diff options
Diffstat (limited to 'coip/apps/name/views.py')
-rw-r--r-- | coip/apps/name/views.py | 36 |
1 files changed, 23 insertions, 13 deletions
diff --git a/coip/apps/name/views.py b/coip/apps/name/views.py index a59190b..a8c17de 100644 --- a/coip/apps/name/views.py +++ b/coip/apps/name/views.py @@ -6,9 +6,9 @@ Created on Jul 6, 2010 from coip.apps.name.models import Name, lookup, traverse from django.core.exceptions import ObjectDoesNotExist from django.http import HttpResponseNotFound, HttpResponseForbidden,\ - HttpResponseRedirect + HttpResponseRedirect, Http404 from django.contrib.auth.decorators import login_required -from coip.multiresponse import respond_to, json_response +from coip.multiresponse import respond_to, json_response, render403 from pprint import pprint from coip.apps.name.forms import NameEditForm, NewNameForm, NameDeleteForm from twisted.python.reflect import ObjectNotFound @@ -21,7 +21,7 @@ def delete(request,id): return HttpResponseNotFound() if not name.has_permission(request.user,'d'): - return HttpResponseForbidden() + return render403() if request.method == 'POST': form = NameDeleteForm(request.POST) @@ -63,10 +63,11 @@ def add(request,id): return HttpResponseForbidden('You are not allowed to create names') if request.method == 'POST': - name = Name(parent=parent,creator=request.user,acl=parent.copy_acl()) + name = Name(parent=parent,creator=request.user) form = NewNameForm(request.POST,instance=name) if form.is_valid(): - form.save() + name = form.save() + name.copyacl(name.parent) return HttpResponseRedirect("/name/id/%d" % name.id) else: form = NewNameForm() @@ -101,18 +102,27 @@ def show_root(request): def show(request,name): if not name: - return HttpResponseNotFound() + raise Http404() if name.has_permission(request.user,'r'): + memberships = None + invitations = None + if name.has_permission(request.user,'l'): + memberships = name.memberships + invitations = name.invitations return respond_to(request, {'text/html': 'apps/name/name.html'}, - {'name': name, - 'memberships': name.memberships, - 'delete': name.has_permission(request.user,'d'), - 'insert': name.has_permission(request.user,'i'), - 'edit': name.has_permission(request.user,'w')}) + {'name': name, + 'memberships':memberships, + 'invitations':invitations, + 'render': {'delete': name.has_permission(request.user,'d'), + 'insert': name.has_permission(request.user,'i'), + 'edit': name.has_permission(request.user,'w'), + 'invite': name.has_permission(request.user,'i'), + 'up': name.parent and name.parent.has_permission(request.user,'r')} + }) else: - return HttpResponseForbidden() + return render403() @login_required def show_by_name(request,n=None): @@ -121,7 +131,7 @@ def show_by_name(request,n=None): try: return show(request,lookup(n)) except ObjectDoesNotExist: - return HttpResponseNotFound() + return HttpResponseNotFound() @login_required def show_by_id(request,id=None): |