Skip to content
Snippets Groups Projects
Commit 80d113cd authored by Tom Teichler's avatar Tom Teichler :beers: Committed by Hangzhi Yu
Browse files

Add rules for all views

parent 75f59c4c
No related branches found
No related tags found
1 merge request!207Resolve "Roles and permissions"
Pipeline #1564 failed
from rules import add_perm, always_allow from rules import add_perm, always_allow
from aleksis.core.models import Person, Group from aleksis.core.models import Person, Group, Announcement
from aleksis.core.util.predicates import ( from aleksis.core.util.predicates import (
has_person_predicate, has_person_predicate,
has_global_perm, has_global_perm,
...@@ -48,11 +48,15 @@ view_groups_predicate = has_person_predicate & ( ...@@ -48,11 +48,15 @@ view_groups_predicate = has_person_predicate & (
) )
add_perm("core.view_person_groups", view_groups_predicate) add_perm("core.view_person_groups", view_groups_predicate)
# Change person # Edit person
change_person_predicate = has_person_predicate & ( edit_person_predicate = has_person_predicate & (
has_global_perm("core.change_person") | has_object_perm("core.change_person") has_global_perm("core.edit_person") | has_object_perm("core.edit_person")
) )
add_perm("core.change_person", change_person_predicate) add_perm("core.edit_person", edit_person_predicate)
# Link persons with accounts
link_persons_accounts_predicate = has_person_predicate & has_global_perm("core.link_persons_accounts")
add_perm("core.link_persons_accounts", link_persons_accounts_predicate)
# View groups # View groups
view_groups_predicate = has_person_predicate & ( view_groups_predicate = has_person_predicate & (
...@@ -66,5 +70,49 @@ view_group_predicate = has_person_predicate & ( ...@@ -66,5 +70,49 @@ view_group_predicate = has_person_predicate & (
) )
add_perm("core.view_group", view_group_predicate) add_perm("core.view_group", view_group_predicate)
# People menu (persons + objects) # Edit group
edit_group_predicate = has_person_predicate & (
has_global_perm("core.edit_person") | has_object_perm("core.edit_person")
)
add_perm("core.edit_group", edit_group_predicate)
# Edit school information
edit_school_information_predicate = has_person_predicate & has_global_perm("core.edit_school_information")
add_perm("core.edit_school_information", edit_school_information_predicate)
# Edit school term
edit_school_term_predicate = has_person_predicate & has_global_perm("core.edit_school_term")
add_perm("core.edit_school_term", edit_school_term_predicate)
# Manage school
manage_school_predicate = edit_school_information_predicate | edit_school_term_predicate
add_perm("core.manage_school", manage_school_predicate)
# Manage data
manage_data_predicate = has_person_predicate & has_global_perm("core.manage_data")
add_perm("core.manage_data", manage_data_predicate)
# View announcements
view_announcements_predicate = has_person_predicate & (
has_global_perm("core.view_announcements") | has_any_object("core.view_announcements", Announcement)
)
add_perm("core.view_announcements", view_announcements_predicate)
# Create or edit announcements
create_or_edit_announcement_predicate = has_person_predicate & (
has_global_perm("core.create_or_edit_announcement") | has_object_perm("core.create_or_edit_announcement")
)
add_perm("core.create_or_edit_announcement", create_or_edit_announcement_predicate)
# Delete announcement
delete_announcement_predicate = has_person_predicate & (
has_global_perm("core.delete_announcement") | has_object_perm("core.delete_announcement")
)
add_perm("core.delete_announcement", delete_announcement_predicate)
# View people menu (persons + objects)
add_perm("core.view_people_menu", has_person_predicate & (view_persons_predicate | view_groups_predicate)) add_perm("core.view_people_menu", has_person_predicate & (view_persons_predicate | view_groups_predicate))
# View system status
view_system_status_predicate = has_person_predicate & has_global_perm("core.view_system_status")
add_perm("core.view_system_status", view_system_status_predicate)
...@@ -79,7 +79,7 @@ def has_person_predicate(user: User) -> bool: ...@@ -79,7 +79,7 @@ def has_person_predicate(user: User) -> bool:
return has_person(user) return has_person(user)
@predicate() @predicate
def is_person(user: User, obj: Model) -> bool: def is_person(user: User, obj: Model) -> bool:
""" Predicate which checks if the provided object is the person linked to the user object """ """ Predicate which checks if the provided object is the person linked to the user object """
......
...@@ -12,7 +12,7 @@ from haystack.inputs import AutoQuery ...@@ -12,7 +12,7 @@ from haystack.inputs import AutoQuery
from haystack.query import SearchQuerySet from haystack.query import SearchQuerySet
from rules.contrib.views import permission_required, objectgetter from rules.contrib.views import permission_required, objectgetter
from .decorators import admin_required, person_required from .decorators import person_required
from .forms import ( from .forms import (
EditGroupForm, EditGroupForm,
EditPersonForm, EditPersonForm,
...@@ -147,7 +147,7 @@ def groups(request: HttpRequest) -> HttpResponse: ...@@ -147,7 +147,7 @@ def groups(request: HttpRequest) -> HttpResponse:
return render(request, "core/groups.html", context) return render(request, "core/groups.html", context)
@admin_required @permission_required("core.link_persons_accounts")
def persons_accounts(request: HttpRequest) -> HttpResponse: def persons_accounts(request: HttpRequest) -> HttpResponse:
context = {} context = {}
...@@ -163,11 +163,15 @@ def persons_accounts(request: HttpRequest) -> HttpResponse: ...@@ -163,11 +163,15 @@ def persons_accounts(request: HttpRequest) -> HttpResponse:
return render(request, "core/persons_accounts.html", context) return render(request, "core/persons_accounts.html", context)
@permission_required("core.change_person", fn=objectgetter(Person, "id_")) def get_person_by_id(request: HttpRequest, id_:int):
return get_object_or_404(Person, id=id_)
@permission_required("core.edit_person", fn=get_person_by_id)
def edit_person(request: HttpRequest, id_: int) -> HttpResponse: def edit_person(request: HttpRequest, id_: int) -> HttpResponse:
context = {} context = {}
person = get_object_or_404(Person, id=id_) person = get_person_by_id(request, id_)
edit_person_form = EditPersonForm(request.POST or None, request.FILES or None, instance=person) edit_person_form = EditPersonForm(request.POST or None, request.FILES or None, instance=person)
...@@ -185,15 +189,22 @@ def edit_person(request: HttpRequest, id_: int) -> HttpResponse: ...@@ -185,15 +189,22 @@ def edit_person(request: HttpRequest, id_: int) -> HttpResponse:
return render(request, "core/edit_person.html", context) return render(request, "core/edit_person.html", context)
@admin_required def get_group_by_id(request: HttpRequest, id_: Optional[int] = None):
if id_:
return get_object_or_404(Group, id=id_)
else:
return None
@permission_required("core.edit_group", fn=get_group_by_id)
def edit_group(request: HttpRequest, id_: Optional[int] = None) -> HttpResponse: def edit_group(request: HttpRequest, id_: Optional[int] = None) -> HttpResponse:
context = {} context = {}
group = get_group_by_id(request, id_)
if id_: if id_:
group = get_object_or_404(Group, id=id_)
edit_group_form = EditGroupForm(request.POST or None, instance=group) edit_group_form = EditGroupForm(request.POST or None, instance=group)
else: else:
group = None
edit_group_form = EditGroupForm(request.POST or None) edit_group_form = EditGroupForm(request.POST or None)
if request.method == "POST": if request.method == "POST":
...@@ -209,26 +220,26 @@ def edit_group(request: HttpRequest, id_: Optional[int] = None) -> HttpResponse: ...@@ -209,26 +220,26 @@ def edit_group(request: HttpRequest, id_: Optional[int] = None) -> HttpResponse:
return render(request, "core/edit_group.html", context) return render(request, "core/edit_group.html", context)
@admin_required @permission_required("core.manage_data")
def data_management(request: HttpRequest) -> HttpResponse: def data_management(request: HttpRequest) -> HttpResponse:
context = {} context = {}
return render(request, "core/data_management.html", context) return render(request, "core/data_management.html", context)
@admin_required @permission_required("core.view_system_status")
def system_status(request: HttpRequest) -> HttpResponse: def system_status(request: HttpRequest) -> HttpResponse:
context = {} context = {}
return render(request, "core/system_status.html", context) return render(request, "core/system_status.html", context)
@admin_required @permission_required("core.manage_school")
def school_management(request: HttpRequest) -> HttpResponse: def school_management(request: HttpRequest) -> HttpResponse:
context = {} context = {}
return render(request, "core/school_management.html", context) return render(request, "core/school_management.html", context)
@admin_required @permission_required("core.edit_school_information")
def edit_school(request: HttpRequest) -> HttpResponse: def edit_school(request: HttpRequest) -> HttpResponse:
context = {} context = {}
...@@ -249,7 +260,7 @@ def edit_school(request: HttpRequest) -> HttpResponse: ...@@ -249,7 +260,7 @@ def edit_school(request: HttpRequest) -> HttpResponse:
return render(request, "core/edit_school.html", context) return render(request, "core/edit_school.html", context)
@admin_required @permission_required("core.edit_school_term")
def edit_schoolterm(request: HttpRequest) -> HttpResponse: def edit_schoolterm(request: HttpRequest) -> HttpResponse:
context = {} context = {}
...@@ -282,7 +293,7 @@ def notification_mark_read(request: HttpRequest, id_: int) -> HttpResponse: ...@@ -282,7 +293,7 @@ def notification_mark_read(request: HttpRequest, id_: int) -> HttpResponse:
return redirect("index") return redirect("index")
@admin_required @permission_required("core.view_announcements")
def announcements(request: HttpRequest) -> HttpResponse: def announcements(request: HttpRequest) -> HttpResponse:
context = {} context = {}
...@@ -293,12 +304,18 @@ def announcements(request: HttpRequest) -> HttpResponse: ...@@ -293,12 +304,18 @@ def announcements(request: HttpRequest) -> HttpResponse:
return render(request, "core/announcement/list.html", context) return render(request, "core/announcement/list.html", context)
@admin_required def get_announcement_by_pk(request: HttpRequest, id_: Optional[int] = None):
if id_:
return get_object_or_404(Announcement, pk=id_)
@permission_required("core.create_or_edit_announcement", fn=get_announcement_by_pk)
def announcement_form(request: HttpRequest, pk: Optional[int] = None) -> HttpResponse: def announcement_form(request: HttpRequest, pk: Optional[int] = None) -> HttpResponse:
context = {} context = {}
announcement = get_announcement_by_pk(request, pk)
if pk: if pk:
announcement = get_object_or_404(Announcement, pk=pk)
form = AnnouncementForm( form = AnnouncementForm(
request.POST or None, request.POST or None,
instance=announcement instance=announcement
...@@ -320,10 +337,10 @@ def announcement_form(request: HttpRequest, pk: Optional[int] = None) -> HttpRes ...@@ -320,10 +337,10 @@ def announcement_form(request: HttpRequest, pk: Optional[int] = None) -> HttpRes
return render(request, "core/announcement/form.html", context) return render(request, "core/announcement/form.html", context)
@admin_required @permission_required("core.delete_announcement", fn=get_announcement_by_pk)
def delete_announcement(request: HttpRequest, pk: int) -> HttpResponse: def delete_announcement(request: HttpRequest, pk: int) -> HttpResponse:
if request.method == "POST": if request.method == "POST":
announcement = get_object_or_404(Announcement, pk=pk) announcement = get_announcement_by_pk(request, pk)
announcement.delete() announcement.delete()
messages.success(request, _("The announcement has been deleted.")) messages.success(request, _("The announcement has been deleted."))
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment