Commit c65c72c3 authored by fred's avatar fred

limit cms access to those with add_page permission

parent 5279f79f
...@@ -19,7 +19,7 @@ from nonstop.urls import urlpatterns as nonstop_urlpatterns ...@@ -19,7 +19,7 @@ from nonstop.urls import urlpatterns as nonstop_urlpatterns
from combo.manager.urls import urlpatterns as combo_manager_urls from combo.manager.urls import urlpatterns as combo_manager_urls
from urls_utils import decorated_includes from urls_utils import decorated_includes, cms_permission_required
sqs = SearchQuerySet().models(Emission, Episode, NewsItem).facet('categories').facet('tags') sqs = SearchQuerySet().models(Emission, Episode, NewsItem).facet('categories').facet('tags')
...@@ -46,7 +46,7 @@ urlpatterns = patterns('', ...@@ -46,7 +46,7 @@ urlpatterns = patterns('',
decorated_includes(login_required, include(newsletter_urlpatterns))), decorated_includes(login_required, include(newsletter_urlpatterns))),
url(r'^cms/', url(r'^cms/',
decorated_includes(login_required, include(combo_manager_urls))), decorated_includes(cms_permission_required, include(combo_manager_urls))),
url(r'^news/$', 'panikdb.views.news', name='news-list'), url(r'^news/$', 'panikdb.views.news', name='news-list'),
......
from django.contrib.auth.decorators import user_passes_test
from django.core.urlresolvers import RegexURLPattern, RegexURLResolver from django.core.urlresolvers import RegexURLPattern, RegexURLResolver
class DecoratedURLPattern(RegexURLPattern): class DecoratedURLPattern(RegexURLPattern):
...@@ -28,3 +29,16 @@ def decorated_includes(func, includes, *args, **kwargs): ...@@ -28,3 +29,16 @@ def decorated_includes(func, includes, *args, **kwargs):
return urlconf_module, app_name, namespace return urlconf_module, app_name, namespace
def cms_permission_required(function=None, login_url=None):
def check_cms_permission(user):
if user and user.has_perm('combo.add_page'):
return True
if user and not user.is_anonymous():
raise PermissionDenied()
# As the last resort, show the login form
return False
actual_decorator = user_passes_test(check_cms_permission, login_url=login_url)
if function:
return actual_decorator(function)
return actual_decorator
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment