Include depending predicates in permission rules,

so that permissions are basing on other ones

Include depending predicates in permission rules,
57be44f2 · Jonathan Weth · f57c83f3 · 57be44f2
Verified Commit 57be44f2 authored 4 years ago by Jonathan Weth
--- a/aleksis/apps/alsijil/rules.py
+++ b/aleksis/apps/alsijil/rules.py
@@ -40,69 +40,61 @@ add_perm("alsijil.view_lesson", view_lesson_predicate)
 add_perm("alsijil.view_lesson_menu", has_person)
 # View lesson personal notes
-view_lesson_personal_notes_predicate = has_person & (
+view_lesson_personal_notes_predicate = view_lesson_predicate & (
    has_global_perm("alsijil.view_personalnote")
+    | ~is_lesson_participant
    | has_lesson_group_object_perm("core.view_personalnote_group")
-    | is_lesson_teacher
-    | is_lesson_parent_group_owner
 )
 add_perm("alsijil.view_lesson_personalnote", view_lesson_personal_notes_predicate)
 # Edit personal note
-edit_lesson_personal_note_predicate = has_person & (
+edit_lesson_personal_note_predicate = view_lesson_personal_notes_predicate & (
    has_global_perm("alsijil.change_personalnote")
+    | ~is_lesson_parent_group_owner
    | has_lesson_group_object_perm("core.edit_personalnote_group")
-    | is_lesson_teacher
 )
 add_perm("alsijil.edit_lesson_personalnote", edit_lesson_personal_note_predicate)
 # View personal note
 view_personal_note_predicate = has_person & (
    has_global_perm("alsijil.view_personalnote")
-    | has_personal_note_group_perm("core.view_personalnote_group")
    | is_personal_note_lesson_teacher
    | (
        is_own_personal_note
        & is_site_preference_set("alsijil", "view_own_personal_notes")
    )
    | is_personal_note_lesson_parent_group_owner
+    | has_personal_note_group_perm("core.view_personalnote_group")
 )
 add_perm("alsijil.view_personalnote", view_personal_note_predicate)
 # Edit personal note
-edit_personal_note_predicate = has_person & (
+edit_personal_note_predicate = view_personal_note_predicate & (
    has_global_perm("alsijil.view_personalnote")
+    | ~is_own_personal_note
    | has_personal_note_group_perm("core.edit_personalnote_group")
-    | is_personal_note_lesson_teacher
-    | is_personal_note_lesson_parent_group_owner
 )
 add_perm("alsijil.edit_personalnote", edit_personal_note_predicate)
 # View lesson documentation
-view_lesson_documentation_predicate = has_person & (
+view_lesson_documentation_predicate = view_lesson_predicate
-    has_global_perm("alsijil.view_lessondocumentation")
-    | has_lesson_group_object_perm("core.view_lessondocumentation_group")
-    | is_lesson_teacher
-    | is_lesson_parent_group_owner
-    | is_lesson_participant
-)
 add_perm("alsijil.view_lessondocumentation", view_lesson_documentation_predicate)
 # Edit lesson documentation
-edit_lesson_documentation_predicate = has_person & (
+edit_lesson_documentation_predicate = view_lesson_predicate & (
    has_global_perm("alsijil.change_lessondocumentation")
-    | has_lesson_group_object_perm("core.edit_lessondocumentation_group")
    | is_lesson_teacher
+    | has_lesson_group_object_perm("core.edit_lessondocumentation_group")
 )
 add_perm("alsijil.edit_lessondocumentation", edit_lesson_documentation_predicate)
 # View week overview
 view_week_predicate = has_person & (
    has_global_perm("alsijil.view_week")
-    | has_object_perm("core.view_week_class_register_group")
+    | is_current_person
    | is_group_member
    | is_group_owner
-    | is_current_person
+    | has_object_perm("core.view_week_class_register_group")
 )
 add_perm("alsijil.view_week", view_week_predicate)
@@ -164,7 +156,7 @@ view_person_overview_menu_predicate = has_person
 add_perm("alsijil.view_person_overview_menu", view_person_overview_menu_predicate)
 # View person overview personal notes
-view_person_overview_personal_notes_predicate = has_person & (
+view_person_overview_personal_notes_predicate = view_person_overview_predicate & (
    has_global_perm("alsijil.view_personalnote")
    | has_person_group_object_perm("core.view_personalnote_group")
    | is_person_primary_group_owner
@@ -176,10 +168,13 @@ add_perm(
 )
 # Edit person overview personal notes
-edit_person_overview_personal_notes_predicate = has_person & (
+edit_person_overview_personal_notes_predicate = (
-    has_global_perm("alsijil.edit_personalnote")
+    view_person_overview_personal_notes_predicate
-    | has_person_group_object_perm("core.edit_personalnote_group")
+    & (
-    | is_person_primary_group_owner
+        has_global_perm("alsijil.edit_personalnote")
+        | ~is_current_person
+        | has_person_group_object_perm("core.edit_personalnote_group")
+    )
 )
 add_perm(
    "alsijil.edit_person_overview_personalnote",
@@ -187,11 +182,8 @@ add_perm(
 )
 # View person statistics on personal notes
-view_person_statistics_personal_notes_predicate = has_person & (
+view_person_statistics_personal_notes_predicate = (
-    has_global_perm("alsijil.view_personalnote")
+    view_person_overview_personal_notes_predicate
-    | has_person_group_object_perm("core.view_personalnote_group")
-    | is_person_primary_group_owner
-    | is_current_person
 )
 add_perm(
    "alsijil.view_person_statistics_personalnote",
@@ -203,15 +195,21 @@ view_excusetypes_predicate = has_person & has_global_perm("alsijil.view_excusety
 add_perm("alsijil.view_excusetypes", view_excusetypes_predicate)
 # Add excuse type
-add_excusetype_predicate = has_person & has_global_perm("alsijil.add_excusetype")
+add_excusetype_predicate = view_excusetypes_predicate & has_global_perm(
+    "alsijil.add_excusetype"
+)
 add_perm("alsijil.add_excusetype", add_excusetype_predicate)
 # Edit excuse type
-edit_excusetype_predicate = has_person & has_global_perm("alsijil.change_excusetype")
+edit_excusetype_predicate = view_excusetypes_predicate & has_global_perm(
+    "alsijil.change_excusetype"
+)
 add_perm("alsijil.edit_excusetype", edit_excusetype_predicate)
 # Delete excuse type
-delete_excusetype_predicate = has_person & has_global_perm("alsijil.delete_excusetype")
+delete_excusetype_predicate = view_excusetypes_predicate & has_global_perm(
+    "alsijil.delete_excusetype"
+)
 add_perm("alsijil.delete_excusetype", delete_excusetype_predicate)
 # View extra mark list
@@ -219,13 +217,19 @@ view_extramarks_predicate = has_person & has_global_perm("alsijil.view_extramark
 add_perm("alsijil.view_extramarks", view_extramarks_predicate)
 # Add extra mark
-add_extramark_predicate = has_person & has_global_perm("alsijil.add_extramark")
+add_extramark_predicate = view_extramarks_predicate & has_global_perm(
+    "alsijil.add_extramark"
+)
 add_perm("alsijil.add_extramark", add_extramark_predicate)
 # Edit extra mark
-edit_extramark_predicate = has_person & has_global_perm("alsijil.change_extramark")
+edit_extramark_predicate = view_extramarks_predicate & has_global_perm(
+    "alsijil.change_extramark"
+)
 add_perm("alsijil.edit_extramark", edit_extramark_predicate)
 # Delete extra mark
-delete_extramark_predicate = has_person & has_global_perm("alsijil.delete_extramark")
+delete_extramark_predicate = view_extramarks_predicate & has_global_perm(
+    "alsijil.delete_extramark"
+)
 add_perm("alsijil.delete_extramark", delete_extramark_predicate)