Merge pull request #214 from mouse-reeve/user-permissions

Adds user permissions and groups
2020-10-02 13:55:59 -07:00
parent d4b18678bd c396489dff
commit 9bc6d7d6b6
5 changed files with 74 additions and 21 deletions
--- a/bookwyrm/templates/book.html
+++ b/bookwyrm/templates/book.html
@ -9,7 +9,7 @@
            <span>{% include 'snippets/book_titleby.html' with book=book %}</span>
        </h2>

-        {% if request.user.is_authenticated %}
+        {% if request.user.is_authenticated and perms.bookwyrm.edit_book %}
        <div class="level-right">
            <a href="{{ book.id }}/edit">edit
                <span class="icon icon-pencil">
--- a/bookwyrm/templates/layout.html
+++ b/bookwyrm/templates/layout.html
@ -70,12 +70,14 @@
                    <a href="/user-edit" class="navbar-item">
                        Settings
                    </a>
-                    <a href="/invite" class="navbar-item">
-                        Invites
-                    </a>
                    <a href="/import" class="navbar-item">
                        Import books
                    </a>
+                    {% if perms.bookwyrm.create_invites %}
+                    <a href="/invite" class="navbar-item">
+                        Invites
+                    </a>
+                    {% endif %}
                    <hr class="navbar-divider">
                    <a href="/logout" class="navbar-item">
                        Log out
--- a/bookwyrm/view_actions.py
+++ b/bookwyrm/view_actions.py
@ -3,7 +3,7 @@ from io import BytesIO, TextIOWrapper
 from PIL import Image

 from django.contrib.auth import authenticate, login, logout
-from django.contrib.auth.decorators import login_required
+from django.contrib.auth.decorators import login_required, permission_required
 from django.core.files.base import ContentFile
 from django.http import HttpResponseBadRequest, HttpResponseNotFound
 from django.shortcuts import redirect
@ -187,6 +187,7 @@ def resolve_book(request):


@login_required
+@permission_required('bookwyrm.edit_book', raise_exception=True)
 def edit_book(request, book_id):
    ''' edit a book cool '''
    if not request.method == 'POST':
@ -479,7 +480,9 @@ def import_data(request):
        return redirect('/import_status/%d' % (job.id,))
    return HttpResponseBadRequest()

+
@login_required
+@permission_required('bookwyrm.create_invites', raise_exception=True)
 def create_invite(request):
    ''' creates a user invite database entry '''
    form = forms.CreateInviteForm(request.POST)
--- a/bookwyrm/views.py
+++ b/bookwyrm/views.py
@ -1,7 +1,7 @@
 ''' views for pages you can go to in the application '''
 import re

-from django.contrib.auth.decorators import login_required
+from django.contrib.auth.decorators import login_required, permission_required
 from django.db.models import Avg, Count, Q
 from django.http import HttpResponseBadRequest, HttpResponseNotFound,\
        JsonResponse
@ -246,6 +246,7 @@ def invite_page(request, code):
    return TemplateResponse(request, 'invite.html', data)

@login_required
+@permission_required('bookwyrm.create_invites', raise_exception=True)
 def manage_invites(request):
    ''' invite management page '''
    data = {
@ -471,6 +472,7 @@ def book_page(request, book_id):


@login_required
+@permission_required('bookwyrm.edit_book', raise_exception=True)
 def edit_book_page(request, book_id):
    ''' info about a book '''
    book = books_manager.get_edition(book_id)