Add administration tab for staff users

2bbbfe8a · Chris Reffett · e48285d7 · 2bbbfe8a · 2bbbfe8a · 2bbbfe8a
Commit 2bbbfe8a authored Aug 29, 2014 by Chris Reffett
--- a/go/go/templates/adminpanel.html
+++ b/go/go/templates/adminpanel.html
+{% extends 'base.html' %}
+
+
+{% block title %}
+Go - Administration Panel
+{% endblock %}
+
+
+{% block content %}
+</p>
+Users awaiting moderation:
+{% for unapproved in need_approval %}
+    <p>
+    Username: {{ unapproved.username }} 
+    <br />
+    Full name: {{ unapproved.full_name }}
+    <br />
+    Description: {{ unapproved.description|default_if_none:"No description provided" }}
+    </p>
+    <form method="post" action="adminpanel">{% csrf_token %}
+    	<input type="hidden" name="username" value={{ unapproved.username }}>
+        <input type="submit" name="_approve" value="Approve">
+        <input type="submit" name="_deny" value="Deny">
+    </form>
+{% empty %}
+    <p>
+    No users awaiting moderation.
+    </p>
+{% endfor %}
+
+{% endblock %}
--- a/go/go/templates/navbar.html
+++ b/go/go/templates/navbar.html
@@ -2,6 +2,9 @@
  [ <a href="{% url 'about' %}">What is Go?</a>  ]
  {% if user.is_authenticated %}
  | [ <a href="{% url 'my_links' %}">My Links</a> ]
+  {% if user.is_staff %}
+  | [ <a href="{% url 'adminpanel' %}">Administration</a> ]
+  {% endif %}
  | [ <a href="{% url 'go_logout' %}">Log Out</a> ]
  {% else %}
  | [ <a href="{% url 'go_login' %}">Log In</a> ]

--- a/go/go/views.py
+++ b/go/go/views.py
@@ -7,7 +7,8 @@ from django.utils import timezone
 from django.contrib.auth.models import User
 from django.core.exceptions import PermissionDenied, ValidationError
 from django.core.mail import send_mail
-from django.contrib.auth.decorators import login_required
+from django.contrib.auth import REDIRECT_FIELD_NAME
+from django.contrib.auth.decorators import user_passes_test, login_required
 from django.shortcuts import render, get_object_or_404, redirect
 import os

@@ -241,6 +242,39 @@ def redirection(request, short):
    return redirect( url.target )


+def staff_member_required(view_func, redirect_field_name=REDIRECT_FIELD_NAME, login_url='about'):
+    """
+    Decorator for views that checks that the user is logged in and is a staff
+    member, displaying the login page if necessary.
+    """
+    return user_passes_test(
+        lambda u: u.is_active and u.is_staff,
+        login_url=login_url,
+        redirect_field_name=redirect_field_name
+    )(view_func)
+
+
+@staff_member_required
+def adminpanel(request):
+    """
+    This view is a simplified admin panel, so that staff don't need to log in
+    to approve links
+    """
+    if request.POST:
+        if '_approve' in request.POST:
+            toapprove = RegisteredUser.objects.get(username=request.POST['username'])
+            toapprove.approved = True
+            toapprove.save()
+        elif '_deny' in request.POST:
+            todeny = RegisteredUser.objects.get(username=request.POST['username'])
+            todeny.delete()
+    need_approval = RegisteredUser.objects.filter(approved=False)
+    return render(request, 'adminpanel.html',{
+        'need_approval': need_approval
+    },
+    )
+
+
 ##############################################################################
 """
 Define static user views here.

--- a/go/settings/urls.py
+++ b/go/settings/urls.py
@@ -31,6 +31,9 @@ urlpatterns = patterns('go.views',

    # /admin - Administrator interface.
    url(r'^admin/?', include(admin.site.urls)),
+
+    # /adminpanel - light admin interface
+    url(r'^adminpanel/?$', 'adminpanel', name='adminpanel'),
 )

 urlpatterns += patterns('django.contrib.auth.views',