Merge branch 'perm_feature' into 'develop'

Perm feature See merge request !48
8 years ago · ee70816d34
parent 8fe3db08d3 76ef758f4e
commit ee70816d34
2 changed files with 17 additions and 0 deletions
--- a/access/middleware.py
+++ b/access/middleware.py
@ -0,0 +1,16 @@
+from django.http import HttpResponseForbidden
+
+
+class CheckPerm(object):
+    @staticmethod
+    def process_request(request):
+        if '/admin' in request.path or "/management" in request.path \
+                 or '/analytics' in request.path:
+
+            if not request.user.is_authenticated():
+                return HttpResponseForbidden()
+
+            if not (request.user.in_role == "M" or request.user.in_role == "S"
+                    or request.user.in_role == "A" or request.user.is_admin):
+
+                return HttpResponseForbidden()
--- a/lms/settings.py
+++ b/lms/settings.py
@ -103,6 +103,7 @@ MIDDLEWARE_CLASSES = [
    'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    'access.middleware.CheckPerm',
 ]

 ROOT_URLCONF = 'lms.urls'