Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check permissions on notification updates #348

Merged
merged 1 commit into from
Jan 11, 2022
Merged

Check permissions on notification updates #348

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 33 additions & 11 deletions coldfront/core/project/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
from django.conf import settings
from django.contrib import messages
from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
from django.contrib.auth.decorators import user_passes_test, login_required
from django.contrib.auth.models import User
from coldfront.core.utils.common import import_from_settings
from django.contrib.messages.views import SuccessMessageMixin
Expand Down Expand Up @@ -870,25 +871,46 @@ def post(self, request, *args, **kwargs):
return HttpResponseRedirect(reverse('project-user-detail', kwargs={'pk': project_obj.pk, 'project_user_pk': project_user_obj.pk}))


@login_required
def project_update_email_notification(request):

if request.method == "POST":
data = request.POST
project_user_obj = get_object_or_404(
ProjectUser, pk=data.get('user_project_id'))
checked = data.get('checked')
if checked == 'true':
project_user_obj.enable_notifications = True
project_user_obj.save()
return HttpResponse('', status=200)
elif checked == 'false':
project_user_obj.enable_notifications = False
project_user_obj.save()
return HttpResponse('', status=200)


project_obj = project_user_obj.project

allowed = False
if project_obj.pi == request.user:
allowed = True

if project_obj.projectuser_set.filter(user=request.user, role__name='Manager', status__name='Active').exists():
allowed = True

if project_user_obj.user == request.user:
allowed = True

if request.user.is_superuser:
allowed = True

if allowed == False:
return HttpResponse('not allowed', status=403)
else:
return HttpResponse('', status=400)
checked = data.get('checked')
if checked == 'true':
project_user_obj.enable_notifications = True
project_user_obj.save()
return HttpResponse('checked', status=200)
elif checked == 'false':
project_user_obj.enable_notifications = False
project_user_obj.save()
return HttpResponse('unchecked', status=200)
else:
return HttpResponse('no checked', status=400)
else:
return HttpResponse('', status=400)
return HttpResponse('no POST', status=400)


class ProjectReviewView(LoginRequiredMixin, UserPassesTestMixin, TemplateView):
Expand Down