new role checking (#42)

* new role checking

* changes

* added can_hide validation check in views

* bug fix

* edit quetion validation changes

Author: kirti3192

static/website/templates/get-question.html

@@ -16,8 +16,8 @@
 
 <div class="row">
     <div class="question-wrapper col-lg-12 col-md-12 col-sm-12 col-xs-12">
-    <div class="question {% if user|can_edit:question %}editable{% endif %}">
-        <div class="title {% if user|can_edit:question %}title-editable{% endif %}">
+    <div class="question {% if user|can_edit:question or user|can_hide_delete:question %}editable{% endif %}">
+        <div class="title {% if user|can_edit:question or user|can_hide_delete:question %}title-editable{% endif %}">
            {{ question.title }}
         </div>
 
@@ -27,7 +27,7 @@ <h5>Title</h5>
             <h5>Question</h5>
         </div>
         <div id="questionNicPanel"></div>
-        <div id="{% if user|can_edit:question  %}questionInstance{% endif %}" class="body">
+        <div id="{% if user|can_edit:question or user|can_hide_delete:question %}questionInstance{% endif %}" class="body">
             {{ question.body|bleach }}
         </div>
         <br>
@@ -69,9 +69,10 @@ <h5>Question</h5>
         </a>
 
         <span class="modify question-midify">
-            {% if user|can_edit:question  %}
-                <a class="hide-question btn btn-xs btn-info" data-qid="{{ question.id }}" data-status="{{ question.status }} href="#">{% if question.status == 1 %} Hide {% else %} Show {% endif %}</a>
-                <a class="delete-question btn btn-xs btn-info" data-qid="{{ question.id }}" href="#">Delete</a>
+            {% if user|can_edit:question or user|can_hide_delete:question  %}
+           
+                    <a class="hide-question btn btn-xs btn-info" data-qid="{{ question.id }}" data-status="{{ question.status }} href="#">{% if question.status == 1 %} Hide {% else %} Show {% endif %}</a>
+                    <a class="delete-question btn btn-xs btn-info" data-qid="{{ question.id }}" href="#">Delete</a> 
                 <a class="edit btn btn-xs btn-info" href="#">Edit</a>
                 <a class="save btn btn-xs btn-success" data-qid="{{ question.id }}" href="#">Save</a>
             {% endif %}

website/permissions.py

@@ -1,3 +1,7 @@
 def is_administrator(user):
     if user and user.groups.filter(name='Administrator').count() == 1:
         return True
+
+def is_forumsadmin(user):
+    if user and user.groups.filter(name='Forums-Admin').count() == 1:
+        return True

website/templatetags/permission_tags.py

@@ -1,6 +1,6 @@
 from django import template
 
-from website.permissions import is_administrator
+from website.permissions import is_administrator, is_forumsadmin
 
 register = template.Library()
 
@@ -10,10 +10,15 @@ def can_edit(user, obj):
         return True
     return False
 
+def can_hide_delete(user, obj):
+    if user.id == obj.uid or is_forumsadmin(user):
+        return True
+    return False
 
 def isadministrator(user):
     return is_administrator(user)
 
 
 register.filter(can_edit)
 register.filter(isadministrator)
+register.filter(can_hide_delete)

website/views.py

@@ -14,7 +14,7 @@
 from website.forms import NewQuestionForm, AnswerQuesitionForm
 from website.helpers import get_video_info, prettify, clean_user_data, get_similar_questions
 from django.conf  import settings
-from website.templatetags.permission_tags import can_edit
+from website.templatetags.permission_tags import can_edit, can_hide_delete
 from spoken_auth.models import FossCategory
 from .sortable import SortableHeader, get_sorted_list, get_field_index
 from django.db.models import Count
@@ -476,7 +476,7 @@ def ajax_question_update(request):
         title = request.POST['question_title']
         body = request.POST['question_body']
         question = get_object_or_404(Question, pk=qid)
-        if can_edit(user=request.user, obj=question):
+        if can_edit(user=request.user, obj=question) or can_hide_delete(user=request.user, obj=question):
             question.title = title
             question.body = body
             question.save()
@@ -496,7 +496,7 @@ def ajax_details_update(request):
         minute_range = request.POST['minute_range']
         second_range = request.POST['second_range']
         question = get_object_or_404(Question, pk=qid)
-        if can_edit(user=request.user, obj=question):
+        if can_edit(user=request.user, obj=question) or can_hide_delete(user=request.user, obj=question):
             question.category = category
             question.tutorial = tutorial
             question.minute_range = minute_range
@@ -586,7 +586,7 @@ def ajax_delete_question(request):
     if request.method == "POST":
         key = request.POST['question_id']
         question = get_object_or_404(Question, pk=key)
-        if can_edit(user=request.user, obj=question):
+        if can_edit(user=request.user, obj=question) or can_hide_delete(user=request.user, obj=question):
             question.delete()
             result = True
     return HttpResponse(json.dumps(result), mimetype='application/json')
@@ -598,7 +598,7 @@ def ajax_hide_question(request):
     if request.method == "POST":
         key = request.POST['question_id']
         question = get_object_or_404(Question, pk=key)
-        if can_edit(user=request.user, obj=question):
+        if can_edit(user=request.user, obj=question) or can_hide_delete(user=request.user, obj=question):
             question.status = 0
             if request.POST['status'] == '0':
                 question.status = 1