From 75ecb91f09e1f1dc1fa9d93f5d022928b75b9c20 Mon Sep 17 00:00:00 2001
From: Jonathan Weth <git@jonathanweth.de>
Date: Sun, 23 Jun 2024 17:36:43 +0200
Subject: [PATCH] Introduce permissions for AbsenceCreationDialog
---
.../absences/AbsenceCreationDialog.vue | 6 ++++++
.../coursebook/absences/absenceCreation.graphql | 2 +-
aleksis/apps/alsijil/models.py | 6 +++---
aleksis/apps/alsijil/rules.py | 11 ++++-------
aleksis/apps/alsijil/schema/__init__.py | 7 +++++++
aleksis/apps/alsijil/schema/absences.py | 16 ++++++++++------
aleksis/apps/alsijil/util/predicates.py | 9 ++-------
7 files changed, 33 insertions(+), 24 deletions(-)
diff --git a/aleksis/apps/alsijil/frontend/components/coursebook/absences/AbsenceCreationDialog.vue b/aleksis/apps/alsijil/frontend/components/coursebook/absences/AbsenceCreationDialog.vue
index 155433e44..e68d40980 100644
--- a/aleksis/apps/alsijil/frontend/components/coursebook/absences/AbsenceCreationDialog.vue
+++ b/aleksis/apps/alsijil/frontend/components/coursebook/absences/AbsenceCreationDialog.vue
@@ -11,6 +11,9 @@
bottom
fixed
right
+ :class="{
+ 'd-none': !checkPermission('alsijil.view_register_absence_rule'),
+ }"
>
<v-icon>$plus</v-icon>
</create-button>
@@ -106,6 +109,9 @@ export default {
absenceReason: "",
};
},
+ mounted() {
+ this.addPermissions(["alsijil.view_register_absence_rule"]);
+ },
methods: {
cancel() {
this.popup = false;
diff --git a/aleksis/apps/alsijil/frontend/components/coursebook/absences/absenceCreation.graphql b/aleksis/apps/alsijil/frontend/components/coursebook/absences/absenceCreation.graphql
index f808b469f..21ce30d0b 100644
--- a/aleksis/apps/alsijil/frontend/components/coursebook/absences/absenceCreation.graphql
+++ b/aleksis/apps/alsijil/frontend/components/coursebook/absences/absenceCreation.graphql
@@ -1,6 +1,6 @@
# Uses core persons query
query persons {
- allPersons: persons {
+ allPersons: absenceCreationPersons {
id
fullName
}
diff --git a/aleksis/apps/alsijil/models.py b/aleksis/apps/alsijil/models.py
index b2c0a54fc..8dd46a5a8 100644
--- a/aleksis/apps/alsijil/models.py
+++ b/aleksis/apps/alsijil/models.py
@@ -798,11 +798,11 @@ class ParticipationStatus(CalendarEvent):
qs = super().get_objects(request, params).select_related("person", "absence_reason")
if params:
if params.get("person"):
- qs = qs.filter(person_id=params["person"])
+ qs = qs.filter(person=params["person"])
elif params.get("persons"):
- qs = qs.filter(person_id__in=params["persons"])
+ qs = qs.filter(person__in=params["persons"])
elif params.get("group"):
- qs = qs.filter(groups_of_person__id=params.get("group"))
+ qs = qs.filter(groups_of_person__in=params.get("group"))
return qs
@classmethod
diff --git a/aleksis/apps/alsijil/rules.py b/aleksis/apps/alsijil/rules.py
index 9045598fd..836c7383f 100644
--- a/aleksis/apps/alsijil/rules.py
+++ b/aleksis/apps/alsijil/rules.py
@@ -169,19 +169,16 @@ add_perm("alsijil.view_week_personalnote_rule", view_week_personal_notes_predica
# Register absence
view_register_absence_predicate = has_person & (
- (
- is_person_group_owner
- & is_site_preference_set("alsijil", "register_absence_as_primary_group_owner")
- )
- | has_global_perm("alsijil.register_absence")
+ is_person_group_owner | has_global_perm("alsijil.register_absence")
)
+add_perm("alsijil.view_register_absence_rule", view_register_absence_predicate)
register_absence_predicate = has_person & (
- view_register_absence_predicate
+ is_group_owner
+ | has_global_perm("alsijil.register_absence")
| has_object_perm("core.register_absence_person")
| has_person_group_object_perm("core.register_absence_group")
)
-add_perm("alsijil.view_register_absence_rule", view_register_absence_predicate)
add_perm("alsijil.register_absence_rule", register_absence_predicate)
# View full register for group
diff --git a/aleksis/apps/alsijil/schema/__init__.py b/aleksis/apps/alsijil/schema/__init__.py
index 397834be0..2634a297d 100644
--- a/aleksis/apps/alsijil/schema/__init__.py
+++ b/aleksis/apps/alsijil/schema/__init__.py
@@ -44,6 +44,7 @@ class Query(graphene.ObjectType):
groups_by_person = FilterOrderList(GroupType, person=graphene.ID())
courses_of_person = FilterOrderList(CourseType, person=graphene.ID())
+ absence_creation_persons = graphene.List(PersonType)
lessons_for_persons = graphene.List(
LessonsForPersonType,
persons=graphene.List(graphene.ID, required=True),
@@ -147,6 +148,12 @@ class Query(graphene.ObjectType):
| Q(groups__parent_groups__owners=person)
)
+ @staticmethod
+ def resolve_absence_creation_persons(root, info, **kwargs):
+ if not info.context.user.has_perm("alsijil.register_absence"):
+ return Person.objects.filter(member_of__owners=info.context.user.person)
+ return Person.objects.all()
+
@staticmethod
def resolve_lessons_for_persons(
root,
diff --git a/aleksis/apps/alsijil/schema/absences.py b/aleksis/apps/alsijil/schema/absences.py
index ff7bf0376..8560ee73e 100644
--- a/aleksis/apps/alsijil/schema/absences.py
+++ b/aleksis/apps/alsijil/schema/absences.py
@@ -1,6 +1,11 @@
+from datetime import datetime
+
+from django.core.exceptions import PermissionDenied
+
import graphene
from aleksis.apps.kolego.models import Absence
+from aleksis.core.models import Person
from ..models import ParticipationStatus
from .participation_status import ParticipationStatusType
@@ -19,17 +24,18 @@ class AbsencesForPersonsCreateMutation(graphene.Mutation):
@classmethod
def mutate(cls, root, info, persons, start, end, comment, reason): # noqa
- # TODO: Check permissions for ParticipationStatus & KolegoAbsence
- # See MR 356
-
participation_statuses = []
+ persons = Person.objects.filter(pk__in=persons)
+
for person in persons:
+ if not info.context.user.has_perm("alsijil.register_absence_rule", person):
+ raise PermissionDenied()
kolego_absence, __ = Absence.objects.get_or_create(
date_start=start,
date_end=end,
reason_id=reason,
- person_id=person,
+ person=person,
comment=comment,
)
@@ -41,14 +47,12 @@ class AbsencesForPersonsCreateMutation(graphene.Mutation):
with_reference_object=True,
)
- # Create a ParticipationStatus for each documentation
for event in events:
participation_status = event["REFERENCE_OBJECT"]
participation_status.absence_reason_id = reason
participation_status.base_absence = kolego_absence
participation_status.save()
participation_statuses.append(participation_status)
- # Set person & absence_reason directly from id
return AbsencesForPersonsCreateMutation(
ok=True, participation_statuses=participation_statuses
diff --git a/aleksis/apps/alsijil/util/predicates.py b/aleksis/apps/alsijil/util/predicates.py
index 9f06195e2..6dea3844a 100644
--- a/aleksis/apps/alsijil/util/predicates.py
+++ b/aleksis/apps/alsijil/util/predicates.py
@@ -93,19 +93,14 @@ def is_group_owner(user: User, obj: Union[Group, Person]) -> bool:
@predicate
-def is_person_group_owner(user: User, obj: Person) -> bool:
+def is_person_group_owner(user: User, obj) -> bool:
"""
Predicate for group owners of any group.
Checks whether the person linked to the user is
the owner of any group of the given person.
"""
- if obj:
- for group in use_prefetched(obj, "member_of"):
- if user.person in use_prefetched(group, "owners"):
- return True
- return False
- return False
+ return Group.objects.filter(owners=user.person).exists()
def use_prefetched(obj, attr):
--
GitLab