добавил страницу ошибки Bad request и права пользователей, добавил форму регистрации

2024-01-17 19:36:35 +03:00
parent feb18af30b
commit ac8fc87753
9 changed files with 139 additions and 22 deletions
--- a/users/forms.py
+++ b/users/forms.py
@@ -1,2 +1,9 @@
 from django import forms
+from django.contrib.auth.forms import UserCreationForm
+from .models import User

+
+class UserRegisterForm(UserCreationForm):
+    class Meta(UserCreationForm.Meta):
+        model = User
+        fields = ('login', 'is_superuser')
--- a/users/models.py
+++ b/users/models.py
@@ -36,9 +36,10 @@ class User(AbstractBaseUser):

    def has_perm(self, perm, obj=None):
        # управления правами пользователя
-        secure_level = -1
-        if self.is_authenticated:
-            secure_level = 0
+        if not self.is_authenticated:
+            return False
+
+        secure_level = 0
        if self.is_superuser:
            secure_level = 1

--- a/users/urls.py
+++ b/users/urls.py
@@ -19,7 +19,7 @@ from . import views

 urlpatterns = [
    path('', views.default_view, name='account'),
-    path('register', views.default_view, name='register'),
+    path('register', views.view_register, name='register'),
    path('login', views.view_login, name='login'),
    path('logout', views.view_logout, name='logout'),
    path('list', views.view_list, name='accounts-list'),
--- a/users/views.py
+++ b/users/views.py
@@ -4,8 +4,9 @@ from django.http import HttpResponse, HttpResponseRedirect, HttpResponseBadReque
 from django.shortcuts import render
 # from django.db.models import Manager
 from django.contrib.auth import authenticate, login, logout
-from django.contrib.auth.decorators import login_required
+from django.contrib.auth.decorators import login_required, permission_required
 from .models import User
+from .forms import UserRegisterForm


 def default_view(request):
@@ -53,10 +54,17 @@ def view_login(request):


@login_required
-def view_list(request):
-    users = []
-    # ограничение права на просмотр списка пользователей для непривилегированных пользователей
-    if request.user.is_superuser:
-        users = User.objects.order_by('login')
-    return render(request, 'account/list.html', {'users': users})
+@permission_required(perm='users.add_user', raise_exception=True)
+def view_register(request):
+    form = UserRegisterForm(request.POST or None)
+    if request.method == 'POST':
+        if form.is_valid():
+            form.save()
+            return HttpResponseRedirect('/account/list')
+    return render(request, 'account/register.html', {'form': form})

+
+@login_required
+@permission_required(perm='users.view_user', raise_exception=True)
+def view_list(request):
+    return render(request, 'account/list.html', {'users': User.objects.order_by('login')})