mirror of
https://github.com/pacnpal/thrillwiki_django_no_react.git
synced 2025-12-20 09:31:09 -05:00
Added support for Django's built-in superuser to access moderation features. Modified context processor and views to check both role-based and is_superuser permissions.
This commit is contained in:
pacnpal
@@ -9,8 +9,18 @@ def moderation_access(request):
|
||||
|
||||
if request.user.is_authenticated:
|
||||
context['user_role'] = request.user.role
|
||||
context['has_moderation_access'] = request.user.role in ['MODERATOR', 'ADMIN', 'SUPERUSER']
|
||||
context['has_admin_access'] = request.user.role in ['ADMIN', 'SUPERUSER']
|
||||
context['has_superuser_access'] = request.user.role == 'SUPERUSER'
|
||||
# Check both role-based and Django's built-in superuser status
|
||||
context['has_moderation_access'] = (
|
||||
request.user.role in ['MODERATOR', 'ADMIN', 'SUPERUSER'] or
|
||||
request.user.is_superuser
|
||||
)
|
||||
context['has_admin_access'] = (
|
||||
request.user.role in ['ADMIN', 'SUPERUSER'] or
|
||||
request.user.is_superuser
|
||||
)
|
||||
context['has_superuser_access'] = (
|
||||
request.user.role == 'SUPERUSER' or
|
||||
request.user.is_superuser
|
||||
)
|
||||
|
||||
return context
|
||||
|
||||
@@ -21,7 +21,7 @@ class ModeratorRequiredMixin(UserPassesTestMixin):
|
||||
user = cast(User, self.request.user)
|
||||
return (
|
||||
user.is_authenticated and
|
||||
getattr(user, 'role', None) in MODERATOR_ROLES
|
||||
(getattr(user, 'role', None) in MODERATOR_ROLES or user.is_superuser)
|
||||
)
|
||||
|
||||
def handle_no_permission(self) -> HttpResponse:
|
||||
@@ -83,7 +83,7 @@ def _render_submission_response(template: str, submission: Any, request: HttpReq
|
||||
def submission_list(request: HttpRequest) -> HttpResponse:
|
||||
"""HTMX endpoint for filtered submission list"""
|
||||
user = cast(User, request.user)
|
||||
if user.role not in MODERATOR_ROLES:
|
||||
if not (user.role in MODERATOR_ROLES or user.is_superuser):
|
||||
return HttpResponse(status=403)
|
||||
|
||||
queryset = EditSubmission.objects.all().order_by('-created_at')
|
||||
@@ -106,7 +106,7 @@ def submission_list(request: HttpRequest) -> HttpResponse:
|
||||
def approve_submission(request: HttpRequest, submission_id: int) -> HttpResponse:
|
||||
"""HTMX endpoint for approving a submission"""
|
||||
user = cast(User, request.user)
|
||||
if user.role not in MODERATOR_ROLES:
|
||||
if not (user.role in MODERATOR_ROLES or user.is_superuser):
|
||||
return HttpResponse(status=403)
|
||||
|
||||
submission = get_object_or_404(EditSubmission, id=submission_id)
|
||||
@@ -122,7 +122,7 @@ def approve_submission(request: HttpRequest, submission_id: int) -> HttpResponse
|
||||
def reject_submission(request: HttpRequest, submission_id: int) -> HttpResponse:
|
||||
"""HTMX endpoint for rejecting a submission"""
|
||||
user = cast(User, request.user)
|
||||
if user.role not in MODERATOR_ROLES:
|
||||
if not (user.role in MODERATOR_ROLES or user.is_superuser):
|
||||
return HttpResponse(status=403)
|
||||
|
||||
submission = get_object_or_404(EditSubmission, id=submission_id)
|
||||
@@ -135,7 +135,7 @@ def reject_submission(request: HttpRequest, submission_id: int) -> HttpResponse:
|
||||
def escalate_submission(request: HttpRequest, submission_id: int) -> HttpResponse:
|
||||
"""HTMX endpoint for escalating a submission"""
|
||||
user = cast(User, request.user)
|
||||
if user.role != 'MODERATOR':
|
||||
if user.role != 'MODERATOR' and not user.is_superuser:
|
||||
return HttpResponse(status=403)
|
||||
|
||||
submission = get_object_or_404(EditSubmission, id=submission_id)
|
||||
@@ -148,7 +148,7 @@ def escalate_submission(request: HttpRequest, submission_id: int) -> HttpRespons
|
||||
def approve_photo(request: HttpRequest, submission_id: int) -> HttpResponse:
|
||||
"""HTMX endpoint for approving a photo submission"""
|
||||
user = cast(User, request.user)
|
||||
if user.role not in MODERATOR_ROLES:
|
||||
if not (user.role in MODERATOR_ROLES or user.is_superuser):
|
||||
return HttpResponse(status=403)
|
||||
|
||||
submission = get_object_or_404(PhotoSubmission, id=submission_id)
|
||||
@@ -163,7 +163,7 @@ def approve_photo(request: HttpRequest, submission_id: int) -> HttpResponse:
|
||||
def reject_photo(request: HttpRequest, submission_id: int) -> HttpResponse:
|
||||
"""HTMX endpoint for rejecting a photo submission"""
|
||||
user = cast(User, request.user)
|
||||
if user.role not in MODERATOR_ROLES:
|
||||
if not (user.role in MODERATOR_ROLES or user.is_superuser):
|
||||
return HttpResponse(status=403)
|
||||
|
||||
submission = get_object_or_404(PhotoSubmission, id=submission_id)
|
||||
|
||||
Reference in New Issue
Block a user