From c2f169e693bf9b7e5d3fbaf618ddf252efc53447 Mon Sep 17 00:00:00 2001 From: Dmitry Novikov Date: Fri, 24 Aug 2018 14:40:22 +0300 Subject: [PATCH] Fix access users to admin when user logged in --- abonapp/views.py | 49 +++++++++++++++++++++++++++++++------------ accounts_app/views.py | 14 +++++++++---- devapp/views.py | 32 +++++++++++++++++++++------- dialing_app/views.py | 16 +++++++++----- group_app/views.py | 12 +++++++---- ip_pool/views.py | 14 ++++++++----- mapapp/views.py | 16 +++++++++++++- msg_app/views.py | 9 +++++++- nas_app/views.py | 12 +++++++---- searchapp/views.py | 2 ++ statistics/views.py | 4 ++++ tariff_app/views.py | 12 ++++++++--- taskapp/views.py | 21 ++++++++++++++----- 13 files changed, 160 insertions(+), 53 deletions(-) diff --git a/abonapp/views.py b/abonapp/views.py index 51a32e8..9f556e4 100644 --- a/abonapp/views.py +++ b/abonapp/views.py @@ -36,7 +36,10 @@ from djing import lib from djing.global_base_views import OrderedFilteredList, SecureApiView -@method_decorator((login_required, lib.decorators.only_admins), name='dispatch') +login_decs = login_required, lib.decorators.only_admins + + +@method_decorator(login_decs, name='dispatch') class PeoplesListView(OrderedFilteredList): template_name = 'abonapp/peoples.html' @@ -75,7 +78,7 @@ class PeoplesListView(OrderedFilteredList): return context -@method_decorator((login_required, lib.decorators.only_admins), name='dispatch') +@method_decorator(login_decs, name='dispatch') class GroupListView(OrderedFilteredList): context_object_name = 'groups' template_name = 'abonapp/group_list.html' @@ -88,7 +91,7 @@ class GroupListView(OrderedFilteredList): return queryset -@method_decorator((login_required, lib.decorators.only_admins), name='dispatch') +@method_decorator(login_decs, name='dispatch') @method_decorator(permission_required('abonapp.add_abon'), name='dispatch') class AbonCreateView(CreateView): group = None @@ -141,7 +144,7 @@ class AbonCreateView(CreateView): return super(AbonCreateView, self).form_invalid(form) -@method_decorator((login_required, lib.decorators.only_admins), name='dispatch') +@method_decorator(login_decs, name='dispatch') @method_decorator(permission_required('abonapp.delete_abon'), name='dispatch') class DelAbonDeleteView(DeleteView): model = models.Abon @@ -174,6 +177,7 @@ class DelAbonDeleteView(DeleteView): @login_required +@lib.decorators.only_admins @permission_required('abonapp.can_add_ballance') @transaction.atomic def abonamount(request, gid, uname): @@ -207,7 +211,7 @@ def abonamount(request, gid, uname): }) -@method_decorator((login_required, lib.decorators.only_admins), name='dispatch') +@method_decorator(login_decs, name='dispatch') @method_decorator(permission_required('group_app.can_view_group', (Group, 'pk', 'gid')), name='dispatch') class DebtsListView(OrderedFilteredList): context_object_name = 'invoices' @@ -225,7 +229,7 @@ class DebtsListView(OrderedFilteredList): return context -@method_decorator((login_required, lib.decorators.only_admins), name='dispatch') +@method_decorator(login_decs, name='dispatch') @method_decorator(permission_required('group_app.can_view_group', (Group, 'pk', 'gid')), name='dispatch') class PayHistoryListView(OrderedFilteredList): context_object_name = 'pay_history' @@ -270,7 +274,7 @@ def abon_services(request, gid, uname): }) -@method_decorator((login_required, lib.decorators.only_admins), name='dispatch') +@method_decorator(login_decs, name='dispatch') @method_decorator(permission_required('abonapp.change_abon'), name='post') class AbonHomeUpdateView(UpdateView): model = models.Abon @@ -356,6 +360,7 @@ def terminal_pay(request): @login_required +@lib.decorators.only_admins @permission_required('abonapp.add_invoiceforpayment') def add_invoice(request, gid, uname): abon = get_object_or_404(models.Abon, username=uname) @@ -439,6 +444,7 @@ def pick_tariff(request, gid, uname): @login_required +@lib.decorators.only_admins @permission_required('abonapp.delete_abontariff') def unsubscribe_service(request, gid, uname, abon_tariff_id): try: @@ -455,7 +461,7 @@ def unsubscribe_service(request, gid, uname, abon_tariff_id): return redirect('abonapp:abon_services', gid=gid, uname=uname) -@method_decorator(login_required, name='dispatch') +@method_decorator(login_decs, name='dispatch') @method_decorator(permission_required('abonapp.can_view_abonlog'), name='dispatch') class LogListView(ListView): paginate_by = getattr(settings, 'PAGINATION_ITEMS_PER_PAGE', 10) @@ -465,7 +471,7 @@ class LogListView(ListView): model = models.AbonLog -@method_decorator(login_required, name='dispatch') +@method_decorator(login_decs, name='dispatch') @method_decorator(permission_required('abonapp.can_view_invoiceforpayment'), name='dispatch') class DebtorsListView(ListView): paginate_by = getattr(settings, 'PAGINATION_ITEMS_PER_PAGE', 10) @@ -475,7 +481,7 @@ class DebtorsListView(ListView): queryset = models.InvoiceForPayment.objects.filter(status=True) -@method_decorator(login_required, name='dispatch') +@method_decorator(login_decs, name='dispatch') @method_decorator(permission_required('group_app.can_view_group', (Group, 'pk', 'gid')), name='dispatch') class TaskLogListView(ListView): paginate_by = getattr(settings, 'PAGINATION_ITEMS_PER_PAGE', 10) @@ -495,7 +501,7 @@ class TaskLogListView(ListView): return context -@method_decorator(login_required, name='dispatch') +@method_decorator(login_decs, name='dispatch') @method_decorator(permission_required('abonapp.can_view_passport'), name='dispatch') class PassportUpdateView(UpdateView): form_class = forms.PassportForm @@ -557,6 +563,7 @@ def chgroup_tariff(request, gid): @login_required +@lib.decorators.only_admins @permission_required('abonapp.change_abon') def dev(request, gid, uname): abon_dev = None @@ -582,6 +589,7 @@ def dev(request, gid, uname): @login_required +@lib.decorators.only_admins @permission_required('abonapp.change_abon') @permission_required('group_app.can_view_group', (Group, 'pk', 'gid')) def clear_dev(request, gid, uname): @@ -599,6 +607,7 @@ def clear_dev(request, gid, uname): @login_required +@lib.decorators.only_admins @permission_required('group_app.can_view_group', (Group, 'pk', 'gid')) def charts(request, gid, uname): high = 100 @@ -649,6 +658,7 @@ def charts(request, gid, uname): @login_required +@lib.decorators.only_admins @permission_required('abonapp.can_ping') @json_view def abon_ping(request, gid, uname): @@ -701,6 +711,7 @@ def abon_ping(request, gid, uname): @login_required +@lib.decorators.only_admins def vcards(r): users = models.Abon.objects.exclude(group=None).select_related('group', 'street').only( 'username', 'fio', 'group__title', 'telephone', @@ -742,7 +753,7 @@ def vcards(r): return response -@method_decorator((login_required, lib.decorators.only_admins), name='dispatch') +@method_decorator(login_decs, name='dispatch') class DialsListView(OrderedFilteredList): context_object_name = 'logs' template_name = 'abonapp/dial_log.html' @@ -785,6 +796,7 @@ class DialsListView(OrderedFilteredList): @login_required +@lib.decorators.only_admins @permission_required('abonapp.change_abon') def save_user_dev_port(request, gid, uname): if request.method != 'POST': @@ -831,6 +843,7 @@ def save_user_dev_port(request, gid, uname): @login_required +@lib.decorators.only_admins @permission_required('abonapp.add_abonstreet') @permission_required('group_app.can_view_group', (Group, 'pk', 'gid')) def street_add(request, gid): @@ -851,6 +864,7 @@ def street_add(request, gid): @login_required +@lib.decorators.only_admins @permission_required('abonapp.change_abonstreet') @permission_required('group_app.can_view_group', (Group, 'pk', 'gid')) def street_edit(request, gid): @@ -874,6 +888,7 @@ def street_edit(request, gid): @login_required +@lib.decorators.only_admins @permission_required('abonapp.delete_abonstreet') @permission_required('group_app.can_view_group', (Group, 'pk', 'gid')) def street_del(request, gid, sid): @@ -886,6 +901,7 @@ def street_del(request, gid, sid): @login_required +@lib.decorators.only_admins @permission_required('group_app.can_view_group', (Group, 'pk', 'gid')) def active_nets(request, gid): nets = NetworkModel.objects.filter(groups__id=gid) @@ -895,6 +911,7 @@ def active_nets(request, gid): @login_required +@lib.decorators.only_admins @permission_required('abonapp.can_view_additionaltelephones') @permission_required('group_app.can_view_group', (Group, 'pk', 'gid')) def tels(request, gid, uname): @@ -908,6 +925,7 @@ def tels(request, gid, uname): @login_required +@lib.decorators.only_admins @permission_required('abnapp.add_additionaltelephone') def tel_add(request, gid, uname): if request.method == 'POST': @@ -931,6 +949,7 @@ def tel_add(request, gid, uname): @login_required +@lib.decorators.only_admins @permission_required('abnapp.delete_additionaltelephone') def tel_del(request, gid, uname): try: @@ -944,6 +963,7 @@ def tel_del(request, gid, uname): @login_required +@lib.decorators.only_admins @permission_required('group_app.can_view_group', (Group, 'pk', 'gid')) def phonebook(request, gid): res_format = request.GET.get('f') @@ -966,6 +986,7 @@ def phonebook(request, gid): @login_required +@lib.decorators.only_admins @permission_required('group_app.can_view_group', (Group, 'pk', 'gid')) def abon_export(request, gid): res_format = request.GET.get('f') @@ -1019,6 +1040,7 @@ def fin_report(request): @login_required +@lib.decorators.only_admins @permission_required('group_app.can_view_group', (Group, 'pk', 'gid')) def add_edit_periodic_pay(request, gid, uname, periodic_pay_id=0): if periodic_pay_id == 0: @@ -1050,6 +1072,7 @@ def add_edit_periodic_pay(request, gid, uname, periodic_pay_id=0): @login_required +@lib.decorators.only_admins @permission_required('group_app.can_view_group', (Group, 'pk', 'gid')) @permission_required('abonapp.delete_periodicpayforid') def del_periodic_pay(request, gid, uname, periodic_pay_id): @@ -1061,7 +1084,7 @@ def del_periodic_pay(request, gid, uname, periodic_pay_id): return redirect('abonapp:abon_services', gid, uname) -@method_decorator((login_required, lib.decorators.only_admins), name='dispatch') +@method_decorator(login_decs, name='dispatch') class EditSibscriberMarkers(UpdateView): http_method_names = ('get', 'post') template_name = 'abonapp/modal_user_markers.html' diff --git a/accounts_app/views.py b/accounts_app/views.py index 5e36685..7cb136f 100644 --- a/accounts_app/views.py +++ b/accounts_app/views.py @@ -21,6 +21,9 @@ from guardian.decorators import permission_required_or_403 as permission_require from guardian.shortcuts import get_objects_for_user, assign_perm, remove_perm +login_decs = login_required, only_admins + + class CustomLoginView(LoginView): template_name = 'accounts/login.html' @@ -79,7 +82,7 @@ def profile_show(request, uid=0): }) -@method_decorator((login_required, only_admins), name='dispatch') +@method_decorator(login_decs, name='dispatch') class AvatarUpdateView(UpdateView): form_class = AvatarChangeForm template_name = 'accounts/settings/ch_info.html' @@ -124,6 +127,7 @@ def ch_info(request): @login_required +@only_admins @permission_required('accounts_app.add_userprofile') def create_profile(request): if request.method == 'POST': @@ -172,7 +176,7 @@ def delete_profile(request, uid): return redirect('acc_app:accounts_list') -@method_decorator((login_required, only_admins), name='dispatch') +@method_decorator(login_decs, name='dispatch') class AccountsListView(ListView): http_method_names = 'get', paginate_by = getattr(settings, 'PAGINATION_ITEMS_PER_PAGE', 10) @@ -202,7 +206,7 @@ def perms(request, uid): }) -@method_decorator(login_required, name='dispatch') +@method_decorator(login_decs, name='dispatch') class PermissionClassListView(ListView): http_method_names = 'get', paginate_by = getattr(settings, 'PAGINATION_ITEMS_PER_PAGE', 10) @@ -232,6 +236,7 @@ class PermissionClassListView(ListView): @login_required +@only_admins def perms_edit(request, uid, klass_name, obj_id): if not request.user.is_superuser: raise PermissionDenied @@ -257,6 +262,7 @@ def perms_edit(request, uid, klass_name, obj_id): @login_required +@only_admins def set_abon_groups_permission(request, uid): # Only superuser can change object permissions if not request.user.is_superuser: @@ -284,7 +290,7 @@ def set_abon_groups_permission(request, uid): }) -@method_decorator((login_required, only_admins), name='dispatch') +@method_decorator(login_decs, name='dispatch') class ManageResponsibilityGroups(ListView): http_method_names = ('get', 'post') template_name = 'accounts/manage_responsibility_groups.html' diff --git a/devapp/views.py b/devapp/views.py index 60f246d..f0a2ad8 100644 --- a/devapp/views.py +++ b/devapp/views.py @@ -30,7 +30,10 @@ from .models import Device, Port, DeviceDBException, DeviceMonitoringException from .forms import DeviceForm, PortForm, DeviceExtraDataForm -@method_decorator((login_required, only_admins), name='dispatch') +login_decs = login_required, only_admins + + +@method_decorator(login_decs, name='dispatch') class DevicesListView(global_base_views.OrderedFilteredList): context_object_name = 'devices' template_name = 'devapp/devices.html' @@ -57,14 +60,14 @@ class DevicesListView(global_base_views.OrderedFilteredList): return response -@method_decorator((login_required, only_admins), name='dispatch') +@method_decorator(login_decs, name='dispatch') class DevicesWithoutGroupsListView(global_base_views.OrderedFilteredList): context_object_name = 'devices' template_name = 'devapp/devices_null_group.html' queryset = Device.objects.filter(group=None).only('comment', 'devtype', 'pk', 'ip_address') -@method_decorator(login_required, name='dispatch') +@method_decorator(login_decs, name='dispatch') @method_decorator(permission_required('devapp.delete_device'), name='dispatch') class DeviceDeleteView(DeleteView): model = Device @@ -83,7 +86,7 @@ class DeviceDeleteView(DeleteView): return res -@method_decorator(login_required, name='dispatch') +@method_decorator(login_decs, name='dispatch') @method_decorator(permission_required('devapp.can_view_device'), name='dispatch') class DeviceUpdate(UpdateView): template_name = 'devapp/dev.html' @@ -149,7 +152,7 @@ class DeviceUpdate(UpdateView): return context -@method_decorator(login_required, name='dispatch') +@method_decorator(login_decs, name='dispatch') @method_decorator(permission_required('devapp.can_view_device'), name='dispatch') class DeviceCreateView(CreateView): template_name = 'devapp/add_dev.html' @@ -215,7 +218,7 @@ class DeviceCreateView(CreateView): return context -@method_decorator(login_required, name='dispatch') +@method_decorator(login_decs, name='dispatch') @method_decorator(permission_required('devapp.change_device'), name='dispatch') class DeviceUpdateExtra(UpdateView): template_name = 'devapp/modal_device_extra_edit.html' @@ -235,6 +238,7 @@ class DeviceUpdateExtra(UpdateView): @login_required +@only_admins @permission_required('devapp.change_device') def manage_ports(request, group_id: int, device_id: int): device = ports = None @@ -256,7 +260,7 @@ def manage_ports(request, group_id: int, device_id: int): }) -@method_decorator((login_required, only_admins), name='dispatch') +@method_decorator(login_decs, name='dispatch') class ShowSubscriberOnPort(global_base_views.RedirectWhenErrorMixin, DetailView): template_name = 'devapp/manage_ports/modal_show_subscriber_on_port.html' http_method_names = ('get',) @@ -280,6 +284,7 @@ class ShowSubscriberOnPort(global_base_views.RedirectWhenErrorMixin, DetailView) @login_required +@only_admins @permission_required('devapp.add_port') def add_ports(request, group_id: int, device_id: int): class TempPort: @@ -349,6 +354,7 @@ def add_ports(request, group_id: int, device_id: int): @login_required +@only_admins @permission_required('devapp.delete_port') def delete_single_port(request, group_id, device_id, portid): try: @@ -370,6 +376,7 @@ def delete_single_port(request, group_id, device_id, portid): @login_required +@only_admins @permission_required('devapp.add_port') def edit_single_port(request, group_id, device_id, port_id): try: @@ -398,6 +405,7 @@ def edit_single_port(request, group_id, device_id, port_id): @login_required +@only_admins @permission_required('devapp.add_port') def add_single_port(request, group_id, device_id): try: @@ -428,6 +436,7 @@ def add_single_port(request, group_id, device_id): @login_required +@only_admins @permission_required('devapp.can_view_device') def devview(request, group_id: int, device_id: int): ports, manager = None, None @@ -467,6 +476,7 @@ def devview(request, group_id: int, device_id: int): @login_required +@only_admins def zte_port_view_uncfg(request, group_id: str, device_id: str, fiber_id: str): fiber_id = safe_int(fiber_id) zte_olt_device = get_object_or_404(Device, id=device_id) @@ -480,6 +490,7 @@ def zte_port_view_uncfg(request, group_id: str, device_id: str, fiber_id: str): @login_required +@only_admins @permission_required('devapp.can_toggle_ports') def toggle_port(request, device_id: int, portid: int, status=0): portid = int(portid) @@ -505,7 +516,7 @@ def toggle_port(request, device_id: int, portid: int, status=0): return redirect('devapp:view', device.group.pk if device.group is not None else 0, device_id) -@method_decorator((login_required, only_admins), name='dispatch') +@method_decorator(login_decs, name='dispatch') class GroupsListView(global_base_views.OrderedFilteredList): context_object_name = 'groups' template_name = 'devapp/group_list.html' @@ -519,6 +530,7 @@ class GroupsListView(global_base_views.OrderedFilteredList): @login_required +@only_admins @json_view def search_dev(request): word = request.GET.get('s') @@ -540,6 +552,7 @@ def search_dev(request): @login_required +@only_admins def fix_device_group(request, device_id): device = get_object_or_404(Device, pk=device_id) try: @@ -566,6 +579,7 @@ def fix_device_group(request, device_id): @login_required +@only_admins @json_view def fix_onu(request): mac = request.GET.get('cmd_param') @@ -599,6 +613,7 @@ def fix_onu(request): @login_required +@only_admins def fix_port_conflict(request, group_id, device_id, port_id): dev_group = get_object_or_404(Group, pk=group_id) device = get_object_or_404(Device, pk=device_id) @@ -718,6 +733,7 @@ class DevicesGetListView(global_base_views.SecureApiView): @login_required +@only_admins @json_view def register_device(request, group_id: int, device_id: int): def format_msg(msg: str, icon: str): diff --git a/dialing_app/views.py b/dialing_app/views.py index 3a17e36..5014bf6 100644 --- a/dialing_app/views.py +++ b/dialing_app/views.py @@ -22,12 +22,16 @@ from .models import AsteriskCDR, SMSModel, SMSOut from .forms import SMSOutForm +login_decs = login_required, only_admins + + class BaseListView(ListView): - http_method_names = ('get',) + http_method_names = 'get', paginate_by = getattr(settings, 'PAGINATION_ITEMS_PER_PAGE', 10) -@method_decorator((login_required, permission_required('dialing_app.change_asteriskcdr')), name='dispatch') +@method_decorator(login_decs, name='dispatch') +@method_decorator(permission_required('dialing_app.change_asteriskcdr'), name='dispatch') class LastCallsListView(BaseListView): template_name = 'index.html' context_object_name = 'logs' @@ -63,7 +67,7 @@ def to_abon(request, tel): return redirect('abonapp:group_list') -@method_decorator((login_required, only_admins), name='dispatch') +@method_decorator(login_decs, name='dispatch') class VoiceMailRequestsListView(BaseListView): template_name = 'vmail.html' context_object_name = 'vmessages' @@ -84,7 +88,7 @@ class VoiceMailReportsListView(VoiceMailRequestsListView): return context -@method_decorator((login_required, only_admins), name='dispatch') +@method_decorator(login_decs, name='dispatch') class DialsFilterListView(BaseListView): context_object_name = 'logs' template_name = 'index.html' @@ -119,7 +123,8 @@ class DialsFilterListView(BaseListView): return cdr -@method_decorator((login_required, permission_required('dialing_app.can_view_sms')), name='dispatch') +@method_decorator(login_decs, name='dispatch') +@method_decorator(permission_required('dialing_app.can_view_sms'), name='dispatch') class InboxSMSListView(BaseListView): template_name = 'inbox_sms.html' context_object_name = 'sms_messages' @@ -127,6 +132,7 @@ class InboxSMSListView(BaseListView): @login_required +@only_admins @permission_required('dialing_app.can_send_sms') def send_sms(request): path = request.GET.get('path') diff --git a/group_app/views.py b/group_app/views.py index 8fee7aa..fde757c 100644 --- a/group_app/views.py +++ b/group_app/views.py @@ -7,6 +7,7 @@ from django.utils.decorators import method_decorator from django.urls import reverse_lazy from django.contrib import messages from django.conf import settings +from djing.lib.decorators import only_admins from guardian.decorators import permission_required_or_403 as permission_required from djing.global_base_views import OrderedFilteredList @@ -14,7 +15,10 @@ from . import models from . import forms -@method_decorator(login_required, name='dispatch') +login_decs = login_required, only_admins + + +@method_decorator(login_decs, name='dispatch') class GroupListView(OrderedFilteredList): http_method_names = ('get',) paginate_by = getattr(settings, 'PAGINATION_ITEMS_PER_PAGE', 10) @@ -23,7 +27,7 @@ class GroupListView(OrderedFilteredList): context_object_name = 'groups' -@method_decorator(login_required, name='dispatch') +@method_decorator(login_decs, name='dispatch') class EditGroupView(UpdateView): http_method_names = ('get', 'post') template_name = 'group_app/edit_group.html' @@ -41,7 +45,7 @@ class EditGroupView(UpdateView): return super(EditGroupView, self).form_invalid(form) -@method_decorator(login_required, name='dispatch') +@method_decorator(login_decs, name='dispatch') class AddGroupView(CreateView): http_method_names = ('get', 'post') template_name = 'group_app/add_group.html' @@ -57,7 +61,7 @@ class AddGroupView(CreateView): return super(AddGroupView, self).form_invalid(form) -@method_decorator(login_required, name='dispatch') +@method_decorator(login_decs, name='dispatch') @method_decorator(permission_required('group_app:delete_group'), name='dispatch') class DeleteGroupView(DeleteView): model = models.Group diff --git a/ip_pool/views.py b/ip_pool/views.py index 8552edb..0eb45c9 100644 --- a/ip_pool/views.py +++ b/ip_pool/views.py @@ -5,6 +5,7 @@ from django.urls import reverse_lazy from django.utils.decorators import method_decorator from django.utils.translation import gettext_lazy as _ from django.views.generic import UpdateView, CreateView, DeleteView +from djing.lib.decorators import only_admins from guardian.decorators import permission_required_or_403 as permission_required from djing.global_base_views import OrderedFilteredList @@ -12,7 +13,10 @@ from ip_pool import models, forms from group_app.models import Group -@method_decorator(login_required, name='dispatch') +login_decs = login_required, only_admins + + +@method_decorator(login_decs, name='dispatch') class NetworksListView(OrderedFilteredList): device_kind_code = None template_name = 'ip_pool/network_list.html' @@ -26,7 +30,7 @@ class NetworksListView(OrderedFilteredList): return qs -@method_decorator(login_required, name='dispatch') +@method_decorator(login_decs, name='dispatch') @method_decorator(permission_required('ip_pool.change_networkmodel'), name='dispatch') class NetworkUpdateView(UpdateView): model = models.NetworkModel @@ -40,7 +44,7 @@ class NetworkUpdateView(UpdateView): return r -@method_decorator(login_required, name='dispatch') +@method_decorator(login_decs, name='dispatch') @method_decorator(permission_required('ip_pool.delete_networkmodel'), name='dispatch') class NetworkDeleteView(DeleteView): model = models.NetworkModel @@ -52,7 +56,7 @@ class NetworkDeleteView(DeleteView): return super(NetworkDeleteView, self).delete(request, *args, **kwargs) -@method_decorator(login_required, name='dispatch') +@method_decorator(login_decs, name='dispatch') class IpLeasesListView(OrderedFilteredList): template_name = 'ip_pool/ip_leases_list.html' model = models.IpLeaseModel @@ -68,7 +72,7 @@ class IpLeasesListView(OrderedFilteredList): return self.model.objects.filter(network__id=net_id) -@method_decorator(login_required, name='dispatch') +@method_decorator(login_decs, name='dispatch') @method_decorator(permission_required('ip_pool.add_networkmodel'), name='dispatch') class NetworkCreateView(CreateView): model = models.NetworkModel diff --git a/mapapp/views.py b/mapapp/views.py index 2dc003b..74c0034 100644 --- a/mapapp/views.py +++ b/mapapp/views.py @@ -14,16 +14,21 @@ from group_app.models import Group from .models import Dot from .forms import DotForm from djing.lib import safe_int +from djing.lib.decorators import only_admins from devapp.models import Device from guardian.decorators import permission_required +login_decs = login_required, only_admins + + class BaseListView(ListView): http_method_names = ('get',) paginate_by = getattr(settings, 'PAGINATION_ITEMS_PER_PAGE', 10) @login_required +@only_admins def home(request): if not request.user.is_superuser: return redirect('/') @@ -35,7 +40,7 @@ def home(request): }) -@method_decorator(login_required, name='dispatch') +@method_decorator(login_decs, name='dispatch') class OptionsListView(BaseListView): template_name = 'maps/options.html' model = Dot @@ -48,6 +53,7 @@ class OptionsListView(BaseListView): @login_required +@only_admins def dot_edit(request, did=0): if not request.user.is_superuser: return redirect('/') @@ -83,6 +89,7 @@ def dot_edit(request, did=0): @login_required +@only_admins @permission_required('mapapp.delete_dot') def remove(request, did): try: @@ -96,6 +103,7 @@ def remove(request, did): @login_required +@only_admins @json_view def get_dots(request): if not request.user.is_superuser: @@ -135,6 +143,7 @@ def get_dots(request): @login_required +@only_admins def modal_add_dot(request): if not request.user.has_perm('mapapp.add_dot'): return render(request, '403_for_modal.html') @@ -165,6 +174,7 @@ def modal_add_dot(request): @login_required +@only_admins def preload_devices(request): if not request.user.is_superuser: return HttpResponseForbidden('you have not super user') @@ -182,6 +192,7 @@ def preload_devices(request): @login_required +@only_admins def dot_tooltip(request): if not request.user.is_superuser: return render(request, '403_for_modal.html') @@ -199,6 +210,7 @@ def dot_tooltip(request): @login_required +@only_admins def add_dev(request, did): if not request.user.is_superuser: return redirect('/') @@ -229,6 +241,7 @@ def add_dev(request, did): @login_required +@only_admins @json_view def resolve_dots_by_group(request, grp_id): if not request.user.is_superuser: @@ -240,6 +253,7 @@ def resolve_dots_by_group(request, grp_id): @login_required +@only_admins def to_single_dev(request): dot_id = safe_int(request.GET.get('dot_id')) if dot_id <= 0: diff --git a/msg_app/views.py b/msg_app/views.py index 1eeee5a..63c408a 100644 --- a/msg_app/views.py +++ b/msg_app/views.py @@ -10,12 +10,16 @@ from django.shortcuts import render, redirect, get_object_or_404 from django.views.generic import ListView from chatbot.models import MessageQueue +from djing.lib.decorators import only_admins from .models import Conversation, MessageError, Message from .forms import ConversationForm, MessageForm -@method_decorator(login_required, name='dispatch') +login_decs = login_required, only_admins + + +@method_decorator(login_decs, name='dispatch') class ConversationsListView(ListView): context_object_name = 'conversations' template_name = 'msg_app/conversations.html' @@ -26,6 +30,7 @@ class ConversationsListView(ListView): @login_required +@only_admins def new_conversation(request): try: frm = ConversationForm(request.POST or None) @@ -46,6 +51,7 @@ def new_conversation(request): @login_required +@only_admins def to_conversation(request, conv_id): conv = get_object_or_404(Conversation, pk=conv_id) try: @@ -68,6 +74,7 @@ def to_conversation(request, conv_id): @login_required +@only_admins def remove_msg(request, conv_id, msg_id): msg = get_object_or_404(Message, pk=msg_id) if msg.author != request.user: diff --git a/nas_app/views.py b/nas_app/views.py index 4a4bc6c..b47a5c0 100644 --- a/nas_app/views.py +++ b/nas_app/views.py @@ -11,14 +11,18 @@ from guardian.decorators import permission_required_or_403 as permission_require from guardian.shortcuts import assign_perm from nas_app.forms import NasForm from nas_app.models import NASModel +from djing.lib.decorators import only_admins -@method_decorator(login_required, name='dispatch') +login_decs = login_required, only_admins + + +@method_decorator(login_decs, name='dispatch') class NasListView(ListView): model = NASModel -@method_decorator(login_required, name='dispatch') +@method_decorator(login_decs, name='dispatch') @method_decorator(permission_required('nas_app.add_nasmodel'), name='dispatch') class NasCreateView(CreateView): model = NASModel @@ -34,7 +38,7 @@ class NasCreateView(CreateView): return r -@method_decorator(login_required, name='dispatch') +@method_decorator(login_decs, name='dispatch') @method_decorator(permission_required('nas_app.delete_nasmodel'), name='dispatch') class NasDeleteView(DeleteView): model = NASModel @@ -52,7 +56,7 @@ class NasDeleteView(DeleteView): return HttpResponseRedirect(failure_url) -@method_decorator(login_required, name='dispatch') +@method_decorator(login_decs, name='dispatch') @method_decorator(permission_required('nas_app.change_nasmodel'), name='dispatch') class NasUpdateView(UpdateView): model = NASModel diff --git a/searchapp/views.py b/searchapp/views.py index 1c9587f..08ecdd6 100644 --- a/searchapp/views.py +++ b/searchapp/views.py @@ -6,6 +6,7 @@ from abonapp.models import Abon from devapp.models import Device from djing import MAC_ADDR_REGEX, IP_ADDR_REGEX from django.contrib.auth.decorators import login_required +from djing.lib.decorators import only_admins def replace_without_case(orig, old, new): @@ -13,6 +14,7 @@ def replace_without_case(orig, old, new): @login_required +@only_admins def home(request): s = request.GET.get('s') s = s.replace('+', '') diff --git a/statistics/views.py b/statistics/views.py index 79e3b69..d5eb1b8 100644 --- a/statistics/views.py +++ b/statistics/views.py @@ -1,5 +1,9 @@ from django.shortcuts import render +from django.contrib.auth.decorators import login_required +from djing.lib.decorators import only_admins +@login_required +@only_admins def home(request): return render(request, 'statistics/index.html') diff --git a/tariff_app/views.py b/tariff_app/views.py index 0aa4abf..665ba76 100644 --- a/tariff_app/views.py +++ b/tariff_app/views.py @@ -12,10 +12,14 @@ from guardian.decorators import permission_required_or_403 as permission_require from djing.global_base_views import OrderedFilteredList from .models import Tariff, PeriodicPay from djing import lib +from djing.lib.decorators import only_admins from . import forms -@method_decorator((login_required, lib.decorators.only_admins), name='dispatch') +login_decs = login_required, only_admins + + +@method_decorator(login_decs, name='dispatch') class TariffsListView(OrderedFilteredList): """ Show Services(Tariffs) list @@ -27,6 +31,7 @@ class TariffsListView(OrderedFilteredList): @login_required +@only_admins def edit_tarif(request, tarif_id=0): tarif_id = lib.safe_int(tarif_id) @@ -56,7 +61,7 @@ def edit_tarif(request, tarif_id=0): }) -@method_decorator(login_required, name='dispatch') +@method_decorator(login_decs, name='dispatch') @method_decorator(permission_required('tariff_app.delete_tariff'), name='dispatch') class TariffDeleteView(DeleteView): model = Tariff @@ -73,7 +78,7 @@ class TariffDeleteView(DeleteView): return super().get_context_data(**kwargs) -@method_decorator(login_required, name='dispatch') +@method_decorator(login_decs, name='dispatch') @method_decorator(permission_required('tariff_app.delete_tariff'), name='dispatch') class PeriodicPaysListView(OrderedFilteredList): context_object_name = 'pays' @@ -82,6 +87,7 @@ class PeriodicPaysListView(OrderedFilteredList): @login_required +@only_admins def periodic_pay(request, pay_id=0): if pay_id != 0: pay_inst = get_object_or_404(PeriodicPay, pk=pay_id) diff --git a/taskapp/views.py b/taskapp/views.py index 96e6c0b..d67039d 100644 --- a/taskapp/views.py +++ b/taskapp/views.py @@ -24,12 +24,15 @@ from .models import Task, ExtraComment from .forms import TaskFrm, ExtraCommentForm +login_decs = login_required, only_admins + + class BaseTaskListView(ListView): http_method_names = ('get',) paginate_by = getattr(settings, 'PAGINATION_ITEMS_PER_PAGE', 10) -@method_decorator((login_required, only_admins), name='dispatch') +@method_decorator(login_decs, name='dispatch') class NewTasksView(BaseTaskListView): """ Show new tasks @@ -43,6 +46,7 @@ class NewTasksView(BaseTaskListView): .select_related('abon', 'abon__street', 'abon__group', 'author') +@method_decorator(login_decs, name='dispatch') class FailedTasksView(NewTasksView): """ Show crashed tasks @@ -55,6 +59,7 @@ class FailedTasksView(NewTasksView): .select_related('abon', 'abon__street', 'abon__group', 'author') +@method_decorator(login_decs, name='dispatch') class FinishedTaskListView(NewTasksView): template_name = 'taskapp/tasklist_finish.html' @@ -63,6 +68,7 @@ class FinishedTaskListView(NewTasksView): .select_related('abon', 'abon__street', 'abon__group', 'author') +@method_decorator(login_decs, name='dispatch') class OwnTaskListView(NewTasksView): template_name = 'taskapp/tasklist_own.html' @@ -73,6 +79,7 @@ class OwnTaskListView(NewTasksView): .select_related('abon', 'abon__street', 'abon__group') +@method_decorator(login_decs, name='dispatch') class MyTaskListView(NewTasksView): template_name = 'taskapp/tasklist.html' @@ -82,7 +89,8 @@ class MyTaskListView(NewTasksView): .select_related('abon', 'abon__street', 'abon__group', 'author') -@method_decorator((login_required, permission_required('taskapp.can_viewall')), name='dispatch') +@method_decorator(login_decs, name='dispatch') +@method_decorator(permission_required('taskapp.can_viewall'), name='dispatch') class AllTasksListView(BaseTaskListView): template_name = 'taskapp/tasklist_all.html' context_object_name = 'tasks' @@ -92,6 +100,7 @@ class AllTasksListView(BaseTaskListView): .select_related('abon', 'abon__street', 'abon__group', 'author') +@method_decorator(login_decs, name='dispatch') class EmptyTasksListView(NewTasksView): template_name = 'taskapp/tasklist_empty.html' @@ -100,6 +109,7 @@ class EmptyTasksListView(NewTasksView): @login_required +@only_admins @permission_required('taskapp.delete_task') def task_delete(request, task_id): task = get_object_or_404(Task, id=task_id) @@ -111,7 +121,7 @@ def task_delete(request, task_id): return redirect('taskapp:home') -@method_decorator((login_required, only_admins), name='dispatch') +@method_decorator(login_decs, name='dispatch') class TaskUpdateView(UpdateView): http_method_names = ('get', 'post') template_name = 'taskapp/add_edit_task.html' @@ -235,6 +245,7 @@ def task_failed(request, task_id): @login_required +@only_admins @permission_required('taskapp.can_remind') def remind(request, task_id): try: @@ -267,7 +278,7 @@ def check_news(request): return r -@method_decorator((login_required, only_admins), name='dispatch') +@method_decorator(login_decs, name='dispatch') @method_decorator(permission_required('taskapp.add_extracomment'), name='dispatch') class NewCommentView(CreateView): form_class = ExtraCommentForm @@ -283,7 +294,7 @@ class NewCommentView(CreateView): return FormMixin.form_valid(self, form) -@method_decorator((login_required, only_admins), name='dispatch') +@method_decorator(login_decs, name='dispatch') @method_decorator(permission_required('taskapp.delete_extracomment'), name='dispatch') class DeleteCommentView(DeleteView): model = ExtraComment