richard
/
doccano
mirror of https://github.com/doccano/doccano.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Fix 403 when project admin accesses edit pages

pull/333/head
Clemens Wolff 5 years ago
committed by margaretmeehan
parent
c4765efd11
commit
300ae1deb6
2 changed files with 14 additions and 11 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 9
      app/api/permissions.py
  2. 16
      app/server/views.py

9
app/api/permissions.py
View File

@ -22,10 +22,13 @@ class IsAdminUserAndWriteOnly(BasePermission):
return IsAdminUser().has_permission(request, view)
class SuperUserMixin(UserPassesTestMixin):
class ProjectAdminMixin(UserPassesTestMixin):
def test_func(self):
return self.request.user.is_superuser
return self.request.user.is_superuser or is_in_role(
role_name=IsProjectAdmin.role_name,
user_id=self.request.user.id,
project_id=self.kwargs['project_id'],
)
class IsOwnAnnotation(ProjectMixin, BasePermission):

16
app/server/views.py
View File

@ -8,7 +8,7 @@ from django.views.generic import TemplateView
from django.views.generic.list import ListView
from django.contrib.auth.mixins import LoginRequiredMixin
from api.permissions import SuperUserMixin
from api.permissions import ProjectAdminMixin
from api.models import Project, RoleMapping
from app import settings
@ -38,7 +38,7 @@ class ProjectsView(LoginRequiredMixin, TemplateView):
template_name = 'projects.html'
class DatasetView(SuperUserMixin, LoginRequiredMixin, ListView):
class DatasetView(ProjectAdminMixin, LoginRequiredMixin, ListView):
template_name = 'dataset.html'
paginate_by = 5
extra_context = {
@ -50,35 +50,35 @@ class DatasetView(SuperUserMixin, LoginRequiredMixin, ListView):
return project.documents.all()
class LabelView(SuperUserMixin, LoginRequiredMixin, TemplateView):
class LabelView(ProjectAdminMixin, LoginRequiredMixin, TemplateView):
template_name = 'admin.html'
extra_context = {
'bundle_name': 'label'
}
class StatsView(SuperUserMixin, LoginRequiredMixin, TemplateView):
class StatsView(ProjectAdminMixin, LoginRequiredMixin, TemplateView):
template_name = 'admin.html'
extra_context = {
'bundle_name': 'stats'
}
class GuidelineView(SuperUserMixin, LoginRequiredMixin, TemplateView):
class GuidelineView(ProjectAdminMixin, LoginRequiredMixin, TemplateView):
template_name = 'admin.html'
extra_context = {
'bundle_name': 'guideline'
}
class UsersView(SuperUserMixin, LoginRequiredMixin, TemplateView):
class UsersView(ProjectAdminMixin, LoginRequiredMixin, TemplateView):
template_name = 'admin.html'
extra_context = {
'bundle_name': 'users'
}
class DataUpload(SuperUserMixin, LoginRequiredMixin, TemplateView):
class DataUpload(ProjectAdminMixin, LoginRequiredMixin, TemplateView):
template_name = 'admin.html'
def get_context_data(self, **kwargs):
@ -88,7 +88,7 @@ class DataUpload(SuperUserMixin, LoginRequiredMixin, TemplateView):
return context
class DataDownload(SuperUserMixin, LoginRequiredMixin, TemplateView):
class DataDownload(ProjectAdminMixin, LoginRequiredMixin, TemplateView):
template_name = 'admin.html'
def get_context_data(self, **kwargs):

Write Preview
Loading…
Cancel
Save