-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Improved acess checks for Bericht views
- Loading branch information
1 parent
f04cecf
commit 91c82fb
Showing
5 changed files
with
79 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
from .bericht_detail import BerichtDetailView, mark_bericht_as_unread | ||
from .bericht_detail import BerichtDetailView, MarkBerichtUnreadView | ||
from .bericht_list import BerichtListView | ||
|
||
__all__ = ["BerichtDetailView", "BerichtListView", "mark_bericht_as_unread"] | ||
__all__ = ["BerichtDetailView", "BerichtListView", "MarkBerichtUnreadView"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
from django.contrib.auth.mixins import AccessMixin | ||
from django.http import HttpRequest | ||
from django.template.response import TemplateResponse | ||
from django.views import View | ||
|
||
from open_inwoner.berichten.api_models import Bericht | ||
from open_inwoner.berichten.services import BerichtenService | ||
|
||
|
||
class RequireBsnMixin(AccessMixin, View): | ||
|
||
request: HttpRequest | ||
bericht: Bericht | ||
|
||
def dispatch(self, request, *args, **kwargs): | ||
if not request.user.is_authenticated: | ||
return self.handle_no_permission() | ||
|
||
if not request.user.bsn: | ||
return self.handle_no_permission() | ||
|
||
return super().dispatch(request, *args, **kwargs) | ||
|
||
def handle_no_permission(self): | ||
if self.request.user.is_authenticated: | ||
return TemplateResponse(self.request, "pages/cases/403.html") | ||
|
||
return super().handle_no_permission() | ||
|
||
|
||
class BerichtAccessMixin(AccessMixin, View): | ||
|
||
request: HttpRequest | ||
bericht: Bericht | ||
|
||
def dispatch(self, request, *args, **kwargs): | ||
if not (bsn := getattr(request.user, "bsn", None)): | ||
return super().handle_no_permission() | ||
|
||
service = BerichtenService() | ||
self.bericht = service.fetch_bericht(self.kwargs["object_uuid"]) | ||
if ( | ||
self.bericht.identificatie.type != "bsn" | ||
or self.bericht.identificatie.value != bsn | ||
): | ||
return self.handle_no_permission() | ||
|
||
return super().dispatch(request, *args, **kwargs) | ||
|
||
def handle_no_permission(self): | ||
if self.request.user.is_authenticated: | ||
return TemplateResponse(self.request, "pages/cases/403.html") | ||
|
||
return super().handle_no_permission() |