Skip to content

Commit

Permalink
Merge pull request #348 from mdzik/mdzik-project-notification-permiss…
Browse files Browse the repository at this point in the history
…ions

Check permissions on notification updates
  • Loading branch information
aebruno authored Jan 11, 2022
2 parents e0ead55 + 1f4b3f6 commit 001913d
Showing 1 changed file with 33 additions and 11 deletions.
44 changes: 33 additions & 11 deletions coldfront/core/project/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
from django.conf import settings
from django.contrib import messages
from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
from django.contrib.auth.decorators import user_passes_test, login_required
from django.contrib.auth.models import User
from coldfront.core.utils.common import import_from_settings
from django.contrib.messages.views import SuccessMessageMixin
Expand Down Expand Up @@ -870,25 +871,46 @@ def post(self, request, *args, **kwargs):
return HttpResponseRedirect(reverse('project-user-detail', kwargs={'pk': project_obj.pk, 'project_user_pk': project_user_obj.pk}))


@login_required
def project_update_email_notification(request):

if request.method == "POST":
data = request.POST
project_user_obj = get_object_or_404(
ProjectUser, pk=data.get('user_project_id'))
checked = data.get('checked')
if checked == 'true':
project_user_obj.enable_notifications = True
project_user_obj.save()
return HttpResponse('', status=200)
elif checked == 'false':
project_user_obj.enable_notifications = False
project_user_obj.save()
return HttpResponse('', status=200)


project_obj = project_user_obj.project

allowed = False
if project_obj.pi == request.user:
allowed = True

if project_obj.projectuser_set.filter(user=request.user, role__name='Manager', status__name='Active').exists():
allowed = True

if project_user_obj.user == request.user:
allowed = True

if request.user.is_superuser:
allowed = True

if allowed == False:
return HttpResponse('not allowed', status=403)
else:
return HttpResponse('', status=400)
checked = data.get('checked')
if checked == 'true':
project_user_obj.enable_notifications = True
project_user_obj.save()
return HttpResponse('checked', status=200)
elif checked == 'false':
project_user_obj.enable_notifications = False
project_user_obj.save()
return HttpResponse('unchecked', status=200)
else:
return HttpResponse('no checked', status=400)
else:
return HttpResponse('', status=400)
return HttpResponse('no POST', status=400)


class ProjectReviewView(LoginRequiredMixin, UserPassesTestMixin, TemplateView):
Expand Down

0 comments on commit 001913d

Please sign in to comment.