From ab8366a9669bf043cfe6d1965fdcb013d008dcca Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Wed, 27 Aug 2014 09:27:01 +0200 Subject: [PATCH] =?UTF-8?q?Interdit=20aux=20=C3=A9tudiants=20voir=20une=20?= =?UTF-8?q?annonce=20qui=20ne=20leur=20est=20pas=20autoris=C3=A9e?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Les webmasters sont exclus de ce filtrage. fixes #5217 --- appli_project/appli_recherche/views.py | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/appli_project/appli_recherche/views.py b/appli_project/appli_recherche/views.py index 8ea93ce..22c8738 100644 --- a/appli_project/appli_recherche/views.py +++ b/appli_project/appli_recherche/views.py @@ -261,7 +261,18 @@ class MesAnnonces(ProfilRechercheView, TemplateView): annonces_sauvegardees_actions(request) return super(MesAnnonces, self).get(request, *args, **kwargs) -class Contact(ProfilRechercheView, SingleObjectMixin, FormView): +class ReservedAnnounceMixin(object): + def get_queryset(self): + qs = self.model.objects + if socle_views.is_webmaster(self.request.user): + return qs.all() + else: + # uniquement les annonces autorisées pour cet utilisateur + return qs.filter( + type_d_offre__in=self.request.user.type_d_offre.all() + | models.TypeOffre.objects.filter(id=1)) + +class Contact(ReservedAnnounceMixin, ProfilRechercheView, SingleObjectMixin, FormView): '''Formulaire de contact des propriétaires''' form_class = forms.ContactAnnonceForm template_name = 'appli_recherche/contact.html' @@ -316,7 +327,7 @@ class FiberAddendum(object): ctx['fiber_page'] = Page.objects.get(url__exact='recherche') return ctx -class Annonce(ProfilRechercheView, FiberAddendum, DetailView): +class Annonce(ReservedAnnounceMixin, ProfilRechercheView, FiberAddendum, DetailView): template_name = 'appli_recherche/annonce-detail.html' model = models.Annonce context_object_name = "annonce"