pacnpal/thrillwiki_django_no_react
1
1
Fork 0
mirror of https://github.com/pacnpal/thrillwiki_django_no_react.git synced 2025-12-20 12:51:09 -05:00
Code Issues Packages Projects Releases Wiki Activity

Added support for Django's built-in superuser to access moderation features. Modified context processor and views to check both role-based and is_superuser permissions.

Browse Source
This commit is contained in:
pacnpal
2024-11-13 16:13:54 +00:00
parent 97a3555e81
commit 983c101ed1
2 changed files with 20 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
moderation/context_processors.py
View File

@@ -9,8 +9,18 @@ def moderation_access(request):
if request.user.is_authenticated: if request.user.is_authenticated:
context['user_role'] = request.user.role context['user_role'] = request.user.role
context['has_moderation_access'] = request.user.role in ['MODERATOR', 'ADMIN', 'SUPERUSER'] # Check both role-based and Django's built-in superuser status
context['has_admin_access'] = request.user.role in ['ADMIN', 'SUPERUSER'] context['has_moderation_access'] = (
context['has_superuser_access'] = request.user.role == 'SUPERUSER' request.user.role in ['MODERATOR', 'ADMIN', 'SUPERUSER'] or
request.user.is_superuser
)
context['has_admin_access'] = (
request.user.role in ['ADMIN', 'SUPERUSER'] or
request.user.is_superuser
)
context['has_superuser_access'] = (
request.user.role == 'SUPERUSER' or
request.user.is_superuser
)
return context return context

14
moderation/views.py
View File

@@ -21,7 +21,7 @@ class ModeratorRequiredMixin(UserPassesTestMixin):
user = cast(User, self.request.user) user = cast(User, self.request.user)
return ( return (
user.is_authenticated and user.is_authenticated and
getattr(user, 'role', None) in MODERATOR_ROLES (getattr(user, 'role', None) in MODERATOR_ROLES or user.is_superuser)
) )
def handle_no_permission(self) -> HttpResponse: def handle_no_permission(self) -> HttpResponse:
@@ -83,7 +83,7 @@ def _render_submission_response(template: str, submission: Any, request: HttpReq
def submission_list(request: HttpRequest) -> HttpResponse: def submission_list(request: HttpRequest) -> HttpResponse:
"""HTMX endpoint for filtered submission list""" """HTMX endpoint for filtered submission list"""
user = cast(User, request.user) user = cast(User, request.user)
if user.role not in MODERATOR_ROLES: if not (user.role in MODERATOR_ROLES or user.is_superuser):
return HttpResponse(status=403) return HttpResponse(status=403)
queryset = EditSubmission.objects.all().order_by('-created_at') queryset = EditSubmission.objects.all().order_by('-created_at')
@@ -106,7 +106,7 @@ def submission_list(request: HttpRequest) -> HttpResponse:
def approve_submission(request: HttpRequest, submission_id: int) -> HttpResponse: def approve_submission(request: HttpRequest, submission_id: int) -> HttpResponse:
"""HTMX endpoint for approving a submission""" """HTMX endpoint for approving a submission"""
user = cast(User, request.user) user = cast(User, request.user)
if user.role not in MODERATOR_ROLES: if not (user.role in MODERATOR_ROLES or user.is_superuser):
return HttpResponse(status=403) return HttpResponse(status=403)
submission = get_object_or_404(EditSubmission, id=submission_id) submission = get_object_or_404(EditSubmission, id=submission_id)
@@ -122,7 +122,7 @@ def approve_submission(request: HttpRequest, submission_id: int) -> HttpResponse
def reject_submission(request: HttpRequest, submission_id: int) -> HttpResponse: def reject_submission(request: HttpRequest, submission_id: int) -> HttpResponse:
"""HTMX endpoint for rejecting a submission""" """HTMX endpoint for rejecting a submission"""
user = cast(User, request.user) user = cast(User, request.user)
if user.role not in MODERATOR_ROLES: if not (user.role in MODERATOR_ROLES or user.is_superuser):
return HttpResponse(status=403) return HttpResponse(status=403)
submission = get_object_or_404(EditSubmission, id=submission_id) submission = get_object_or_404(EditSubmission, id=submission_id)
@@ -135,7 +135,7 @@ def reject_submission(request: HttpRequest, submission_id: int) -> HttpResponse:
def escalate_submission(request: HttpRequest, submission_id: int) -> HttpResponse: def escalate_submission(request: HttpRequest, submission_id: int) -> HttpResponse:
"""HTMX endpoint for escalating a submission""" """HTMX endpoint for escalating a submission"""
user = cast(User, request.user) user = cast(User, request.user)
if user.role != 'MODERATOR': if user.role != 'MODERATOR' and not user.is_superuser:
return HttpResponse(status=403) return HttpResponse(status=403)
submission = get_object_or_404(EditSubmission, id=submission_id) submission = get_object_or_404(EditSubmission, id=submission_id)
@@ -148,7 +148,7 @@ def escalate_submission(request: HttpRequest, submission_id: int) -> HttpRespons
def approve_photo(request: HttpRequest, submission_id: int) -> HttpResponse: def approve_photo(request: HttpRequest, submission_id: int) -> HttpResponse:
"""HTMX endpoint for approving a photo submission""" """HTMX endpoint for approving a photo submission"""
user = cast(User, request.user) user = cast(User, request.user)
if user.role not in MODERATOR_ROLES: if not (user.role in MODERATOR_ROLES or user.is_superuser):
return HttpResponse(status=403) return HttpResponse(status=403)
submission = get_object_or_404(PhotoSubmission, id=submission_id) submission = get_object_or_404(PhotoSubmission, id=submission_id)
@@ -163,7 +163,7 @@ def approve_photo(request: HttpRequest, submission_id: int) -> HttpResponse:
def reject_photo(request: HttpRequest, submission_id: int) -> HttpResponse: def reject_photo(request: HttpRequest, submission_id: int) -> HttpResponse:
"""HTMX endpoint for rejecting a photo submission""" """HTMX endpoint for rejecting a photo submission"""
user = cast(User, request.user) user = cast(User, request.user)
if user.role not in MODERATOR_ROLES: if not (user.role in MODERATOR_ROLES or user.is_superuser):
return HttpResponse(status=403) return HttpResponse(status=403)
submission = get_object_or_404(PhotoSubmission, id=submission_id) submission = get_object_or_404(PhotoSubmission, id=submission_id)