From 862023840d3e65ce339d9521dd8187711c1ddac0 Mon Sep 17 00:00:00 2001
From: Aatish Neupane <aatishnn@gmail.com>
Date: Fri, 26 Oct 2018 14:15:31 +0545
Subject: [PATCH] add messages on success, use permissions for views

---
 ipv6work/settings.py |  9 ++++++---
 jobs/views.py        | 36 ++++++++++++++++++++++++------------
 2 files changed, 30 insertions(+), 15 deletions(-)

diff --git a/ipv6work/settings.py b/ipv6work/settings.py
index a425f67..8dabe2b 100644
--- a/ipv6work/settings.py
+++ b/ipv6work/settings.py
@@ -49,8 +49,8 @@ INSTALLED_APPS += [
     'dal',
     'dal_select2',
 
-    # for authorization
-    'rules',
+    # for authorization, rules are autodiscovered from rules.py in apps
+    'rules.apps.AutodiscoverRulesConfig',
 ]
 
 # Our apps
@@ -73,7 +73,7 @@ ROOT_URLCONF = 'ipv6work.urls'
 TEMPLATES = [
     {
         'BACKEND': 'django.template.backends.django.DjangoTemplates',
-        'DIRS': [],
+        'DIRS': ['templates/'],
         'APP_DIRS': True,
         'OPTIONS': {
             'context_processors': [
@@ -123,6 +123,9 @@ AUTHENTICATION_BACKENDS = (
     'django.contrib.auth.backends.ModelBackend',
 )
 
+LOGIN_REDIRECT_URL = '/'
+LOGOUT_REDIRECT_URL = '/'
+
 # Internationalization
 # https://docs.djangoproject.com/en/2.1/topics/i18n/
 
diff --git a/jobs/views.py b/jobs/views.py
index e2eab4e..028bfa6 100644
--- a/jobs/views.py
+++ b/jobs/views.py
@@ -1,9 +1,11 @@
 from django.urls import reverse_lazy
 from django.http import HttpResponseRedirect
-from django.contrib import messages
+from django.contrib.auth.mixins import LoginRequiredMixin
 from django.views.generic import (View, TemplateView, ListView, CreateView,
                                   DetailView)
 from django.views.generic.detail import SingleObjectMixin
+from django.contrib import messages
+from django.shortcuts import get_object_or_404
 from rules.contrib.views import PermissionRequiredMixin
 
 from .models import Job, Application, Question
@@ -24,7 +26,8 @@ class JobDetail(DetailView):
     model = Job
 
 
-class JobRenew(PermissionRequiredMixin, SingleObjectMixin, View):
+class JobRenew(LoginRequiredMixin, PermissionRequiredMixin, SingleObjectMixin,
+               View):
     model = Job
     permission_required = 'jobs.change_job'
     http_method_names = ['post']
@@ -33,16 +36,15 @@ class JobRenew(PermissionRequiredMixin, SingleObjectMixin, View):
         job = self.get_object()
         job.renew()
         messages.add_message(
-            request, messages.SUCCESSS,
-            'Job has been renewed until {}.'.format(
+            request, messages.SUCCESS, 'Job has been renewed until {}.'.format(
                 job.expires.isoformat(' ', 'seconds')))
         return HttpResponseRedirect(job.get_absolute_url())
 
 
-class JobCreate(CreateView):
+class JobCreate(LoginRequiredMixin, CreateView):
     model = Job
     form_class = JobForm
-    success_url = reverse_lazy("jobs:list")
+    success_url = reverse_lazy("jobs:job_list")
 
     def get(self, request, *args, **kwargs):
         self.object = None
@@ -65,6 +67,7 @@ class JobCreate(CreateView):
         self.object = form.save(commit=False)
         self.object.posted_by = self.request.user
         self.object.save()
+        form.save_m2m()
 
         question_form.instance = self.object
         question_form.save()
@@ -76,11 +79,11 @@ class JobCreate(CreateView):
             self.get_context_data(form=form, question_form=question_form))
 
 
-class ApplicationCreate(CreateView):
+class ApplicationCreate(LoginRequiredMixin, CreateView):
     # TODO: restrict users from re-application
     model = Application
     form_class = ApplicationForm
-    success_url = reverse_lazy("jobs:list")
+    success_url = reverse_lazy("jobs:job_list")
 
     def get_question_queryset(self):
         # filter questions for particular job and order it so same queryset
@@ -115,12 +118,17 @@ class ApplicationCreate(CreateView):
     def form_valid(self, form, answer_form):
         self.object = form.save(commit=False)
         self.object.applicant = self.request.user
-        self.object.job = Job.objects.get(id=self.kwargs['job_pk'])
+        self.object.job = get_object_or_404(Job, id=self.kwargs['job_pk'])
         self.object.save()
+        form.save_m2m()
 
         answer_form.instance = self.object
         answer_form.save()
 
+        messages.add_message(
+            self.request, messages.SUCCESS,
+            'Your application has been succesfully received.')
+
         return HttpResponseRedirect(self.get_success_url())
 
     def form_invalid(self, form, answer_form):
@@ -128,13 +136,17 @@ class ApplicationCreate(CreateView):
             self.get_context_data(form=form, answer_form=answer_form))
 
 
-class ApplicationList(ListView):
+class ApplicationList(LoginRequiredMixin, PermissionRequiredMixin, ListView):
     model = Application
     context_object_name = 'applications'
+    permission_required = 'jobs.change_job'
+
+    def get_permission_object(self):
+        return get_object_or_404(Job, id=self.kwargs['job_pk'])
 
     def get_queryset(self):
         return super().get_queryset().filter(job_id=self.kwargs['job_pk'])
 
-
-class ApplicationDetail(DetailView):
+   
+class ApplicationDetail(LoginRequiredMixin, DetailView):
     model = Application