView(LoginRequiredMixin, UserPassesTestMixin, ListView):
model = CompanyModel
template_name = 'common/../../templates/employee/company-list.html'
template_name = 'employee/company-list.html'
context_object_name = 'objects'
paginate_by = 20
# base_template = 'employee-base.html'
def test_func(self):
return True # self.request.user.has_employee_perm('can_view_preinfo') or self.request.user.user_type == 'CA'
# def get_context_data(self, **kwargs):
# context = super().get_context_data(**kwargs)
# context['base_template'] = self.base_template
# return context
return self.request.user.is_superuser
def get_queryset(self):
queryset = super().get_queryset()
@ -61,13 +58,7 @@ class EmployeeCompanyCreateView(LoginRequiredMixin, UserPassesTestMixin, CreateV
success_url = reverse_lazy('employee_company')
def test_func(self):
return True # self.request.user.has_company_perm('can_create_preinfo') or self.request.user.user_type == 'CA'
# def form_valid(self, form):
# form.instance.created_by = self.request.user
# form.instance.updated_by = self.request.user
# return super().form_valid(form)
return self.request.user.is_superuser
class EmployeeCompanyUpdateView(LoginRequiredMixin, UserPassesTestMixin, UpdateView):
@ -77,11 +68,7 @@ class EmployeeCompanyUpdateView(LoginRequiredMixin, UserPassesTestMixin, UpdateV
success_url = reverse_lazy('employee_company')
def test_func(self):
return True # self.request.user.ha.s_company_perm('can_edit_preinfo') or self.request.user.user_type == 'CA'
# def form_valid(self, form):
# form.instance.updated_by = self.request.user
# return super().form_valid(form)
return self.request.user.is_superuser
class EmployeeLineListView(LoginRequiredMixin, UserPassesTestMixin, ListView):
@ -89,15 +76,9 @@ class EmployeeLineListView(LoginRequiredMixin, UserPassesTestMixin, ListView):
template_name = 'employee/line-list.html'
context_object_name = 'objects'
paginate_by = 20
# base_template = 'employee-base.html'
def test_func(self):
return True # self.request.user.has_employee_perm('can_view_preinfo') or self.request.user.user_type == 'CA'
# def get_context_data(self, **kwargs):
# context = super().get_context_data(**kwargs)
# context['base_template'] = self.base_template
# return context
return self.request.user.is_superuser
def get_queryset(self):
queryset = super().get_queryset()
@ -117,13 +98,7 @@ class EmployeeLineCreateView(LoginRequiredMixin, UserPassesTestMixin, CreateView
success_url = reverse_lazy('employee_line')
def test_func(self):
return True # self.request.user.has_company_perm('can_create_preinfo') or self.request.user.user_type == 'CA'
# def form_valid(self, form):
# form.instance.created_by = self.request.user
# form.instance.updated_by = self.request.user
# return super().form_valid(form)
return self.request.user.is_superuser
class EmployeeLineUpdateView(LoginRequiredMixin, UserPassesTestMixin, UpdateView):
@ -133,8 +108,4 @@ class EmployeeLineUpdateView(LoginRequiredMixin, UserPassesTestMixin, UpdateView
success_url = reverse_lazy('employee_line')
def test_func(self):
return True # self.request.user.ha.s_company_perm('can_edit_preinfo') or self.request.user.user_type == 'CA'
# def form_valid(self, form):
# form.instance.updated_by = self.request.user
# return super().form_valid(form)
return self.request.user.is_superuser

11
containers/views/barrier_views.py
Unescape Escape View File

@ -1,3 +1,4 @@
from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
from django.shortcuts import render, redirect
from django.urls import reverse_lazy
from django.utils import timezone
@ -13,11 +14,14 @@ from preinfo.models import Preinfo
# Create your views here.
class ContainerReceiveView(FormView):
class ContainerReceiveView(LoginRequiredMixin, UserPassesTestMixin, FormView):
template_name = 'container-receive.html'
form_class = ContainerReceiveForm
success_url = reverse_lazy('container_photos')
def test_func(self):
return self.request.user.user_type == 'BS'
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
context['show_search'] = True
@ -179,11 +183,14 @@ class ContainerSearchView(View):
# # return redirect(reverse_lazy('container_search'))
class ContainerExpedition(FormView):
class ContainerExpedition(LoginRequiredMixin, UserPassesTestMixin, FormView):
template_name = 'container-expedition.html'
form_class = ContainerExpeditionForm
success_url = reverse_lazy('barrier_dashboard')
def test_func(self):
return self.request.user.user_type == 'BS'
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
context['show_search'] = True

16
containers/views/client_views.py
Unescape Escape View File

@ -1,3 +1,4 @@
from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
from django.shortcuts import render, redirect
from django.views import View
from django.views.generic import ListView
@ -7,12 +8,15 @@ from common.utils.utils import get_preinfo_by_number, get_container_by_number, f
from containers.models import Container
class ClientContainersListView(ListView):
class ClientContainersListView(LoginRequiredMixin, UserPassesTestMixin, ListView):
template_name = 'employee/containers-list.html'
model = Container
context_object_name = 'objects'
paginate_by = 20
def test_func(self):
return self.request.user.user_type in ('CA', 'CL')
def get_queryset(self):
queryset = super().get_queryset()
queryset = filter_queryset_by_user(queryset, self.request.user)
@ -25,12 +29,15 @@ class ClientContainersListView(ListView):
return queryset
class ReportContainersUnpaidListView(ListView):
class ReportContainersUnpaidListView(LoginRequiredMixin, UserPassesTestMixin, ListView):
template_name = 'employee/unpaid-list.html'
model = Container
context_object_name = 'objects'
paginate_by = 20
def test_func(self):
return self.request.user.has_company_perm('can_manage_payment') or self.request.user.user_type == 'CA'
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
context['companies'] = CompanyModel.objects.all().order_by('name')
@ -55,9 +62,12 @@ class ReportContainersUnpaidListView(ListView):
return queryset.order_by('-expedited_on')
class ContainerSearchView(View):
class ContainerSearchView(LoginRequiredMixin, UserPassesTestMixin, View):
template_name = 'barrier/container-search.html' # Single template for all searches
def test_func(self):
return self.request.user.user_type in ('CA', 'CL')
def get(self, request):
search_type = request.GET.get('param') # container_receive or container_expedition
return render(request, self.template_name, {'search_type': search_type})

4
containers/views/common.py
Unescape Escape View File

@ -1,3 +1,4 @@
from django.contrib.auth.mixins import LoginRequiredMixin
from django.shortcuts import render
from django.views.generic import FormView, ListView
from django.views.generic.base import TemplateView
@ -77,10 +78,9 @@ from containers.models import Container
# return render(self.request, self.template_name, context)
class ContainerDetails(ListView):
class ContainerDetails(LoginRequiredMixin, ListView):
template_name = 'common/container-details.html'
model = Container
# base_template = 'employee-base.html'
context_object_name = 'objects'
paginate_by = 20

22
containers/views/employee_views.py
Unescape Escape View File

@ -1,3 +1,4 @@
from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
from django.shortcuts import render, redirect
from django.views import View
from django.views.generic import ListView
@ -7,17 +8,11 @@ from common.utils.utils import get_preinfo_by_number, get_container_by_number
from containers.models import Container
class ContainersListView(ListView):
class ContainersListView(LoginRequiredMixin, ListView):
template_name = 'employee/containers-list.html'
model = Container
context_object_name = 'objects'
paginate_by = 20 # Number of containers per page
# base_template = 'employee-base.html'
# def get_context_data(self, **kwargs):
# context = super().get_context_data(**kwargs)
# context['base_template'] = self.base_template
# return context
paginate_by = 20
def get_queryset(self):
queryset = super().get_queryset()
@ -30,12 +25,15 @@ class ContainersListView(ListView):
return queryset
class ReportContainersUnpaidListView(ListView):
class ReportContainersUnpaidListView(LoginRequiredMixin, UserPassesTestMixin, ListView):
template_name = 'employee/unpaid-list.html'
model = Container
context_object_name = 'objects'
paginate_by = 20 # Number of payments per page
# base_template = 'employee-base.html'
paginate_by = 20
def test_func(self):
return self.request.user.has_company_perm('can_manage_payments') or self.request.user.is_superuser
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
@ -62,7 +60,7 @@ class ReportContainersUnpaidListView(ListView):
return queryset.order_by('-expedited_on')
class ContainerSearchView(View):
class ContainerSearchView(LoginRequiredMixin, View):
template_name = 'barrier/container-search.html' # Single template for all searches
def get(self, request):

17
payments/views.py
Unescape Escape View File

@ -1,5 +1,6 @@
from datetime import datetime
from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
from django.db.models import Sum
from django.shortcuts import render
from django.urls import reverse_lazy
@ -22,12 +23,15 @@ from django.http import FileResponse, HttpResponse, response
from reportlab.pdfgen import canvas
# Create your views here.
class PaymentCreateView(CreateView):
class PaymentCreateView(LoginRequiredMixin, UserPassesTestMixin, CreateView):
model = Payment
form_class = PaymentCreateForm
template_name = 'employee/payment-create.html'
success_url = reverse_lazy('not_paid')
def test_func(self):
return self.request.user.has_employee_perm('can_manage_payments') or self.request.user.is_superuser
def form_valid(self, form):
last_payment = Payment.objects.order_by('-invoice_number').first()
@ -109,12 +113,19 @@ class PaymentCreateView(CreateView):
return form
class PaymentListView(ListView):
class PaymentListView(LoginRequiredMixin, UserPassesTestMixin, ListView):
model = Payment
template_name = 'common/payment-list.html'
context_object_name = 'objects'
paginate_by = 20
def test_func(self):
return (self.request.user.is_superuser or
self.request.user.user_type == 'CA' or
self.request.user.has_employee_perm('can_view_payments') or
self.request.user.has_company_perm('can_view_payment')
)
def get_queryset(self):
queryset = super().get_queryset()
user = self.request.user
@ -128,7 +139,7 @@ class PaymentListView(ListView):
return queryset
def some_view(request):
def some_view(request): # test create pdf invoice
buffer = io.BytesIO()
doc = SimpleDocTemplate(buffer, pagesize=A4)
story = []

12
preinfo/views/client_views.py
Unescape Escape View File

@ -25,16 +25,10 @@ class ClientPreinfoView(LoginRequiredMixin, UserPassesTestMixin, ListView):
# CRUDListView template
context_object_name = 'objects'
# base_template = 'client-base.html'
def test_func(self):
return self.request.user.has_company_perm('can_view_preinfo') or self.request.user.user_type == 'CA'
# def get_context_data(self, **kwargs):
# context = super().get_context_data(**kwargs)
# context['base_template'] = self.base_template
# return context
def get_queryset(self):
queryset = super().get_queryset()
user = self.request.user
@ -60,7 +54,7 @@ class ClientPreinfoCreateView(LoginRequiredMixin, UserPassesTestMixin, LineFilte
success_url = reverse_lazy('client_preinfo')
def test_func(self):
return True # self.request.user.has_company_perm('can_create_preinfo') or self.request.user.user_type == 'CA'
return self.request.user.has_company_perm('can_manage_preinfo') or self.request.user.user_type == 'CA'
def form_valid(self, form):
form.instance.created_by = self.request.user
@ -76,7 +70,7 @@ class ClientPreinfoUpdateView(LoginRequiredMixin, UserPassesTestMixin, LineFilte
success_url = reverse_lazy('client_preinfo')
def test_func(self):
return True # self.request.user.ha.s_company_perm('can_edit_preinfo') or self.request.user.user_type == 'CA'
return self.request.user.has_company_perm('can_manage_preinfo') or self.request.user.user_type == 'CA'
def form_valid(self, form):
form.instance.updated_by = self.request.user
@ -95,7 +89,7 @@ def check_preinfo(request):
return JsonResponse({'found': False})
class PreinfoSearchView(View):
class PreinfoSearchView(LoginRequiredMixin, View):
template_name = 'container-search.html'
def get(self, request):

8
preinfo/views/employee_views.py
Unescape Escape View File

@ -9,15 +9,9 @@ class EmployeePreinfoView(LoginRequiredMixin, UserPassesTestMixin, ListView):
context_object_name = 'objects'
paginate_by = 20
form_class = PreinfoEditForm
# base_template = 'employee-base.html'
def test_func(self):
return True # self.request.user.has_employee_perm('can_view_preinfo') or self.request.user.user_type == 'CA'
# def get_context_data(self, **kwargs):
# context = super().get_context_data(**kwargs)
# context['base_template'] = self.base_template
# return context
return self.request.user.user_type in ('EM', 'CA')
def get_queryset(self):
queryset = super().get_queryset()

Write Preview
Loading…
Cancel
Save