Andrey Smakotin
14cc73722f
- Added role management views (list, create, edit, delete) - Created user_roles URL routing - Added role management templates with Bootstrap styling - Updated navbar with Roles link for owners and superusers - Enhanced decorators and mixins with superuser bypass - Added assign_owner_role.py utility script 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
45 lines
1.5 KiB
Python
45 lines
1.5 KiB
Python
from functools import wraps
|
||
from django.http import HttpResponseForbidden
|
||
from django.shortcuts import redirect
|
||
from django.contrib import messages
|
||
from user_roles.services import RoleService
|
||
|
||
|
||
def role_required(*role_codes):
|
||
"""
|
||
Декоратор для проверки роли пользователя.
|
||
|
||
Использование:
|
||
@role_required('owner', 'manager')
|
||
def my_view(request):
|
||
...
|
||
"""
|
||
def decorator(view_func):
|
||
@wraps(view_func)
|
||
def wrapper(request, *args, **kwargs):
|
||
if not request.user.is_authenticated:
|
||
return redirect('login')
|
||
|
||
# Superuser имеет полный доступ
|
||
if request.user.is_superuser:
|
||
return view_func(request, *args, **kwargs)
|
||
|
||
if RoleService.user_has_role(request.user, *role_codes):
|
||
return view_func(request, *args, **kwargs)
|
||
|
||
messages.error(request, 'У вас нет прав для выполнения этого действия.')
|
||
return HttpResponseForbidden('Access denied')
|
||
|
||
return wrapper
|
||
return decorator
|
||
|
||
|
||
def owner_required(view_func):
|
||
"""Декоратор для проверки роли Владелец"""
|
||
return role_required('owner')(view_func)
|
||
|
||
|
||
def manager_or_owner_required(view_func):
|
||
"""Декоратор для проверки роли Менеджер или Владелец"""
|
||
return role_required('owner', 'manager')(view_func)
|