search

tethysplatform / tethys

The Tethys Platform main Django website project repository.
http://tethysplatform.org/
BSD 2-Clause "Simplified" License
92 stars 49 forks source link

[BUG] decorator permission_required='add_dams' is not working #984

Closed Sonia-96 closed 1 year ago

Sonia-96 commented 1 year ago

Hello,

I am working on the dam_inventory project from your tutorial. For the "App Permissions" part, I created a diviewer without the permission to add dams. image

And I updated the code as following:

// app.py
class DamInventory(TethysAppBase):
    ...
    def permissions(self):
        """
        Define permissions for the app.
        """
        add_dams = Permission(
            name='add_dams',
            description='Add dams to inventory'
        )

        admin = PermissionGroup(
            name='admin',
            permissions=(add_dams,)
        )

        permissions = (admin,)

        return permissions
// controllers.py

@controller(url='dams/add', permission_required='add_dams')
def add_dam(request):
    """
    Controller for the Add Dam page.
    """

    ...  # read the form and handle the errros

    context = {
        ...
        'can_add_dams': has_permission(request, 'add_dams')
    }

    return render(request, 'dam_inventory/add_dam.html', context)

Though the Add Dam button is hidden, I can still get in the add_dam page by entering the address https://localhost:8000/apps/dam-inventory/dams/add and add a new dam. So, it seems that the decorator permission_required='add_dams' is not working.

msouff commented 1 year ago

The controller parameter you need is plural permissions_required