+
-{% if request.user.is_superuser %}
-
Hello, {{ user.username }} !
+
Hello, {{ user.username }} !
-{% else %}
-
-
Unauthorized
-
-
-{% endif %}
{% endblock %}
diff --git a/reValuate/users/__pycache__/views.cpython-38.pyc b/reValuate/users/__pycache__/views.cpython-38.pyc
index d736ad73..91dcb821 100644
Binary files a/reValuate/users/__pycache__/views.cpython-38.pyc and b/reValuate/users/__pycache__/views.cpython-38.pyc differ
diff --git a/reValuate/users/views.py b/reValuate/users/views.py
index de61c19a..2bf762ce 100644
--- a/reValuate/users/views.py
+++ b/reValuate/users/views.py
@@ -6,6 +6,8 @@ from django.shortcuts import render, redirect, get_object_or_404
from django.contrib.auth.models import User
from django.contrib import messages
from upload.models import Media
+from django.core.exceptions import PermissionDenied
+
# need to make oauth facebook login
class SignUpView(generic.CreateView):
@@ -37,23 +39,26 @@ def addToBalance(request):
return render(request,"addBalance.html")
def removeBalance(request):
- balRem = None
- if request.method == "POST":
- tokens = request.POST["tokens"]
- tokens = int(tokens) * -1
- user_given = request.POST["user_instance"]
- try:
- user_instance = Balance.objects.get(user=user_given)
- sum_balance = user_instance.balanceValue + tokens
- balRem = Balance(balanceValue=sum_balance, user_id=user_instance)
- balRem.save()
- print(balRem)
- except Balance.DoesNotExist:
- balRem = Balance(balanceValue=tokens, user_id=user_given)
- balRem.save()
- return render(request,"getBalance.html", {"userBalance":balRem})
+ if request.user.groups.filter(name='Cashier').exists():
+ balRem = None
+ if request.method == "POST":
+ tokens = request.POST["tokens"]
+ tokens = int(tokens) * -1
+ user_given = request.POST["user_instance"]
+ try:
+ user_instance = Balance.objects.get(user=user_given)
+ sum_balance = user_instance.balanceValue + tokens
+ balRem = Balance(balanceValue=sum_balance, user_id=user_instance)
+ balRem.save()
+ print(balRem)
+ except Balance.DoesNotExist:
+ balRem = Balance(balanceValue=tokens, user_id=user_given)
+ balRem.save()
+ return render(request,"getBalance.html", {"userBalance":balRem})
+ else:
+ return render(request,"removeBalance.html")
else:
- return render(request,"removeBalance.html")
+ raise PermissionDenied("Unauthorized")
def getBalance(request):
balObject = Balance.objects.filter(user=request.user.id)
@@ -65,38 +70,43 @@ def getBalance(request):
return render(request,"getBalance.html", {"userBalance":userBalance} )
def adminView(request):
- try:
- latestPicture = Media.objects.filter(tokenized=None)
- latestPicture, userId, date, time, is_video = latestPicture.values("image")[0]["image"], latestPicture.values("user_id")[0]["user_id"], latestPicture.values("date")[0]["date"], latestPicture.values("time")[0]["time"], latestPicture.values("is_video")[0]["is_video"]
- username = User.objects.get(pk=userId)
+
+ if request.user.groups.filter(name='Processor').exists():
- if request.method == "POST":
- if request.POST['isValid'] == "Valid":
- try:
- user_instance = Balance.objects.get(user=userId)
- sum_balance = 5 + user_instance.balanceValue
- balAdd = Balance(balanceValue=sum_balance, user_id=user_instance)
- balAdd.save()
- print(balAdd)
- except Balance.DoesNotExist:
- balAdd = Balance(balanceValue=5, user_id=userId)
- balAdd.save()
+ try:
+ latestPicture = Media.objects.filter(tokenized=None)
+ latestPicture, userId, date, time, is_video = latestPicture.values("image")[0]["image"], latestPicture.values("user_id")[0]["user_id"], latestPicture.values("date")[0]["date"], latestPicture.values("time")[0]["time"], latestPicture.values("is_video")[0]["is_video"]
+ username = User.objects.get(pk=userId)
+
+ if request.method == "POST":
+ if request.POST['isValid'] == "Valid":
+ try:
+ user_instance = Balance.objects.get(user=userId)
+ sum_balance = 5 + user_instance.balanceValue
+ balAdd = Balance(balanceValue=sum_balance, user_id=user_instance)
+ balAdd.save()
+ print(balAdd)
+ except Balance.DoesNotExist:
+ balAdd = Balance(balanceValue=5, user_id=userId)
+ balAdd.save()
+
+ imageObj = Media.objects.get(image=latestPicture, user_id=userId)
+ imageObj.tokenized = True
+ imageObj.save()
+
+ return redirect("/admin/")
+ elif request.POST['isValid'] == "Invalid":
+ imageObj = Media.objects.get(image=latestPicture, user_id=userId)
+ imageObj.tokenized=False
+ imageObj.reason="Invalid"
+ imageObj.save()
+ return render(request, "adminView.html", {"time":time, "date":date,"image":latestPicture, "userId":userId, "username":username, "is_video":is_video})
- imageObj = Media.objects.get(image=latestPicture, user_id=userId)
- imageObj.tokenized = True
- imageObj.save()
- return redirect("/admin/")
- elif request.POST['isValid'] == "Invalid":
- imageObj = Media.objects.get(image=latestPicture, user_id=userId)
- imageObj.tokenized=False
- imageObj.reason="Invalid"
- imageObj.save()
- return render(request, "adminView.html", {"time":time, "date":date,"image":latestPicture, "userId":userId, "username":username, "is_video":is_video})
-
-
- else:
- return render(request, "adminView")
- return render(request, "adminView.html", {"time":time, "date":date,"image":latestPicture, "userId":userId, "username":username, "is_video":is_video})
- except IndexError:
- return render(request, "adminView.html")
+ else:
+ return render(request, "adminView")
+ return render(request, "adminView.html", {"time":time, "date":date,"image":latestPicture, "userId":userId, "username":username, "is_video":is_video})
+ except IndexError:
+ return render(request, "adminView.html")
+ else:
+ raise PermissionDenied("Unauthorized")
\ No newline at end of file