restrict contact views

closes #25
ZendaInnocent · Nov 5, 2023 · ec629d1 · ec629d1
1 parent 3872b6f
commit ec629d1
Show file tree

Hide file tree

Showing 7 changed files with 51 additions and 35 deletions.
diff --git a/config/settings.py b/config/settings.py
@@ -13,6 +13,7 @@
 
 from decouple import config
 from django.contrib import messages
+from django.urls import reverse_lazy
 from django.utils.translation import gettext_lazy as _
 
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
@@ -215,3 +216,5 @@
 PHONENUMBER_DEFAULT_REGION = 'TZ'
 
 PHONENUMBER_DEFAULT_FORMAT = 'INTERNATIONAL'
+
+LOGIN_REDIRECT_URL = reverse_lazy('main:home')
diff --git a/pim/contacts/templates/contacts/contact_form.html b/pim/contacts/templates/contacts/contact_form.html
@@ -15,7 +15,16 @@ <h2>
     {% endif %}
     {% csrf_token %}
     {{ form | crispy }}
-    <button class="btn btn-primary">
+    <button class="btn btn-primary" type="submit">
       {% trans 'Save' %}
     </button>
+    {% if object %}
+    <button class="btn btn-secondary">
+      {% trans 'Cancel' %}
+    </button>
+    {% else %}
+    <a href="{% url 'contacts:index' %}" class="btn btn-secondary">
+      {% trans 'Cancel' %}
+    </a>
+    {% endif %}
   </form>
diff --git a/pim/contacts/templates/contacts/contact_list.html b/pim/contacts/templates/contacts/contact_list.html
@@ -2,9 +2,9 @@
 
 <ul class="list-group" id="contacts">
   {% for contact in contacts %}
-  <li class="list-group-item btn text-start" hx-get="{% url 'contacts:contact-detail' contact.slug %}"
-    hx-trigger="click" hx-target="#detail">
-    {{ contact }}
+  <li class="list-group-item btn text-start d-flex align-items-center justify-content-between"
+    hx-get="{% url 'contacts:contact-detail' contact.slug %}" hx-trigger="click" hx-target="#detail">
+    {{ contact }} {% include 'contacts/favorite.html' with contact=contact %}
   </li>
   {% empty %}
 

diff --git a/pim/contacts/views.py b/pim/contacts/views.py
@@ -1,4 +1,5 @@
-from django.contrib.auth.mixins import LoginRequiredMixin
+from django.contrib.auth.decorators import login_required
+from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
 from django.http import HttpRequest
 from django.shortcuts import get_object_or_404
 from django.template.response import TemplateResponse
@@ -9,21 +10,22 @@
 from .models import Contact
 
 
-def index(request):
+@login_required
+def index(request) -> TemplateResponse:
     return TemplateResponse(request, 'contacts/index.html', {})
 
 
 class ContactListView(LoginRequiredMixin, generic.ListView):
     context_object_name = 'contacts'
 
     def get_queryset(self):
-        return Contact.objects.filter(user=self.request.user)
+        return self.request.user.contacts.all()
 
 
 contact_list = ContactListView.as_view()
 
 
-class ContactCreateView(generic.CreateView):
+class ContactCreateView(LoginRequiredMixin, generic.CreateView):
     model = Contact
     form_class = ContactForm
     success_url = reverse_lazy('contacts:index')
@@ -36,43 +38,55 @@ def get_initial(self):
 contact_add = ContactCreateView.as_view()
 
 
-class ContactDetailView(generic.DetailView):
+class ContactDetailView(LoginRequiredMixin, UserPassesTestMixin, generic.DetailView):
     model = Contact
     context_object_name = 'contact'
 
+    def test_func(self) -> bool | None:
+        return self.get_object().user == self.request.user
+
 
 contact_detail = ContactDetailView.as_view()
 
 
-class ContactUpdateView(generic.UpdateView):
+class ContactUpdateView(LoginRequiredMixin, UserPassesTestMixin, generic.UpdateView):
     model = Contact
     form_class = ContactForm
     extra_context = {'title': 'Edit'}
 
+    def test_func(self) -> bool | None:
+        return self.get_object().user == self.request.user
+
 
 contact_edit = ContactUpdateView.as_view()
 
 
-class ContactDeleteView(generic.DeleteView):
+class ContactDeleteView(LoginRequiredMixin, UserPassesTestMixin, generic.DeleteView):
     model = Contact
     success_url = reverse_lazy('contacts:index')
 
+    def test_func(self) -> bool | None:
+        return self.get_object().user == self.request.user
+
 
 contact_delete = ContactDeleteView.as_view()
 
 
+@login_required
 def contact_search(request: HttpRequest) -> TemplateResponse:
     q = request.GET.get('q', None)
     contacts = []
     if q is not None:
-        contacts = Contact.objects.filter(name__icontains=q)
+        contacts = request.user.contacts.filter(name__icontains=q)
 
     return TemplateResponse(
         request, 'contacts/contact_list.html', {'contacts': contacts}
     )
 
 
+@login_required
 def toggle_favorite(request: HttpRequest, slug: str) -> TemplateResponse:
-    contact: Contact = get_object_or_404(Contact, slug=slug)
+    contact: Contact = get_object_or_404(Contact, slug=slug, user=request.user)
     contact.toggle_favorite()
-    return TemplateResponse(request, 'contacts/favorite.html', {'contact': contact})
+    context = {'contact': contact}
+    return TemplateResponse(request, 'contacts/favorite.html', context)
diff --git a/static/images/star-2763.svg b/static/images/star-2763.svg
diff --git a/static/images/star-7207.svg b/static/images/star-7207.svg
diff --git a/templates/account/email_confirm.html b/templates/account/email_confirm.html
@@ -1,4 +1,4 @@
-{% extends "account/base.html" %}
+{% extends "base.html" %}
 
 {% load i18n %}
 {% load account %}
@@ -13,18 +13,24 @@ <h1>{% trans "Confirm E-mail Address" %}</h1>
 
 {% user_display confirmation.email_address.user as user_display %}
 
-<p>{% blocktrans with confirmation.email_address.email as email %}Please confirm that <a href="mailto:{{ email }}">{{ email }}</a> is an e-mail address for user {{ user_display }}.{% endblocktrans %}</p>
+<p>
+    {% blocktrans with confirmation.email_address.email as email %}Please confirm that
+    <a href="mailto:{{ email }}">{{ email }}</a> is an e-mail address for user {{ user_display }}.{% endblocktrans %}
+</p>
 
 <form method="post" action="{% url 'account_confirm_email' confirmation.key %}">
-{% csrf_token %}
-    <button type="submit">{% trans 'Confirm' %}</button>
+    {% csrf_token %}
+    <button class="btn btn-primary" type="submit">{% trans 'Confirm' %}</button>
 </form>
 
 {% else %}
 
 {% url 'account_email' as email_url %}
 
-<p>{% blocktrans %}This e-mail confirmation link expired or is invalid. Please <a href="{{ email_url }}">issue a new e-mail confirmation request</a>.{% endblocktrans %}</p>
+<p>
+    {% blocktrans %}This e-mail confirmation link expired or is invalid. Please <a href="{{ email_url }}">issue a new
+        e-mail confirmation request</a>.{% endblocktrans %}
+</p>
 
 {% endif %}