Skip to content

Commit

Permalink
#1271, #1268: Check change dataset permission on mini gloss toggle edits
Browse files Browse the repository at this point in the history 
Simiplified code.
  • Loading branch information
@susanodd
susanodd committed Jul 5, 2024
1 parent 5d6222b commit 13f44a2
Show file tree
Hide file tree
Showing 2 changed files with 95 additions and 125 deletions.
100 changes: 85 additions & 15 deletions signbank/dictionary/update.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@
from django.urls import reverse

from django.contrib.auth.decorators import permission_required
import guardian

from django.db.models.fields import BooleanField, IntegerField
from django.db import DatabaseError, IntegrityError
from django.db.transaction import TransactionManagementError
Expand Down Expand Up @@ -835,7 +837,6 @@ def update_gloss(request, glossid):

return HttpResponse(str(newvalue), {'content-type': 'text/plain'})

import guardian
if ds in guardian.shortcuts.get_objects_for_user(request.user, ['view_dataset', 'can_view_dataset'],
Dataset, any_perm=True):
newvalue = value
Expand Down Expand Up @@ -2441,7 +2442,6 @@ def update_morpheme(request, morphemeid):

return HttpResponse(str(newvalue), {'content-type': 'text/plain'})

import guardian
if ds in guardian.shortcuts.get_objects_for_user(request.user, ['view_dataset', 'can_view_dataset'],
Dataset, any_perm=True):
newvalue = value
Expand Down Expand Up @@ -2857,7 +2857,6 @@ def update_dataset(request, datasetid):
dataset = get_object_or_404(Dataset, id=datasetid)
dataset.save() # This updates the lastUpdated field

import guardian
from django.contrib.auth.models import Group

try:
Expand All @@ -2873,7 +2872,7 @@ def update_dataset(request, datasetid):
return HttpResponseForbidden("Dataset Update Not Allowed")

user_change_datasets = guardian.shortcuts.get_objects_for_user(request.user, 'change_dataset', Dataset, accept_global_perms=False)
if not dataset in user_change_datasets:
if dataset not in user_change_datasets:
return HttpResponseForbidden("Dataset Update Not Allowed")

field = request.POST.get('id', '')
Expand Down Expand Up @@ -3466,90 +3465,157 @@ def assign_lemma_dataset_to_gloss(request, glossid):
'datasetname': str(success_message) }), {'content-type': 'application/json'})


def okay_to_update_gloss(request, gloss):

if not gloss or not gloss.lemma:
return False

if gloss.lemma.dataset not in guardian.shortcuts.get_objects_for_user(request.user, ['change_dataset'],
Dataset, any_perm=True):
return False

return True


@permission_required('dictionary.change_gloss')
def toggle_tag(request, glossid, tagid):

result = mapping_toggle_tag(request, glossid, tagid)
gloss = Gloss.objects.filter(id=glossid).first()

if not okay_to_update_gloss(request, gloss):
return JsonResponse({})

result = mapping_toggle_tag(request, gloss, tagid)

return JsonResponse(result)


@permission_required('dictionary.change_gloss')
def toggle_semantic_field(request, glossid, semanticfield):

result = mapping_toggle_semanticfield(request, glossid, semanticfield)
gloss = Gloss.objects.filter(id=glossid).first()

if not okay_to_update_gloss(request, gloss):
return JsonResponse({})

result = mapping_toggle_semanticfield(request, gloss, semanticfield)

return JsonResponse(result)


@permission_required('dictionary.change_gloss')
def toggle_wordclass(request, glossid, wordclass):

result = mapping_toggle_wordclass(request, glossid, wordclass)
gloss = Gloss.objects.filter(id=glossid).first()

if not okay_to_update_gloss(request, gloss):
return JsonResponse({})

result = mapping_toggle_wordclass(request, gloss, wordclass)

return JsonResponse(result)


@permission_required('dictionary.change_gloss')
def toggle_namedentity(request, glossid, namedentity):

result = mapping_toggle_namedentity(request, glossid, namedentity)
gloss = Gloss.objects.filter(id=glossid).first()

if not okay_to_update_gloss(request, gloss):
return JsonResponse({})

result = mapping_toggle_namedentity(request, gloss, namedentity)

return JsonResponse(result)


@permission_required('dictionary.change_gloss')
def toggle_handedness(request, glossid, handedness):

result = mapping_toggle_handedness(request, glossid, handedness)
gloss = Gloss.objects.filter(id=glossid).first()

if not okay_to_update_gloss(request, gloss):
return JsonResponse({})

result = mapping_toggle_handedness(request, gloss, handedness)

return JsonResponse(result)


@permission_required('dictionary.change_gloss')
def toggle_domhndsh(request, glossid, domhndsh):

result = mapping_toggle_domhndsh(request, glossid, domhndsh)
gloss = Gloss.objects.filter(id=glossid).first()

if not okay_to_update_gloss(request, gloss):
return JsonResponse({})

result = mapping_toggle_domhndsh(request, gloss, domhndsh)

return JsonResponse(result)


@permission_required('dictionary.change_gloss')
def toggle_subhndsh(request, glossid, subhndsh):

result = mapping_toggle_subhndsh(request, glossid, subhndsh)
gloss = Gloss.objects.filter(id=glossid).first()

if not okay_to_update_gloss(request, gloss):
return JsonResponse({})

result = mapping_toggle_subhndsh(request, gloss, subhndsh)

return JsonResponse(result)


@permission_required('dictionary.change_gloss')
def toggle_locprim(request, glossid, locprim):

result = mapping_toggle_locprim(request, glossid, locprim)
gloss = Gloss.objects.filter(id=glossid).first()

if not okay_to_update_gloss(request, gloss):
return JsonResponse({})

result = mapping_toggle_locprim(request, gloss, locprim)

return JsonResponse(result)


@permission_required('dictionary.change_gloss')
def toggle_movSh(request, glossid, movSh):

result = mapping_toggle_movSh(request, glossid, movSh)
gloss = Gloss.objects.filter(id=glossid).first()

if not okay_to_update_gloss(request, gloss):
return JsonResponse({})

result = mapping_toggle_movSh(request, gloss, movSh)

return JsonResponse(result)


@permission_required('dictionary.change_gloss')
def toggle_language_fields(request, glossid):

result = batch_edit_update_gloss(request, glossid)
gloss = Gloss.objects.filter(id=glossid).first()

if not okay_to_update_gloss(request, gloss):
return JsonResponse({})

result = batch_edit_update_gloss(request, gloss)

return JsonResponse(result)


@permission_required('dictionary.change_gloss')
def quick_create_sense(request, glossid):

result = batch_edit_create_sense(request, glossid)
gloss = Gloss.objects.filter(id=glossid).first()

if not okay_to_update_gloss(request, gloss):
return JsonResponse({})

result = batch_edit_create_sense(request, gloss)

return JsonResponse(result)

Expand All @@ -3563,6 +3629,10 @@ def add_affiliation(request, glossid):
return JsonResponse({})

thisgloss = get_object_or_404(Gloss, id=glossid)

if not okay_to_update_gloss(request, thisgloss):
return JsonResponse({})

tags_label = 'Affiliation'

deletetag = request.POST.get('delete', '')
Expand Down

0 comments on commit 13f44a2

Please sign in to comment.