Osiloke Emoekpere avatar Osiloke Emoekpere committed e7c16c1

Modified widget to use django model permissions when renedering. Fixed admin_can wrap to render correct responses

Comments (0)

Files changed (3)

 
 from mezzanine.conf import settings
 from mezzanine.core.managers import PublishedManager, SearchableManager, CurrentSiteManager
-from mezzanine.core.models import Orderable, Displayable, \
+from mezzanine.core.models import Orderable, \
     CONTENT_STATUS_CHOICES, CONTENT_STATUS_DRAFT, Ownable, SiteRelated
 
 from .option_fields import TEXT
 
 from widget.fields import PageWidgetClass
 
+from django.db.models import Q
+from mezzanine.utils.timezone import now
 
 class WidgetOption(object):
     """
 
 class WidgetManager(CurrentSiteManager, PublishedManager, SearchableManager):
     """
-    Manually combines ``CurrentSiteManager``, ``PublishedManager``
-    and ``SearchableManager`` for the ``Widget`` model.
+    Manually combines ``CurrentSiteManager``, ``SearchableManager`` and provides a modified
+    published filter which takes into cconsideration the users change permission
+    for the ``Widget`` model.
 
     """
+    def published(self, for_user=None):
+        """
+        For non-staff/permissionless users, return items with a published status and
+        whose publish and expiry dates fall before and after the
+        current date when specified.
+        """
+        from mezzanine.core.models import CONTENT_STATUS_PUBLISHED
+
+        if for_user is not None and bool(for_user.is_staff
+                or for_user.has_perm("widget.change_widget")):
+            return self.all()
+        return self.filter(
+            Q(publish_date__lte=now()) | Q(publish_date__isnull=True),
+            Q(expiry_date__gte=now()) | Q(expiry_date__isnull=True),
+            Q(status=CONTENT_STATUS_PUBLISHED))
     def widget_models(self):
         return WidgetModel.objects.filter(widget=self)
 

widget/utilities.py

 from copy import copy
 from exceptions import Exception
-from django.http import HttpResponse
+from django.http import HttpResponse, HttpResponseBadRequest, HttpResponseForbidden, HttpResponseNotFound
 from django.template import Template
 from widget.forms import ModelFormForWidget
 from widget.models import WidgetModel
         return wraps(view)(_view)
     return _dec
 
-def admin_can(model, action="add", fail404=False):
+def admin_can(model, action="add", fail404=False, ajax=False):
     def _dec(view):
         def _view(request, *args, **kwargs):
             redirect_field_name = "next"
             if not can(action, model, request):
                 if fail404:
                     raise Http404
-                return HttpResponseRedirect(url)
+                return HttpResponseForbidden("You are not authorized to perform this action")
             else:
                 response = view(request, *args, **kwargs)
                 if not type(response) is HttpResponse:
-                    return HttpResponseRedirect(url)
+                    return HttpResponseNotFound("No data was returned")
                 else:
                     return response
 
 from django.contrib.auth.decorators import login_required
-from django.http import HttpResponse, HttpResponseRedirect
+from django.http import HttpResponse, HttpResponseRedirect, HttpResponseBadRequest
 from django.shortcuts import render_to_response
 from django.template import RequestContext
 from django.views.decorators.http import require_POST
 
 
 @login_required
-@admin_can(Widget)
+@admin_can(Widget, action="change")
 def widget_list(request):
     """
     Renders widget options based on supplied widget
             return HttpResponse(json_serializer.encode(data), mimetype='application/json')
 
         else:
-            return HttpResponseRedirect("/")
+            return HttpResponseBadRequest(mimetype='application/json')
 
 
 @login_required
                         raise
             except Exception, e:
                 data = {"valid": False, "errors": { "_all_": ["Something went wrong, please refresh the page"], "exception": e.message}}
-
-    return HttpResponse(json_serializer.encode(data),\
+    if data.valid:
+        return HttpResponse(json_serializer.encode(data),\
                                  mimetype='application/json')
+    return HttpResponseBadRequest(json_serializer.encode(data),\
+        mimetype='application/json')
 
 create_widget = require_POST(create_widget)
 
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.