fix: access level control on handlers

src/cms/contexts/handlers.py

@@ -1,5 +1,8 @@
+from django.conf import settings
+from django.core.exceptions import PermissionDenied
 
 from . models import WebPath
+from . views import _get_site_from_host
 
 
 class BaseContentHandler(object):
@@ -28,6 +31,20 @@ def __init__(self, path:str,
                          template.render(context)
         :return: render the HTML page
         """
+        # access level
+        website = _get_site_from_host(self.request)
+        access_level = webpath.get_access_level()
+        if access_level == '0':
+            pass
+        elif not request.user.is_authenticated:
+            return redirect(f"//{settings.MAIN_DOMAIN}{settings.LOGIN_URL}?next=//{website.domain}{webpath.get_full_path()}")
+        elif access_level == '2' or request.user.is_superuser:
+            pass
+        elif getattr(request.user, access_level, None):
+            pass
+        else:
+            raise PermissionDenied
+
         self.webpath = webpath
         self.path = path
         self.template = template_fname or self.template

src/cms/contexts/utils.py

@@ -7,13 +7,13 @@
 # from django.contrib.admin.models import LogEntry, CHANGE
 from django.contrib.admin.models import CHANGE
 from django.contrib.contenttypes.models import ContentType
+from django.template.loader import get_template, render_to_string
+from django.template.exceptions import (TemplateDoesNotExist,
+                                        TemplateSyntaxError)
 from django.utils import translation
 from django.utils.module_loading import import_string
 from django.utils.translation import gettext as _
 from django.utils.safestring import mark_safe
-from django.template.loader import get_template, render_to_string
-from django.template.exceptions import (TemplateDoesNotExist,
-                                        TemplateSyntaxError)
 
 from cms.templates.models import Log
 

src/cms/contexts/views.py

@@ -37,6 +37,7 @@
                                     app_settings.SITEMAP_WEBPATHS_PRIORITY)
 ROBOTS_SETTINGS = getattr(settings, 'ROBOTS_SETTINGS', app_settings.ROBOTS_SETTINGS)
 
+
 def _get_site_from_host(request):
     requested_site = re.match(r'^[a-zA-Z0-9\.\-\_]*',
                               request.get_host()).group()