fix: check_if_superuser decorator

crud/companies/views.py

@@ -6,7 +6,7 @@
 from django.contrib import messages
 from django.contrib.admin.models import LogEntry, ADDITION, CHANGE
 from django.contrib.admin.utils import _get_changed_field_labels_from_form
-from django.contrib.auth.decorators import login_required, user_passes_test
+from django.contrib.auth.decorators import login_required
 from django.contrib.contenttypes.models import ContentType
 from django.shortcuts import get_object_or_404, redirect, render
 from django.urls import reverse
@@ -16,6 +16,7 @@
 from ricerca_app.models import *
 from ricerca_app.utils import decrypt, encrypt
 
+from .. utils.decorators import check_if_superuser
 from .. utils.forms import ChoosenPersonForm
 
 from . decorators import *
@@ -405,7 +406,7 @@ def company_unical_department_data_delete(request, code, department_id,
 
 
 @login_required
-@user_passes_test(lambda u: u.is_superuser)
+@check_if_superuser
 # @can_manage_companies
 def company_delete(request, code, company=None):
     # ha senso?

crud/patents/views.py

@@ -4,7 +4,7 @@
 from django.contrib import messages
 from django.contrib.admin.models import LogEntry, ADDITION, CHANGE
 from django.contrib.admin.utils import _get_changed_field_labels_from_form
-from django.contrib.auth.decorators import login_required, user_passes_test
+from django.contrib.auth.decorators import login_required
 from django.contrib.contenttypes.models import ContentType
 from django.shortcuts import get_object_or_404, redirect, render
 from django.urls import reverse
@@ -14,6 +14,7 @@
 from ricerca_app.models import *
 from ricerca_app.utils import decrypt, encrypt
 
+from .. utils.decorators import check_if_superuser
 from .. utils.forms import ChoosenPersonForm
 from .. utils.utils import custom_message, log_action
 
@@ -295,7 +296,7 @@ def patent_inventor_delete(request, code, inventor_id, patent=None):
 
 
 @login_required
-@user_passes_test(lambda u: u.is_superuser)
+@check_if_superuser
 # @can_manage_patents
 def patent_delete(request, code, patent=None):
     """

crud/phd/views.py

@@ -4,7 +4,7 @@
 from django.contrib import messages
 from django.contrib.admin.models import CHANGE, LogEntry, ADDITION
 from django.contrib.admin.utils import _get_changed_field_labels_from_form
-from django.contrib.auth.decorators import login_required, user_passes_test
+from django.contrib.auth.decorators import login_required
 from django.contrib.contenttypes.models import ContentType
 from django.shortcuts import get_object_or_404, redirect, render
 from django.urls import reverse
@@ -14,6 +14,7 @@
 from ricerca_app.models import *
 from ricerca_app.utils import decrypt, encrypt
 
+from .. utils.decorators import check_if_superuser
 from .. utils.forms import ChoosenPersonForm
 from .. utils.utils import custom_message, log_action
 
@@ -555,7 +556,7 @@ def phd_other_teacher_delete(request, code, teacher_id,
 
 
 @login_required
-@user_passes_test(lambda u: u.is_superuser)
+@check_if_superuser
 # @can_manage_phd
 # @can_edit_phd
 def phd_delete(request, code, my_offices=None, phd=None,

crud/projects/views.py

@@ -4,7 +4,7 @@
 from django.contrib import messages
 from django.contrib.admin.models import LogEntry, ADDITION, CHANGE
 from django.contrib.admin.utils import _get_changed_field_labels_from_form
-from django.contrib.auth.decorators import login_required, user_passes_test
+from django.contrib.auth.decorators import login_required
 from django.contrib.contenttypes.models import ContentType
 from django.shortcuts import get_object_or_404, redirect, render
 from django.urls import reverse
@@ -14,6 +14,7 @@
 from ricerca_app.models import *
 from ricerca_app.utils import decrypt, encrypt
 
+from .. utils.decorators import check_if_superuser
 from .. utils.forms import *
 from .. utils.settings import ALLOWED_STRUCTURE_TYPES
 from .. utils.utils import log_action
@@ -172,7 +173,7 @@ def project_new(request):
 
 
 @login_required
-@user_passes_test(lambda u: u.is_superuser)
+@check_if_superuser
 # @can_manage_projects
 # # @can_edit_project
 def project_delete(request, code, project=None):

crud/research_groups/views.py

@@ -3,7 +3,7 @@
 from django.contrib import messages
 from django.contrib.admin.models import LogEntry, ADDITION, CHANGE
 from django.contrib.admin.utils import _get_changed_field_labels_from_form
-from django.contrib.auth.decorators import login_required, user_passes_test
+from django.contrib.auth.decorators import login_required
 from django.contrib.contenttypes.models import ContentType
 from django.shortcuts import get_object_or_404, redirect, render
 from django.urls import reverse
@@ -13,6 +13,7 @@
 from ricerca_app.models import *
 from ricerca_app.utils import decrypt, encrypt
 
+from .. utils.decorators import check_if_superuser
 from .. utils.utils import custom_message, log_action
 
 from . decorators import *
@@ -89,7 +90,7 @@ def researchgroup(request, code,
 
 
 @login_required
-@user_passes_test(lambda u: u.is_superuser)
+@check_if_superuser
 # attualmente solo i superuser possono effetture l'operazione
 # @can_manage_researchgroups
 # @can_edit_researchgroup

crud/research_lines/views.py

@@ -3,7 +3,7 @@
 from django.contrib import messages
 from django.contrib.admin.models import LogEntry, ADDITION, CHANGE
 from django.contrib.admin.utils import _get_changed_field_labels_from_form
-from django.contrib.auth.decorators import login_required, user_passes_test
+from django.contrib.auth.decorators import login_required
 from django.contrib.contenttypes.models import ContentType
 from django.shortcuts import get_object_or_404, redirect, render
 from django.urls import reverse
@@ -13,6 +13,7 @@
 from ricerca_app.models import *
 from ricerca_app.utils import decrypt, encrypt
 
+from .. utils.decorators import check_if_superuser
 from .. utils.utils import custom_message, log_action
 
 from . decorators import *
@@ -307,7 +308,7 @@ def applied_researchline(request, code,
 
 
 @login_required
-@user_passes_test(lambda u: u.is_superuser)
+@check_if_superuser
 # attualmente solo i superuser possono effetture l'operazione
 # @can_manage_researchlines
 # @can_edit_base_researchline
@@ -330,7 +331,7 @@ def base_researchline_delete(request, code,
 
 
 @login_required
-@user_passes_test(lambda u: u.is_superuser)
+@check_if_superuser
 # attualmente solo i superuser possono effetture l'operazione
 # @can_manage_researchlines
 # @can_edit_applied_researchline

crud/utils/decorators.py

@@ -0,0 +1,15 @@
+from . utils import custom_message
+
+
+def check_if_superuser(func_to_decorate):
+    """
+    """
+    def new_func(*original_args, **original_kwargs):
+        request = original_args[0]
+
+        if request.user.is_superuser:
+            return func_to_decorate(*original_args, **original_kwargs)
+
+        return custom_message(request, _("Permission denied"))
+
+    return new_func

ricerca/urls.py

@@ -14,7 +14,7 @@
     2. Add a URL to urlpatterns:  path('blog/', include('blog.urls'))
 """
 from django.conf import settings
-from django.conf.urls import url
+# from django.conf.urls import url
 from django.conf.urls.static import static
 from django.contrib import admin
 from django.contrib.auth.decorators import login_required