Skip to content

Commit 300ae1d

Browse files
c-wmargaretmeehan
c-w
authored and
margaretmeehan
committed
Fix 403 when project admin accesses edit pages
1 parent c4765ef commit 300ae1d

File tree

2 files changed

+14
-11
lines changed

2 files changed

+14
-11
lines changed

app/api/permissions.py

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -22,10 +22,13 @@ def has_permission(self, request, view):
2222
return IsAdminUser().has_permission(request, view)
2323

2424

25-
class SuperUserMixin(UserPassesTestMixin):
26-
25+
class ProjectAdminMixin(UserPassesTestMixin):
2726
def test_func(self):
28-
return self.request.user.is_superuser
27+
return self.request.user.is_superuser or is_in_role(
28+
role_name=IsProjectAdmin.role_name,
29+
user_id=self.request.user.id,
30+
project_id=self.kwargs['project_id'],
31+
)
2932

3033

3134
class IsOwnAnnotation(ProjectMixin, BasePermission):

app/server/views.py

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
from django.views.generic.list import ListView
99
from django.contrib.auth.mixins import LoginRequiredMixin
1010

11-
from api.permissions import SuperUserMixin
11+
from api.permissions import ProjectAdminMixin
1212
from api.models import Project, RoleMapping
1313
from app import settings
1414

@@ -38,7 +38,7 @@ class ProjectsView(LoginRequiredMixin, TemplateView):
3838
template_name = 'projects.html'
3939

4040

41-
class DatasetView(SuperUserMixin, LoginRequiredMixin, ListView):
41+
class DatasetView(ProjectAdminMixin, LoginRequiredMixin, ListView):
4242
template_name = 'dataset.html'
4343
paginate_by = 5
4444
extra_context = {
@@ -50,35 +50,35 @@ def get_queryset(self):
5050
return project.documents.all()
5151

5252

53-
class LabelView(SuperUserMixin, LoginRequiredMixin, TemplateView):
53+
class LabelView(ProjectAdminMixin, LoginRequiredMixin, TemplateView):
5454
template_name = 'admin.html'
5555
extra_context = {
5656
'bundle_name': 'label'
5757
}
5858

5959

60-
class StatsView(SuperUserMixin, LoginRequiredMixin, TemplateView):
60+
class StatsView(ProjectAdminMixin, LoginRequiredMixin, TemplateView):
6161
template_name = 'admin.html'
6262
extra_context = {
6363
'bundle_name': 'stats'
6464
}
6565

6666

67-
class GuidelineView(SuperUserMixin, LoginRequiredMixin, TemplateView):
67+
class GuidelineView(ProjectAdminMixin, LoginRequiredMixin, TemplateView):
6868
template_name = 'admin.html'
6969
extra_context = {
7070
'bundle_name': 'guideline'
7171
}
7272

7373

74-
class UsersView(SuperUserMixin, LoginRequiredMixin, TemplateView):
74+
class UsersView(ProjectAdminMixin, LoginRequiredMixin, TemplateView):
7575
template_name = 'admin.html'
7676
extra_context = {
7777
'bundle_name': 'users'
7878
}
7979

8080

81-
class DataUpload(SuperUserMixin, LoginRequiredMixin, TemplateView):
81+
class DataUpload(ProjectAdminMixin, LoginRequiredMixin, TemplateView):
8282
template_name = 'admin.html'
8383

8484
def get_context_data(self, **kwargs):
@@ -88,7 +88,7 @@ def get_context_data(self, **kwargs):
8888
return context
8989

9090

91-
class DataDownload(SuperUserMixin, LoginRequiredMixin, TemplateView):
91+
class DataDownload(ProjectAdminMixin, LoginRequiredMixin, TemplateView):
9292
template_name = 'admin.html'
9393

9494
def get_context_data(self, **kwargs):

0 commit comments

Comments
 (0)