feat: webpath access level

UniversitaDellaCalabria · Mar 7, 2024 · d2ddd38 · d2ddd38
1 parent 3f28a87
commit d2ddd38
Show file tree

Hide file tree

Showing 4 changed files with 56 additions and 2 deletions.
diff --git a/src/cms/contexts/migrations/0017_webpath_access.py b/src/cms/contexts/migrations/0017_webpath_access.py
@@ -0,0 +1,17 @@
+# Generated by Django 4.2.9 on 2024-03-07 10:15
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("cmscontexts", "0016_alter_editorialboardeditors_created_by_and_more"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="webpath",
+            name="access",
+            field=models.CharField(choices=[("", "-")], default="1", max_length=50),
+        ),
+    ]
diff --git a/src/cms/contexts/models.py b/src/cms/contexts/models.py
@@ -34,10 +34,13 @@
                 )
             )
 
+AUTH_USER_GROUPS = app_settings.AUTH_USER_GROUPS + getattr(settings, 'AUTH_USER_GROUPS', ())
+
 
 if 'makemigrations' in sys.argv or 'migrate' in sys.argv: # pragma: no cover
     ROBOTS_TAGS = [('','-')]
     CMS_CONTEXT_PERMISSIONS = [(0,'-')]
+    AUTH_USER_GROUPS = [('','-')]
 
 
 class WebSite(ActivableModel):
@@ -107,6 +110,9 @@ class WebPath(ActivableModel, TimeStampedModel, CreatedModifiedBy):
     robots = models.CharField(choices=ROBOTS_TAGS,
                               default='index, follow',
                               max_length=20)
+    access = models.CharField(choices=AUTH_USER_GROUPS,
+                              default='1',
+                              max_length=50)
 
     class Meta:
         verbose_name_plural = _("Site Contexts (WebPaths)")
@@ -259,6 +265,14 @@ def is_publicable_by(self, user=None, obj=None, parent=False):
     def is_lockable_by(self, user):
         return self.is_publicable_by(user, parent=True)
 
+    def get_access_level(self):
+        for t in getattr(settings, 'AUTH_USER_GROUPS', ()):
+            if self.access == t[0]:
+                return self.access
+        if self.parent and self.access == '1':
+            return self.parent.get_access_level()
+        return '0'
+
     def __str__(self):
         return '{} @ {}{}'.format(self.name, self.site, self.get_full_path())
 

diff --git a/src/cms/contexts/settings.py b/src/cms/contexts/settings.py
@@ -46,3 +46,10 @@
                     #    }
                     #],
                 }
+
+AUTH_USER_GROUPS = (
+    ('0', 'public'),
+    ('1', 'parent'),
+    # ('user_attribute_1', 'level_1'),
+    # ('user_attribute_2', 'level_2',),
+)
diff --git a/src/cms/contexts/views.py b/src/cms/contexts/views.py
@@ -8,7 +8,7 @@
 from django.http import (Http404,
                          HttpResponse,
                          HttpResponseRedirect)
-from django.shortcuts import render, get_object_or_404
+from django.shortcuts import redirect, render, get_object_or_404
 from django.urls import reverse
 from django.utils import timezone
 from django.utils.module_loading import import_string
@@ -94,6 +94,7 @@ def cms_dispatch(request):
 
     if not page:
         raise Http404(_("CMS Page not found"))
+
     context = {
         'website': website,
         'path': path,
@@ -102,7 +103,22 @@ def cms_dispatch(request):
         'page_blocks': page.get_blocks(),
         # 'menus': page.get_menus()
     }
-    return render(request, page.base_template.template_file, context)
+
+    # access level
+    access_level = webpath.get_access_level()
+    if access_level == '0':
+        allow = True
+    elif not request.user:
+        allow = False
+    elif request.user.is_superuser:
+        allow = True
+    elif getattr(request.user, access_level, None):
+        allow = True
+    else:
+        allow = False
+    if allow:
+        return render(request, page.base_template.template_file, context)
+    return redirect(f"//{website.domain}{settings.LOGIN_URL}?next={webpath.get_full_path()}")
 
 
 @staff_member_required