Refined Access.

necessary129 · necessary129 · commit 4e3bf73c024a · 2016-12-06T19:05:38.000+05:30
Fixes #325
diff --git a/vms/administrator/utils.py b/vms/administrator/utils.py
@@ -0,0 +1,11 @@
+from functools import wraps
+from django.shortcuts import render
+
+def admin_required(func):
+	@wraps(func)
+	def wrapped_view(request, *args, **kwargs):
+		admin = getattr(request.user, 'administrator', None)
+		if not admin:
+			return render(request, 'vms/no_admin_rights.html')
+		return func(request, *args, **kwargs)
+	return wrapped_view
diff --git a/vms/administrator/views.py b/vms/administrator/views.py
@@ -13,6 +13,7 @@
 from django.views.generic.edit import FormView, UpdateView
 from django.views.generic import View
 from administrator.models import Administrator
+from administrator.utils import admin_required
 from django.utils.decorators import method_decorator
 
 
@@ -81,6 +82,7 @@ def post(self, request, *args, **kwargs):
 
 
 @login_required
+@admin_required
 def settings(request):
     user = request.user
     admin = None
diff --git a/vms/registration/views.py b/vms/registration/views.py
@@ -3,6 +3,7 @@
 from django.http import HttpResponseRedirect
 from django.shortcuts import render
 from braces.views import LoginRequiredMixin, AnonymousRequiredMixin
+from administrator.views import AdministratorLoginRequiredMixin
 from django.views.generic.edit import FormView
 from django.views.generic import TemplateView
 from django.core.urlresolvers import reverse_lazy
@@ -16,7 +17,7 @@
 from administrator.models import *
 
 
-class AdministratorSignupView(TemplateView):
+class AdministratorSignupView(AdministratorLoginRequiredMixin, TemplateView):
     """
     Administrator and Volunteer signup is implemented as a TemplateView that
     displays the signup form.
diff --git a/vms/volunteer/views.py b/vms/volunteer/views.py
@@ -10,6 +10,7 @@
 from django.views.generic.detail import DetailView
 from django.views.generic import ListView
 from braces.views import LoginRequiredMixin, AnonymousRequiredMixin
+from administrator.utils import admin_required
 from organization.services import *
 from shift.services import *
 from event.services import get_signed_up_events_for_volunteer
@@ -162,6 +163,7 @@ def post(self, request, *args, **kwargs):
                        'job_list': job_list, 'event_list': event_list, 'selected_event': event_name,
                        'selected_job': job_name})
 @login_required
+@admin_required
 def search(request):
     if request.method == 'POST':
         form = SearchVolunteerForm(request.POST)
