From 57be44f2375467bfe6ff0d158380e6991e456c57 Mon Sep 17 00:00:00 2001
From: Jonathan Weth <git@jonathanweth.de>
Date: Wed, 21 Oct 2020 17:27:49 +0200
Subject: [PATCH] Include depending predicates in permission rules, so that
permissions are basing on other ones
---
aleksis/apps/alsijil/rules.py | 76 ++++++++++++++++++-----------------
1 file changed, 40 insertions(+), 36 deletions(-)
diff --git a/aleksis/apps/alsijil/rules.py b/aleksis/apps/alsijil/rules.py
index 0e30bebb5..c20c0cfee 100644
--- a/aleksis/apps/alsijil/rules.py
+++ b/aleksis/apps/alsijil/rules.py
@@ -40,69 +40,61 @@ add_perm("alsijil.view_lesson", view_lesson_predicate)
add_perm("alsijil.view_lesson_menu", has_person)
# View lesson personal notes
-view_lesson_personal_notes_predicate = has_person & (
+view_lesson_personal_notes_predicate = view_lesson_predicate & (
has_global_perm("alsijil.view_personalnote")
+ | ~is_lesson_participant
| has_lesson_group_object_perm("core.view_personalnote_group")
- | is_lesson_teacher
- | is_lesson_parent_group_owner
)
add_perm("alsijil.view_lesson_personalnote", view_lesson_personal_notes_predicate)
# Edit personal note
-edit_lesson_personal_note_predicate = has_person & (
+edit_lesson_personal_note_predicate = view_lesson_personal_notes_predicate & (
has_global_perm("alsijil.change_personalnote")
+ | ~is_lesson_parent_group_owner
| has_lesson_group_object_perm("core.edit_personalnote_group")
- | is_lesson_teacher
)
add_perm("alsijil.edit_lesson_personalnote", edit_lesson_personal_note_predicate)
# View personal note
view_personal_note_predicate = has_person & (
has_global_perm("alsijil.view_personalnote")
- | has_personal_note_group_perm("core.view_personalnote_group")
| is_personal_note_lesson_teacher
| (
is_own_personal_note
& is_site_preference_set("alsijil", "view_own_personal_notes")
)
| is_personal_note_lesson_parent_group_owner
+ | has_personal_note_group_perm("core.view_personalnote_group")
)
add_perm("alsijil.view_personalnote", view_personal_note_predicate)
# Edit personal note
-edit_personal_note_predicate = has_person & (
+edit_personal_note_predicate = view_personal_note_predicate & (
has_global_perm("alsijil.view_personalnote")
+ | ~is_own_personal_note
| has_personal_note_group_perm("core.edit_personalnote_group")
- | is_personal_note_lesson_teacher
- | is_personal_note_lesson_parent_group_owner
)
add_perm("alsijil.edit_personalnote", edit_personal_note_predicate)
# View lesson documentation
-view_lesson_documentation_predicate = has_person & (
- has_global_perm("alsijil.view_lessondocumentation")
- | has_lesson_group_object_perm("core.view_lessondocumentation_group")
- | is_lesson_teacher
- | is_lesson_parent_group_owner
- | is_lesson_participant
-)
+view_lesson_documentation_predicate = view_lesson_predicate
add_perm("alsijil.view_lessondocumentation", view_lesson_documentation_predicate)
# Edit lesson documentation
-edit_lesson_documentation_predicate = has_person & (
+edit_lesson_documentation_predicate = view_lesson_predicate & (
has_global_perm("alsijil.change_lessondocumentation")
- | has_lesson_group_object_perm("core.edit_lessondocumentation_group")
| is_lesson_teacher
+ | has_lesson_group_object_perm("core.edit_lessondocumentation_group")
)
add_perm("alsijil.edit_lessondocumentation", edit_lesson_documentation_predicate)
# View week overview
view_week_predicate = has_person & (
has_global_perm("alsijil.view_week")
- | has_object_perm("core.view_week_class_register_group")
+ | is_current_person
| is_group_member
| is_group_owner
- | is_current_person
+ | has_object_perm("core.view_week_class_register_group")
)
add_perm("alsijil.view_week", view_week_predicate)
@@ -164,7 +156,7 @@ view_person_overview_menu_predicate = has_person
add_perm("alsijil.view_person_overview_menu", view_person_overview_menu_predicate)
# View person overview personal notes
-view_person_overview_personal_notes_predicate = has_person & (
+view_person_overview_personal_notes_predicate = view_person_overview_predicate & (
has_global_perm("alsijil.view_personalnote")
| has_person_group_object_perm("core.view_personalnote_group")
| is_person_primary_group_owner
@@ -176,10 +168,13 @@ add_perm(
)
# Edit person overview personal notes
-edit_person_overview_personal_notes_predicate = has_person & (
- has_global_perm("alsijil.edit_personalnote")
- | has_person_group_object_perm("core.edit_personalnote_group")
- | is_person_primary_group_owner
+edit_person_overview_personal_notes_predicate = (
+ view_person_overview_personal_notes_predicate
+ & (
+ has_global_perm("alsijil.edit_personalnote")
+ | ~is_current_person
+ | has_person_group_object_perm("core.edit_personalnote_group")
+ )
)
add_perm(
"alsijil.edit_person_overview_personalnote",
@@ -187,11 +182,8 @@ add_perm(
)
# View person statistics on personal notes
-view_person_statistics_personal_notes_predicate = has_person & (
- has_global_perm("alsijil.view_personalnote")
- | has_person_group_object_perm("core.view_personalnote_group")
- | is_person_primary_group_owner
- | is_current_person
+view_person_statistics_personal_notes_predicate = (
+ view_person_overview_personal_notes_predicate
)
add_perm(
"alsijil.view_person_statistics_personalnote",
@@ -203,15 +195,21 @@ view_excusetypes_predicate = has_person & has_global_perm("alsijil.view_excusety
add_perm("alsijil.view_excusetypes", view_excusetypes_predicate)
# Add excuse type
-add_excusetype_predicate = has_person & has_global_perm("alsijil.add_excusetype")
+add_excusetype_predicate = view_excusetypes_predicate & has_global_perm(
+ "alsijil.add_excusetype"
+)
add_perm("alsijil.add_excusetype", add_excusetype_predicate)
# Edit excuse type
-edit_excusetype_predicate = has_person & has_global_perm("alsijil.change_excusetype")
+edit_excusetype_predicate = view_excusetypes_predicate & has_global_perm(
+ "alsijil.change_excusetype"
+)
add_perm("alsijil.edit_excusetype", edit_excusetype_predicate)
# Delete excuse type
-delete_excusetype_predicate = has_person & has_global_perm("alsijil.delete_excusetype")
+delete_excusetype_predicate = view_excusetypes_predicate & has_global_perm(
+ "alsijil.delete_excusetype"
+)
add_perm("alsijil.delete_excusetype", delete_excusetype_predicate)
# View extra mark list
@@ -219,13 +217,19 @@ view_extramarks_predicate = has_person & has_global_perm("alsijil.view_extramark
add_perm("alsijil.view_extramarks", view_extramarks_predicate)
# Add extra mark
-add_extramark_predicate = has_person & has_global_perm("alsijil.add_extramark")
+add_extramark_predicate = view_extramarks_predicate & has_global_perm(
+ "alsijil.add_extramark"
+)
add_perm("alsijil.add_extramark", add_extramark_predicate)
# Edit extra mark
-edit_extramark_predicate = has_person & has_global_perm("alsijil.change_extramark")
+edit_extramark_predicate = view_extramarks_predicate & has_global_perm(
+ "alsijil.change_extramark"
+)
add_perm("alsijil.edit_extramark", edit_extramark_predicate)
# Delete extra mark
-delete_extramark_predicate = has_person & has_global_perm("alsijil.delete_extramark")
+delete_extramark_predicate = view_extramarks_predicate & has_global_perm(
+ "alsijil.delete_extramark"
+)
add_perm("alsijil.delete_extramark", delete_extramark_predicate)
--
GitLab