richard
/
doccano
mirror of https://github.com/doccano/doccano.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Fix 403 when project admin accesses edit pages

pull/333/head
Clemens Wolff 5 years ago
committed by margaretmeehan
parent
c4765efd11
commit
300ae1deb6
2 changed files with 14 additions and 11 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 9
      app/api/permissions.py
  2. 16
      app/server/views.py

9
app/api/permissions.py
View File

@ -22,10 +22,13 @@ class IsAdminUserAndWriteOnly(BasePermission):
return IsAdminUser().has_permission(request, view) return IsAdminUser().has_permission(request, view)
class SuperUserMixin(UserPassesTestMixin):
class ProjectAdminMixin(UserPassesTestMixin):
def test_func(self): def test_func(self):
return self.request.user.is_superuser
return self.request.user.is_superuser or is_in_role(
role_name=IsProjectAdmin.role_name,
user_id=self.request.user.id,
project_id=self.kwargs['project_id'],
)
class IsOwnAnnotation(ProjectMixin, BasePermission): class IsOwnAnnotation(ProjectMixin, BasePermission):

16
app/server/views.py
View File

@ -8,7 +8,7 @@ from django.views.generic import TemplateView
from django.views.generic.list import ListView from django.views.generic.list import ListView
from django.contrib.auth.mixins import LoginRequiredMixin from django.contrib.auth.mixins import LoginRequiredMixin
from api.permissions import SuperUserMixin
from api.permissions import ProjectAdminMixin
from api.models import Project, RoleMapping from api.models import Project, RoleMapping
from app import settings from app import settings
@ -38,7 +38,7 @@ class ProjectsView(LoginRequiredMixin, TemplateView):
template_name = 'projects.html' template_name = 'projects.html'
class DatasetView(SuperUserMixin, LoginRequiredMixin, ListView):
class DatasetView(ProjectAdminMixin, LoginRequiredMixin, ListView):
template_name = 'dataset.html' template_name = 'dataset.html'
paginate_by = 5 paginate_by = 5
extra_context = { extra_context = {
@ -50,35 +50,35 @@ class DatasetView(SuperUserMixin, LoginRequiredMixin, ListView):
return project.documents.all() return project.documents.all()
class LabelView(SuperUserMixin, LoginRequiredMixin, TemplateView):
class LabelView(ProjectAdminMixin, LoginRequiredMixin, TemplateView):
template_name = 'admin.html' template_name = 'admin.html'
extra_context = { extra_context = {
'bundle_name': 'label' 'bundle_name': 'label'
} }
class StatsView(SuperUserMixin, LoginRequiredMixin, TemplateView):
class StatsView(ProjectAdminMixin, LoginRequiredMixin, TemplateView):
template_name = 'admin.html' template_name = 'admin.html'
extra_context = { extra_context = {
'bundle_name': 'stats' 'bundle_name': 'stats'
} }
class GuidelineView(SuperUserMixin, LoginRequiredMixin, TemplateView):
class GuidelineView(ProjectAdminMixin, LoginRequiredMixin, TemplateView):
template_name = 'admin.html' template_name = 'admin.html'
extra_context = { extra_context = {
'bundle_name': 'guideline' 'bundle_name': 'guideline'
} }
class UsersView(SuperUserMixin, LoginRequiredMixin, TemplateView):
class UsersView(ProjectAdminMixin, LoginRequiredMixin, TemplateView):
template_name = 'admin.html' template_name = 'admin.html'
extra_context = { extra_context = {
'bundle_name': 'users' 'bundle_name': 'users'
} }
class DataUpload(SuperUserMixin, LoginRequiredMixin, TemplateView):
class DataUpload(ProjectAdminMixin, LoginRequiredMixin, TemplateView):
template_name = 'admin.html' template_name = 'admin.html'
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
@ -88,7 +88,7 @@ class DataUpload(SuperUserMixin, LoginRequiredMixin, TemplateView):
return context return context
class DataDownload(SuperUserMixin, LoginRequiredMixin, TemplateView):
class DataDownload(ProjectAdminMixin, LoginRequiredMixin, TemplateView):
template_name = 'admin.html' template_name = 'admin.html'
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):

Write Preview
Loading…
Cancel
Save