--- /dev/null
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11.17 on 2019-12-29 18:39
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ('phyll', '0002_auto_20191229_1932'),
+ ]
+
+ operations = [
+ migrations.AddField(
+ model_name='note',
+ name='published',
+ field=models.BooleanField(default=True, verbose_name='Published'),
+ ),
+ ]
slug = models.SlugField(_('Slug'), max_length=150)
text = RichTextField(_('Text'), blank=True, null=True)
tags = TaggableManager(_('Tags'), blank=True)
+ published = models.BooleanField(_('Published'), default=True)
creation_timestamp = models.DateTimeField(auto_now_add=True)
last_update_timestamp = models.DateTimeField(auto_now=True)
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+from django.core.exceptions import PermissionDenied
from django.http import Http404
from django.views.generic import CreateView, DeleteView, DetailView, ListView, UpdateView, TemplateView
model = Note
def get(self, request, *args, **kwargs):
+ note = self.get_object()
if kwargs.get('year'):
# check date does match
- note = self.get_object()
creation = self.get_object().creation_timestamp
if (creation.year, creation.month, creation.day) != (
int(kwargs['year']),
int(kwargs['day']),
):
raise Http404()
+ if not note.published and not request.user.is_staff:
+ raise PermissionDenied()
return super(NoteView, self).get(request, *args, **kwargs)
class NoteEditView(UpdateView):
model = Note
- fields = ['title', 'slug', 'text', 'tags']
+ fields = ['title', 'slug', 'text', 'tags', 'published']
class NoteAddView(CreateView):
model = Note
- fields = ['title', 'slug', 'text', 'tags']
+ fields = ['title', 'slug', 'text', 'tags', 'published']
class NoteDeleteView(DeleteView):
model = Note
def get_queryset(self):
- return Note.objects.filter(tags__name__in=[self.kwargs['tag']])
+ qs = Note.objects.filter(tags__name__in=[self.kwargs['tag']])
+ if not self.request.user.is_staff:
+ qs = qs.filter(published=True)
+ return qs