search

ErwinKomen / RU-istanbul

0 stars 0 forks source link

Non-user behaviour #17

Closed ErwinKomen closed 2 weeks ago

ErwinKomen commented 2 weeks ago

Assuming someone is an authorized user, that person should not be able to edit, add or delete anything. As is reported, such a person is able to add an installation. Action: double check and correct

ErwinKomen commented 2 weeks ago

Implementation

  1. Regular users or even editors are not allowed to see the admin section - edited navbar.html
  2. Non-editors may not even see the Add menu section - edited navbar.html
  3. Attempting to add a new installation as authenticated non-editor:
    1. Problem in add_installation.html, since there is no instance.pk yet:
      1. adapt all add_something.html templates
      2. do this by defining a add_heading.html that contains the actual logic
    2. Editing should not be allowed for non-users:
      1. Add user's group check in utilities.views.edit_model()
    3. Where to redirect to, if a user attempts this?
      1. Add a general 'you have no permission' template with a button to get back to the page's HOME

Okay, the above works.

Other

Other stuff that I encountered.

  1. Problem finding eventpersonrelation_set
    1. This should be available from model Event, value personrelations