25 lines
877 B
Python
25 lines
877 B
Python
from django.shortcuts import render, redirect
|
|
from django.views.decorators.http import require_http_methods
|
|
from elastic.es_connect import get_user_by_id
|
|
|
|
|
|
@require_http_methods(["GET"])
|
|
def home(request):
|
|
# Enforce login: require session user_id
|
|
session_user_id = request.session.get("user_id")
|
|
if session_user_id is None:
|
|
return redirect("/accounts/login/")
|
|
|
|
# Show user_id (prefer query param if present, but don't trust it)
|
|
user_id_qs = request.GET.get("user_id")
|
|
uid = user_id_qs or session_user_id
|
|
perm = request.session.get("permission")
|
|
if perm is None and uid is not None:
|
|
u = get_user_by_id(uid)
|
|
perm = (u or {}).get("permission", 1)
|
|
request.session["permission"] = perm
|
|
context = {
|
|
"user_id": uid,
|
|
"is_admin": (perm == 0),
|
|
}
|
|
return render(request, "main/home.html", context) |