removal of private, simplification of permissions

markupwiki/forms.py

@@ -1,5 +1,5 @@
 from django import forms
-from markupwiki.models import Article, ArticleVersion, PUBLIC, PRIVATE
+from markupwiki.models import Article, ArticleVersion
 
 class ArticleForm(forms.ModelForm):
     class Meta:
@@ -10,10 +10,3 @@ class StaffModerationForm(forms.ModelForm):
     class Meta:
         model = Article
         fields = ['status']
-
-class ModerationForm(forms.ModelForm):
-    class Meta:
-        model = Article
-        fields = ['status']
-    status = forms.ChoiceField(choices=((PUBLIC, 'Public'),
-                                        (PRIVATE, 'Private')))

markupwiki/models.py

@@ -3,10 +3,9 @@ from django.contrib.auth.models import User
 from django.core.urlresolvers import reverse
 from markupfield.fields import MarkupField
 
-PUBLIC, PRIVATE, LOCKED, DELETED = range(4)
+PUBLIC, LOCKED, DELETED = range(3)
 ARTICLE_STATUSES = (
     (PUBLIC, 'Public'),     # public - no restrictions on viewing/editing
-    (PRIVATE, 'Private'),   # private - only creator / admins can view
     (LOCKED, 'Locked'),     # locked - only admins can edit
     (DELETED, 'Deleted'),   # deleted - display deleted page
 )
@@ -25,9 +24,6 @@ class Article(models.Model):
     def is_public(self):
         return self.status == PUBLIC
 
-    def is_private(self):
-        return self.status == PRIVATE
-
     def is_locked(self):
         return self.status == LOCKED
 

markupwiki/templates/markupwiki/article.html

@@ -7,6 +7,7 @@
 <h2 class="article_title">
 {% block article_title %}
     {{article.title}}
+    {% if article.is_deleted %} [deleted] {% endif %}
     {% if not version.is_latest %} [revision {{version.number}}] {% endif %}
 {% endblock %}
 </h2>
@@ -29,7 +30,12 @@
 
 <div class="article_body">
 {% block article_body %}
+{% if article.is_deleted %}
+    <p>This article has been deleted.</p>
+{% else %}
     {{version.body}}
+{% endif %}
+
 {% endblock %}
 </div>
 

markupwiki/templates/markupwiki/deleted_article.html

@@ -1,9 +0,0 @@
-{% extends "markupwiki/article.html" %}
-
-{% block article_title %}
-    {{article.title}} [deleted]
-{% endblock %}
-
-{% block article_body %}
-    <p>This article has been deleted.</p>
-{% endblock %}

markupwiki/templates/private_article.html

@@ -1,5 +0,0 @@
-<h2>This Article is Private</h2>
-
-<div class="body">
-    Only the author of this article may view it.
-</div>

markupwiki/views.py

@@ -2,11 +2,11 @@ from difflib import HtmlDiff
 from django.shortcuts import get_object_or_404, render_to_response, redirect
 from django.http import HttpResponseForbidden
 from django.views.decorators.http import require_POST
-from django.contrib.auth.decorators import login_required
+from django.contrib.auth.decorators import login_required, user_passes_test
 from django.template import RequestContext
 from django.utils.functional import wraps
-from markupwiki.models import Article, PUBLIC, PRIVATE, DELETED, LOCKED
-from markupwiki.forms import ArticleForm, StaffModerationForm, ModerationForm
+from markupwiki.models import Article, PUBLIC, DELETED, LOCKED
+from markupwiki.forms import ArticleForm, StaffModerationForm
 
 def title_check(view):
     def new_view(request, title, *args, **kwargs):
@@ -28,13 +28,10 @@ def view_article(request, title, n=None):
     Context:
         article - ``Article`` instance
         version - ``ArticleVersion`` to display
-        form    - ``ModerationForm`` or ``StaffModerationForm`` instance
-                  only present if user is staff or the article creator
+        form    - ``StaffModerationForm`` instance present if user is staff
 
-    Templates:
+    Template:
         article.html - default template used
-        deleted_article.html - template used if article has been deleted
-        private_article.html - template used if article is private for user
     '''
 
     try:
@@ -53,19 +50,8 @@ def view_article(request, title, n=None):
 
     context = {'article':article, 'version': version}
 
-
     if request.user.is_staff:
         context['form'] = StaffModerationForm(instance=article)
-    elif request.user == article.creator and article.status in (PUBLIC, PRIVATE):
-        context['form'] = ModerationForm(instance=article)
-
-    if article.is_deleted():
-        return render_to_response('markupwiki/deleted_article.html', context,
-                                  context_instance=RequestContext(request))
-    elif (article.is_private() and request.user != article.creator
-          and not request.user.is_staff):
-        return render_to_response('private_article.html', context,
-                                  context_instance=RequestContext(request))
 
     return render_to_response('markupwiki/article.html', context,
                               context_instance=RequestContext(request))
@@ -128,27 +114,16 @@ def edit_article(request, title):
 
 
 @require_POST
+@user_passes_test(lambda u: u.is_staff)
 @title_check
 def article_status(request, title):
-    ''' POST-only view to update article status
+    ''' POST-only view to update article status (staff-only)
     '''
     article = get_object_or_404(Article, title=title)
-    status = int(request.POST['status'])
+    article.status = int(request.POST['status'])
+    article.save()
 
-    # can only change status to/from locked or deleted if staff
-    if article.status in (LOCKED, DELETED) or status in (LOCKED, DELETED):
-        perm_test = lambda u,a: u.is_staff
-    # can only change status to/from public/private if staff or creator
-    elif article.status in (PUBLIC, PRIVATE) or status in (PUBLIC, PRIVATE):
-        perm_test = lambda u,a: u.is_staff or u == a.creator
-
-    # check that requrired permissions are met before updating status
-    if perm_test(request.user, article):
-        article.status = status
-        article.save()
-        return redirect(article)
-    else:
-        return HttpResponseForbidden('access denied')
+    return redirect(article)
 
 @title_check
 def article_history(request, title):