Implement permission checking in views and forms
This commit is contained in:
@@ -1,10 +1,35 @@
|
||||
from django import forms
|
||||
from django.contrib.auth.forms import UserCreationForm
|
||||
from django.core.exceptions import FieldDoesNotExist
|
||||
from django.forms import ModelForm
|
||||
|
||||
from .models import Account, Hook, Strategy, Trade, TradingTime, User
|
||||
|
||||
# Create your forms here.
|
||||
|
||||
class RestrictedFormMixin:
|
||||
"""
|
||||
This mixin is used to restrict the queryset of a form to the current user.
|
||||
The request object is passed from the view."""
|
||||
|
||||
def __init__(self, *args, **kwargs):
|
||||
self.request = kwargs.pop("request")
|
||||
super().__init__(*args, **kwargs)
|
||||
print(self.fields)
|
||||
for field in self.fields:
|
||||
# Check it's not something like a CharField which has no queryset
|
||||
if not hasattr(self.fields[field], "queryset"):
|
||||
continue
|
||||
|
||||
model = self.fields[field].queryset.model
|
||||
# Check if the model has a user field
|
||||
try:
|
||||
model._meta.get_field("user")
|
||||
# Add the user to the queryset filters
|
||||
self.fields[field].queryset = model.objects.filter(
|
||||
user=self.request.user
|
||||
)
|
||||
except FieldDoesNotExist:
|
||||
pass
|
||||
|
||||
|
||||
class NewUserForm(UserCreationForm):
|
||||
@@ -35,7 +60,8 @@ class CustomUserCreationForm(UserCreationForm):
|
||||
fields = "__all__"
|
||||
|
||||
|
||||
class HookForm(ModelForm):
|
||||
# All string/multiple choice fields
|
||||
class HookForm(RestrictedFormMixin, ModelForm):
|
||||
class Meta:
|
||||
model = Hook
|
||||
fields = (
|
||||
@@ -45,7 +71,8 @@ class HookForm(ModelForm):
|
||||
)
|
||||
|
||||
|
||||
class AccountForm(ModelForm):
|
||||
# All string/multiple choice fields
|
||||
class AccountForm(RestrictedFormMixin, ModelForm):
|
||||
class Meta:
|
||||
model = Account
|
||||
fields = (
|
||||
@@ -57,7 +84,8 @@ class AccountForm(ModelForm):
|
||||
)
|
||||
|
||||
|
||||
class StrategyForm(ModelForm):
|
||||
# Restricted mixin for account and hooks
|
||||
class StrategyForm(RestrictedFormMixin, ModelForm):
|
||||
class Meta:
|
||||
model = Strategy
|
||||
fields = (
|
||||
@@ -85,7 +113,8 @@ class StrategyForm(ModelForm):
|
||||
)
|
||||
|
||||
|
||||
class TradeForm(ModelForm):
|
||||
# Restricted mixin for account
|
||||
class TradeForm(RestrictedFormMixin, ModelForm):
|
||||
class Meta:
|
||||
model = Trade
|
||||
fields = (
|
||||
@@ -102,7 +131,7 @@ class TradeForm(ModelForm):
|
||||
)
|
||||
|
||||
|
||||
class TradingTimeForm(ModelForm):
|
||||
class TradingTimeForm(RestrictedFormMixin, ModelForm):
|
||||
class Meta:
|
||||
model = TradingTime
|
||||
fields = (
|
||||
|
||||
Reference in New Issue
Block a user