limit channel pages to authorised roles

welco/contrib/alfortville/views.py

@@ -30,7 +30,7 @@ from welco.sources.mail.models import Mail
 from welco.sources.mail.views import Home as MailHome
 from welco.qualif.models import Association
 from welco.utils import get_wcs_data, get_wcs_options, response_for_json
-from welco.views import Home as HomeScreen
+from welco.views import HomeMail as HomeScreen
 
 
 class DgsMailHome(MailHome):

welco/settings.py

@@ -1,3 +1,5 @@
+# -*- coding: utf-8 -*-
+
 """
 Django settings for welco project.
 
@@ -170,6 +172,11 @@ VALIDATION_STEPS = {
 
 AUTHENTIC_AUTH_TUPLE = ('username', 'password')
 
+# mapping of channel to group/role *names*
+CHANNEL_ROLES = {
+    'mail': [],
+    'phone': [],
+}
 
 local_settings_file = os.environ.get('WELCO_SETTINGS_FILE',
         os.path.join(os.path.dirname(__file__), 'local_settings.py'))

welco/templates/welco/home.html

@@ -3,8 +3,12 @@
 
 {% block subheader %}
 <div id="subheader">
-  <a class="icon-mail" href="{% url 'home' %}">{% trans 'Mail' %}</a>
+ {% if 'mail' in channels %}
+  <a class="icon-mail" href="{% url 'home-mail' %}">{% trans 'Mail' %}</a>
+ {% endif %}
+ {% if 'phone' in channels %}
   <a class="icon-phone" href="{% url 'home-phone' %}">{% trans 'Phone' %}</a>
+ {% endif %}
 </div>
 {% endblock %}
 

welco/urls.py

@@ -23,6 +23,7 @@ from . import apps
 
 urlpatterns = patterns('',
     url(r'^$', 'welco.views.home', name='home'),
+    url(r'^mail/$', 'welco.views.home_mail', name='home-mail'),
     url(r'^phone/$', 'welco.views.home_phone', name='home-phone'),
     url(r'^', include('welco.sources.phone.urls')),
     url(r'^ajax/qualification$', 'welco.views.qualification', name='qualif-zone'),

welco/views.py

@@ -99,31 +99,54 @@ class Qualification(TemplateView):
 qualification = csrf_exempt(Qualification.as_view())
 
 
-class Home(TemplateView):
+class ChannelHome(TemplateView):
     template_name = 'welco/home.html'
     source_klass = MailHome
 
     def check_user_ok(self):
-        return True
+        user_groups = set([x.name for x in self.request.user.groups.all()])
+        channel_groups = set(settings.CHANNEL_ROLES[self.source_klass.source_key])
+        return user_groups.intersection(channel_groups)
 
     def get_context_data(self, **kwargs):
         if not self.check_user_ok():
             raise PermissionDenied()
-        context = super(Home, self).get_context_data(**kwargs)
+        context = super(ChannelHome, self).get_context_data(**kwargs)
         context['source'] = self.source_klass(self.request)
         context['kb'] = KbHomeZone(self.request)
         context['contacts'] = ContactsHomeZone(self.request)
+        context['channels'] = []
+
+        user_groups = set([x.name for x in self.request.user.groups.all()])
+        for channel in settings.CHANNEL_ROLES:
+            channel_groups = set(settings.CHANNEL_ROLES[channel])
+            if user_groups.intersection(channel_groups):
+                context['channels'].append(channel)
         return context
 
-home = login_required(Home.as_view())
 
+@login_required
+def home(request):
+    user_groups = set([x.name for x in request.user.groups.all()])
+    for channel in settings.CHANNEL_ROLES:
+        channel_groups = set(settings.CHANNEL_ROLES[channel])
+        if user_groups.intersection(channel_groups):
+            return HttpResponseRedirect('%s/' % channel)
+    raise PermissionDenied()
 
-class HomePhone(Home):
+class HomePhone(ChannelHome):
     source_klass = PhoneHome
 
 home_phone = login_required(HomePhone.as_view())
 
 
+class HomeMail(ChannelHome):
+    source_klass = MailHome
+
+home_mail = login_required(HomeMail.as_view())
+
+
+
 @csrf_exempt
 def qualification_done(request):
     source_class = ContentType.objects.get(