403 override functionality

2022-12-12 12:09:58 -06:00
parent 7250707862
commit bdaba75870
7 changed files with 109 additions and 18 deletions
--- a/Admin/urls.py
+++ b/Admin/urls.py
@@ -3,11 +3,42 @@ from django.contrib import admin
 from django.urls import path,include
 from django.conf import settings
 from django.conf.urls.static import static
 from django.shortcuts import render
 from django.core.exceptions import PermissionDenied
 from django.http import HttpResponse
 from django.test import SimpleTestCase, override_settings
 def response_error_handler(request, exception=None):
    context={}
    return render(request, '403.html',context,status=403)
 def permission_denied_view(request):
    raise PermissionDenied
 urlpatterns = [
    path('admin/', admin.site.urls),
    path('accounts/', include('allauth.urls')),
    path('', include('Clientes.urls')),
    path('403/', permission_denied_view),
 ]
 handler403 = response_error_handler
 if settings.DEBUG: #DEV only
    urlpatterns += static(settings.STATIC_URL, document_root= settings.STATIC_ROOT)
    urlpatterns += static(settings.MEDIA_URL, document_root= settings.MEDIA_ROOT)
 # ROOT_URLCONF must specify the module that contains handler403 = ...
@override_settings(ROOT_URLCONF=__name__)
 class CustomErrorHandlerTests(SimpleTestCase):
    def test_handler_renders_template_response(self):
        response = self.client.get('/403/')
        # Make assertions on the response here. For example:
        self.assertContains(response, 'Error handler content', status_code=403)
--- a/Clientes/custom_decorators.py
+++ b/Clientes/custom_decorators.py
@@ -0,0 +1,22 @@
 from functools import wraps
 from django.contrib import messages
 from django.shortcuts import redirect
 from django.http import HttpResponse
 def Custom_is_staff_function(user):
    if user.is_staff:
        return True
    return False
 def is_staff_access(view_to_return="index"):
    def decorator(view):
        @wraps(view)
        def _wrapped_view(request, *args, **kwargs):
            if not Custom_is_staff_function(request.user):
                messages.error(request, "No es personal del staff autorizado.")
                return redirect(view_to_return)
            return view(request, *args, **kwargs)
        return _wrapped_view
    return decorator
--- a/Clientes/urls.py
+++ b/Clientes/urls.py
@@ -16,7 +16,6 @@ from .views import (
 urlpatterns = [
    path('', index, name='index'),    
    path('add_timbre2/', add_timbre2.as_view(), name='add_timbre2'),
    path('timbres_cliente/<str:RFC>/', timbres_cliente, name='timbres_cliente'),
    path('cliente/update/<int:pk>/',ClientesUpdateView.as_view(),name='update_cliente'),
    path('cliente/add/', ClientesCreateView.as_view(), name='add_cliente'),
--- a/Clientes/views.py
+++ b/Clientes/views.py
@@ -3,6 +3,8 @@ from django.contrib import messages
 from django.http import HttpResponse
 from django.http import JsonResponse
 from django.contrib.auth.decorators import login_required
 from .custom_decorators import is_staff_access
 from .models import Clientes,Timbres,saldoModel,ErroresTimbres
 from rest_framework.views import APIView
@@ -135,7 +137,6 @@ def send_timbres_Email(request):
@login_required
 def index(request):    
    clientes_list = Clientes.objects.all()
    mes = request.GET.get('mes', None)
    page = request.GET.get('page', 1)
@@ -174,8 +175,6 @@ def index(request):
    return render(request,'Clientes/index.html',context)
 def pageFunc(page,qs,per_page):
    paginator = Paginator(qs,per_page)
    try:
@@ -188,9 +187,12 @@ def pageFunc(page,qs,per_page):
@login_required
@is_staff_access()
 def timbres_cliente(request, RFC):
    if request.user.is_staff:
        lista = Timbres.objects.filter(rfcc=RFC)
-
+    else:
        lista = Timbres.objects.filter(rfcc=RFC,modo='Normal')
    search = request.GET.get('search',None)
    page = request.GET.get('page', 1)
    datepicker    = request.GET.get('datepicker', None)
@@ -237,8 +239,11 @@ class ClientesUpdateView(UserPassesTestMixin,LoginRequiredMixin,UpdateView):
    template_name='Clientes/edit_cliente.html'
    def test_func(self):  
-        #self.request.user.groups.all()
+        
-        return self.request.user.groups.filter(name= 'admin_soft')
+        res = self.request.user.groups.filter(name= 'admin_soft')
        if not res:
            messages.error(self.request, f'Lo sentimos. La página que buscas no está disponible, no cuentas con los permisos.')
        return res
 class ClientesCreateView(UserPassesTestMixin,LoginRequiredMixin,CreateView):
--- a/Templates/403.html
+++ b/Templates/403.html
@@ -0,0 +1,35 @@
 <!doctype html>
 <html lang="en">
  <head>
    <!-- Required meta tags -->
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <!-- Bootstrap CSS -->
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.2.1/dist/css/bootstrap.min.css" integrity="sha384-GJzZqFGwb1QTTN6wy59ffF1BuGJpLSa9DkKMp0DgiMDm4iYMj70gZWKYbI706tWS" crossorigin="anonymous">
    <title>Hello, world!</title>
  </head>
  <body >
    <div>
        {% include 'partials/messages.html' %}
        <img class="rounded mx-auto d-block" src="https://www.lucushost.com/blog/wp-content/uploads/2020/06/error-403-forbidden.png" alt="Forbidden">
        <a href="/"  class="btn btn-info btn-lg rounded mx-auto d-block mt-3">
            <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-arrow-return-left" viewBox="0 0 16 16">
                <path fill-rule="evenodd" d="M14.5 1.5a.5.5 0 0 1 .5.5v4.8a2.5 2.5 0 0 1-2.5 2.5H2.707l3.347 3.346a.5.5 0 0 1-.708.708l-4.2-4.2a.5.5 0 0 1 0-.708l4-4a.5.5 0 1 1 .708.708L2.707 8.3H12.5A1.5 1.5 0 0 0 14 6.8V2a.5.5 0 0 1 .5-.5z"/>
              </svg>
            Regresar al Inicio 
        </a>
    </div>
    <!-- Optional JavaScript -->
    <!-- jQuery first, then Popper.js, then Bootstrap JS -->
    <script src="https://code.jquery.com/jquery-3.3.1.slim.min.js" integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" crossorigin="anonymous"></script>
    <script src="https://cdn.jsdelivr.net/npm/popper.js@1.14.6/dist/umd/popper.min.js" integrity="sha384-wHAiFfRlMFy6i5SRaxvfOCifBUQy1xHdJ/yoi7FRNXMRBu5WHdZYu1hA6ZOblgut" crossorigin="anonymous"></script>
    <script src="https://cdn.jsdelivr.net/npm/bootstrap@4.2.1/dist/js/bootstrap.min.js" integrity="sha384-B0UglyR+jN6CkvvICOB2joaf5I4l3gm9GU6Hc1og6Ls7i6U/mkkaduKaBhlAXv9k" crossorigin="anonymous"></script>
  </body>
 </html>
--- a/Templates/Clientes/index.html
+++ b/Templates/Clientes/index.html
@@ -12,7 +12,6 @@ Timbres disponibles Comercio Digital: {{saldo}}
  <table class="table">
      <thead>
        <tr>
          <th scope="col">
            <input id="table_rfcc" name="rfcc" value="True" type="checkbox" class="form-check-input" >
            Cliente RFC
@@ -56,7 +55,6 @@ Timbres disponibles Comercio Digital: {{saldo}}
          <th scope="col">
            <a target="_blank" rel="noopener noreferrer" href="{% url 'export_Excel' %}?mes={{mes}}">Excel Todos los clientes X Mes </a>
          </th>
        </tr>
      </thead>
      <tbody>
@@ -135,6 +133,7 @@ Timbres disponibles Comercio Digital: {{saldo}}
              </td>
          </tr>          
        {% endfor %}
      </tbody>
  </table>
 </div>
--- a/Templates/Clientes/timbres_cliente.html
+++ b/Templates/Clientes/timbres_cliente.html
@@ -17,7 +17,6 @@
 </span>
 <br><br>
 <table class="table">
    <thead>
      <tr>
@@ -48,6 +47,7 @@
    </tbody>
 </table>
 {% endblock content %}