403 override functionality

2022-12-12 12:09:58 -06:00
parent 7250707862
commit bdaba75870
7 changed files with 109 additions and 18 deletions
--- a/Clientes/custom_decorators.py
+++ b/Clientes/custom_decorators.py
@@ -0,0 +1,22 @@
+from functools import wraps
+from django.contrib import messages
+from django.shortcuts import redirect
+from django.http import HttpResponse
+
+
+def Custom_is_staff_function(user):
+    if user.is_staff:
+        return True
+    return False
+
+
+def is_staff_access(view_to_return="index"):
+    def decorator(view):
+        @wraps(view)
+        def _wrapped_view(request, *args, **kwargs):
+            if not Custom_is_staff_function(request.user):
+                messages.error(request, "No es personal del staff autorizado.")
+                return redirect(view_to_return)
+            return view(request, *args, **kwargs)
+        return _wrapped_view
+    return decorator
--- a/Clientes/urls.py
+++ b/Clientes/urls.py
@@ -16,7 +16,6 @@ from .views import (
 urlpatterns = [
    path('', index, name='index'),    
    path('add_timbre2/', add_timbre2.as_view(), name='add_timbre2'),
-
    path('timbres_cliente/<str:RFC>/', timbres_cliente, name='timbres_cliente'),
    path('cliente/update/<int:pk>/',ClientesUpdateView.as_view(),name='update_cliente'),
    path('cliente/add/', ClientesCreateView.as_view(), name='add_cliente'),
--- a/Clientes/views.py
+++ b/Clientes/views.py
@@ -3,6 +3,8 @@ from django.contrib import messages
 from django.http import HttpResponse
 from django.http import JsonResponse
 from django.contrib.auth.decorators import login_required
+from .custom_decorators import is_staff_access
+
 from .models import Clientes,Timbres,saldoModel,ErroresTimbres

 from rest_framework.views import APIView
@@ -134,8 +136,7 @@ def send_timbres_Email(request):
    return redirect('index')

@login_required
-def index(request):
-    
+def index(request):    
    clientes_list = Clientes.objects.all()
    mes = request.GET.get('mes', None)
    page = request.GET.get('page', 1)
@@ -174,8 +175,6 @@ def index(request):
    return render(request,'Clientes/index.html',context)


-
-
 def pageFunc(page,qs,per_page):
    paginator = Paginator(qs,per_page)
    try:
@@ -188,9 +187,12 @@ def pageFunc(page,qs,per_page):


@login_required
+@is_staff_access()
 def timbres_cliente(request, RFC):
-    lista = Timbres.objects.filter(rfcc=RFC)
-
+    if request.user.is_staff:
+        lista = Timbres.objects.filter(rfcc=RFC)
+    else:
+        lista = Timbres.objects.filter(rfcc=RFC,modo='Normal')
    search = request.GET.get('search',None)
    page = request.GET.get('page', 1)
    datepicker    = request.GET.get('datepicker', None)
@@ -236,10 +238,13 @@ class ClientesUpdateView(UserPassesTestMixin,LoginRequiredMixin,UpdateView):
    success_url='/'
    template_name='Clientes/edit_cliente.html'

-    def test_func(self):
-        #self.request.user.groups.all()
-        return self.request.user.groups.filter(name= 'admin_soft')
-
+    def test_func(self):  
+        
+        res = self.request.user.groups.filter(name= 'admin_soft')
+        if not res:
+            messages.error(self.request, f'Lo sentimos. La página que buscas no está disponible, no cuentas con los permisos.')
+        return res
+        

 class ClientesCreateView(UserPassesTestMixin,LoginRequiredMixin,CreateView):
    model = Clientes