Merge branch 'master' of git://github.com/inventree/InvenTree into user_unique_group_validation

InvenTree/users/admin.py

@@ -119,15 +119,12 @@ class RoleGroupAdmin(admin.ModelAdmin):
     # Save inlines before model
     # https://stackoverflow.com/a/14860703/12794913
     def save_model(self, request, obj, form, change):
-        if obj is not None:
-            # Save model immediately only if in 'Add role' view
-            super().save_model(request, obj, form, change)
-        else:
-            pass  # don't actually save the parent instance
+        pass  # don't actually save the parent instance
 
     def save_formset(self, request, form, formset, change):
         formset.save()  # this will save the children
-        form.instance.save()  # form.instance is the parent
+        # update_fields is required to trigger permissions update
+        form.instance.save(update_fields=['name'])  # form.instance is the parent
 
 
 class InvenTreeUserAdmin(UserAdmin):

InvenTree/users/migrations/0003_auto_20201005_2227.py

@@ -0,0 +1,23 @@
+# Generated by Django 3.0.7 on 2020-10-05 22:27
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('users', '0002_auto_20201004_0158'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='ruleset',
+            name='can_add',
+            field=models.BooleanField(default=False, help_text='Permission to add items', verbose_name='Add'),
+        ),
+        migrations.AlterField(
+            model_name='ruleset',
+            name='can_change',
+            field=models.BooleanField(default=False, help_text='Permissions to edit items', verbose_name='Change'),
+        ),
+    ]

InvenTree/users/models.py

@@ -36,6 +36,10 @@ class RuleSet(models.Model):
         choice[0] for choice in RULESET_CHOICES
     ]
 
+    RULESET_PERMISSIONS = [
+        'view', 'add', 'change', 'delete',
+    ]
+
     RULESET_MODELS = {
         'admin': [
             'auth_group',
@@ -134,9 +138,9 @@ class RuleSet(models.Model):
 
     can_view = models.BooleanField(verbose_name=_('View'), default=True, help_text=_('Permission to view items'))
 
-    can_add = models.BooleanField(verbose_name=_('Create'), default=False, help_text=_('Permission to add items'))
+    can_add = models.BooleanField(verbose_name=_('Add'), default=False, help_text=_('Permission to add items'))
 
-    can_change = models.BooleanField(verbose_name=_('Update'), default=False, help_text=_('Permissions to edit items'))
+    can_change = models.BooleanField(verbose_name=_('Change'), default=False, help_text=_('Permissions to edit items'))
 
     can_delete = models.BooleanField(verbose_name=_('Delete'), default=False, help_text=_('Permission to delete items'))
     
@@ -155,8 +159,15 @@ class RuleSet(models.Model):
             model=model
         )
 
-    def __str__(self):
-        return self.name
+    def __str__(self, debug=False):
+        """ Ruleset string representation """
+        if debug:
+            # Makes debugging easier
+            return f'{str(self.group).ljust(15)}: {self.name.title().ljust(15)} | ' \
+                   f'v: {str(self.can_view).ljust(5)} | a: {str(self.can_add).ljust(5)} | ' \
+                   f'c: {str(self.can_change).ljust(5)} | d: {str(self.can_delete).ljust(5)}'
+        else:
+            return self.name
 
     def save(self, *args, **kwargs):
 
@@ -171,6 +182,10 @@ class RuleSet(models.Model):
 
         super().save(*args, **kwargs)
 
+        if self.group:
+            # Update the group too!
+            self.group.save()
+
     def get_models(self):
         """
         Return the database tables / models that this ruleset covers.
@@ -329,3 +344,35 @@ def create_missing_rule_sets(sender, instance, **kwargs):
     """
 
     update_group_roles(instance)
+
+
+def check_user_role(user, role, permission):
+    """
+    Check if a user has a particular role:permission combination.
+
+    If the user is a superuser, this will return True
+    """
+
+    if user.is_superuser:
+        return True
+
+    for group in user.groups.all():
+
+        for rule in group.rule_sets.all():
+
+            if rule.name == role:
+
+                if permission == 'add' and rule.can_add:
+                    return True
+
+                if permission == 'change' and rule.can_change:
+                    return True
+
+                if permission == 'view' and rule.can_view:
+                    return True
+
+                if permission == 'delete' and rule.can_delete:
+                    return True
+
+    # No matching permissions found
+    return False

InvenTree/users/tests.py

@@ -137,7 +137,8 @@ class RuleSetModelTest(TestCase):
 
             rule.save()
 
-        group.save()
+        # update_fields is required to trigger permissions update
+        group.save(update_fields=['name'])
 
         # There should now be three permissions for each rule set
         self.assertEqual(group.permissions.count(), 3 * len(permission_set))
@@ -151,7 +152,8 @@ class RuleSetModelTest(TestCase):
 
             rule.save()
 
-        group.save()
+        # update_fields is required to trigger permissions update
+        group.save(update_fields=['name'])
 
         # There should now not be any permissions assigned to this group
         self.assertEqual(group.permissions.count(), 0)