Disallow non-staff users voting

2026-01-04 14:11:00 +03:00 · 2021-04-09 13:09:44 +02:00
parent cb681b5d2e
commit b647adf9c0
4 changed files with 23 additions and 5 deletions
--- a/gdshowreelvote/gdshowreelvote/settings.py
+++ b/gdshowreelvote/gdshowreelvote/settings.py
@@ -158,3 +158,4 @@ SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

 #Custom settings
 VOTE_MAX_SUBMISSIONS_PER_SHOWREEL = 3
+VOTE_ONLY_STAFF_CAN_VOTE = True
--- a/gdshowreelvote/vote/context_processors.py
+++ b/gdshowreelvote/vote/context_processors.py
@@ -1,9 +1,14 @@
+from django.conf import settings
+
 from .models import Showreel

+
 def common(request):
    has_open_showreels = Showreel.objects.filter(status=Showreel.OPENED_TO_SUBMISSIONS).exists()
    has_voting_showreels = Showreel.objects.filter(status=Showreel.VOTE).exists()
+    can_vote = (not settings.VOTE_ONLY_STAFF_CAN_VOTE) or request.user.is_staff
    return {
        'has_open_showreels': has_open_showreels,
        'has_voted_showreels' : has_voting_showreels,
+        'can_vote': can_vote,
    }
--- a/gdshowreelvote/vote/templates/includes/navbar.html
+++ b/gdshowreelvote/vote/templates/includes/navbar.html
@@ -1,5 +1,5 @@
 <ul>
-    <li class="{% if active == "vote" %}active{% endif %}"><a href="{% url 'vote' %}">Vote</a></li>
+    {% if can_vote %}<li class="{% if active == "vote" %}active{% endif %}"><a href="{% url 'vote' %}">Vote</a></li>{% endif %}
    <li class="{% if active == "submissions" %}active{% endif %}"><a href="{% url 'submissions' %}">My submissions</a></li>
    <li class="{% if active == "about" %}active{% endif %}"><a href="{% url 'about' %}">About</a></li>
    {% if user.is_staff %}<li><a href="{% url 'admin:index' %}">Admin</a></li>{% endif %}
--- a/gdshowreelvote/vote/views.py
+++ b/gdshowreelvote/vote/views.py
@@ -1,6 +1,6 @@
 from urllib.parse import urlparse, parse_qs

-from django.shortcuts import get_object_or_404, render
+from django.shortcuts import get_object_or_404, render, redirect
 from django.contrib.auth.decorators import login_required
 from django.http import HttpResponse
 from django.views.generic.list import ListView
@@ -18,7 +18,7 @@ from .forms import *
 import csv

 # Display a random video to be rated
-class VoteView(LoginRequiredMixin, CreateView):
+class VoteView(LoginRequiredMixin, UserPassesTestMixin, CreateView):
    model = Vote
    fields = ["rating"]
    success_url = reverse_lazy('vote')
@@ -73,6 +73,12 @@ class VoteView(LoginRequiredMixin, CreateView):

        return context

+    def test_func(self):
+        return (not settings.VOTE_ONLY_STAFF_CAN_VOTE) or self.request.user.is_staff
+
+    def handle_no_permission(self):
+        return redirect('submissions')
+
 # Delete the last vote done
 class LastVoteDeleteView(LoginRequiredMixin, UserPassesTestMixin, DeleteView):
    http_method_names = ['post', 'delete']
@@ -80,10 +86,16 @@ class LastVoteDeleteView(LoginRequiredMixin, UserPassesTestMixin, DeleteView):

    def get_object(self, queryset=None):
        # Get last vote to delete it
-        return  Vote.objects.filter(user=self.request.user, video__showreel__status=Showreel.VOTE).order_by('created_at').last()
+        return Vote.objects.filter(user=self.request.user, video__showreel__status=Showreel.VOTE).order_by('created_at').last()

    def test_func(self):
-        return Vote.objects.filter(user=self.request.user, video__showreel__status=Showreel.VOTE).exists()
+        if (not settings.VOTE_ONLY_STAFF_CAN_VOTE) or self.request.user.is_staff:
+            return Vote.objects.filter(user=self.request.user, video__showreel__status=Showreel.VOTE).exists()
+        else:
+            return False
+
+    def handle_no_permission(self):
+        return redirect('submissions')

 # Display the list of a user's submissions
 class UserVideoListView(LoginRequiredMixin, ListView):