inventree/InvenTree
2
0
Fork 0
mirror of https://github.com/inventree/InvenTree.git synced 2025-05-01 13:06:45 +00:00
Code

Merge pull request #1010 from SchrodingersGat/admin-permission-fixes

Browse Source 
Update admin links to require specific permissions
This commit is contained in:
Oliver 2020-10-01 00:37:43 +10:00 committed by GitHub
commit 4f648f8787
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 73 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
InvenTree/InvenTree/static/script/inventree/modals.js
View File

@ -807,7 +807,19 @@ function launchModalForm(url, options = {}) {
} }
}, },
error: function (xhr, ajaxOptions, thrownError) { error: function (xhr, ajaxOptions, thrownError) {
$(modal).modal('hide'); $(modal).modal('hide');
// Permission denied!
if (xhr.status == 403) {
showAlertDialog(
"Permission Denied",
"You do not have the required permissions to access this function"
);
return;
}
showAlertDialog('Error requesting form data', renderErrorMessage(xhr)); showAlertDialog('Error requesting form data', renderErrorMessage(xhr));
} }
}; };

24
InvenTree/InvenTree/views.py
View File

@ -13,6 +13,8 @@ from django.template.loader import render_to_string
from django.http import JsonResponse, HttpResponseRedirect from django.http import JsonResponse, HttpResponseRedirect
from django.urls import reverse_lazy from django.urls import reverse_lazy
from django.contrib.auth.mixins import PermissionRequiredMixin
from django.views import View from django.views import View
from django.views.generic import UpdateView, CreateView, FormView from django.views.generic import UpdateView, CreateView, FormView
from django.views.generic.base import TemplateView from django.views.generic.base import TemplateView
@ -105,12 +107,32 @@ class TreeSerializer(views.APIView):
return JsonResponse(response, safe=False) return JsonResponse(response, safe=False)
class AjaxMixin(object): class AjaxMixin(PermissionRequiredMixin):
""" AjaxMixin provides basic functionality for rendering a Django form to JSON. """ AjaxMixin provides basic functionality for rendering a Django form to JSON.
Handles jsonResponse rendering, and adds extra data for the modal forms to process Handles jsonResponse rendering, and adds extra data for the modal forms to process
on the client side. on the client side.
Any view which inherits the AjaxMixin will need
correct permissions set using the 'permission_required' attribute
""" """
# By default, allow *any* permissions
permission_required = '*'
def has_permission(self):
"""
Override the default behaviour of has_permission from PermissionRequiredMixin.
Basically, if permission_required attribute = '*',
no permissions are actually required!
"""
if self.permission_required == '*':
return True
else:
return super().has_permission()
# By default, point to the modal_form template # By default, point to the modal_form template
# (this can be overridden by a child class) # (this can be overridden by a child class)
ajax_template_name = 'modal_form.html' ajax_template_name = 'modal_form.html'

2
InvenTree/build/templates/build/build_base.html
View File

@ -35,7 +35,7 @@ src="{% static 'img/blank_image.png' %}"
<hr> <hr>
<h4> <h4>
{{ build.quantity }} x {{ build.part.full_name }} {{ build.quantity }} x {{ build.part.full_name }}
{% if user.is_staff %} {% if user.is_staff and perms.build.change_build %}
<a href="{% url 'admin:build_build_change' build.pk %}"><span title="{% trans 'Admin view' %}" class='fas fa-user-shield'></span></a> <a href="{% url 'admin:build_build_change' build.pk %}"><span title="{% trans 'Admin view' %}" class='fas fa-user-shield'></span></a>
{% endif %} {% endif %}
</h4> </h4>

2
InvenTree/company/templates/company/company_base.html
View File

@ -23,7 +23,7 @@ InvenTree | {% trans "Company" %} - {{ company.name }}
<hr> <hr>
<h4> <h4>
{{ company.name }} {{ company.name }}
{% if user.is_staff %} {% if user.is_staff and perms.company.change_company %}
<a href="{% url 'admin:company_company_change' company.pk %}"><span title="{% trans 'Admin view' %}" class='fas fa-user-shield'></span></a> <a href="{% url 'admin:company_company_change' company.pk %}"><span title="{% trans 'Admin view' %}" class='fas fa-user-shield'></span></a>
{% endif %} {% endif %}
</h4> </h4>

7
InvenTree/order/templates/order/order_base.html
View File

@ -22,7 +22,12 @@ src="{% static 'img/blank_image.png' %}"
{% block page_data %} {% block page_data %}
<h3>{% trans "Purchase Order" %} {% purchase_order_status_label order.status large=True %}</h3> <h3>{% trans "Purchase Order" %} {% purchase_order_status_label order.status large=True %}</h3>
<hr> <hr>
<h4>{{ order }}</h4> <h4>
{{ order }}
{% if user.is_staff and perms.order.change_purchaseorder %}
<a href="{% url 'admin:order_purchaseorder_change' order.pk %}"><span title='{% trans "Admin view" %}' class='fas fa-user-shield'></span></a>
{% endif %}
</h4>
<p>{{ order.description }}</p> <p>{{ order.description }}</p>
<p> <p>
<div class='btn-row'> <div class='btn-row'>

7
InvenTree/order/templates/order/sales_order_base.html
View File

@ -32,7 +32,12 @@ src="{% static 'img/blank_image.png' %}"
<h3>{% trans "Sales Order" %} {% sales_order_status_label order.status large=True %}</h3> <h3>{% trans "Sales Order" %} {% sales_order_status_label order.status large=True %}</h3>
<hr> <hr>
<h4>{{ order }}</h4> <h4>
{{ order }}
{% if user.is_staff and perms.order.change_salesorder %}
<a href="{% url 'admin:order_salesorder_change' order.pk %}"><span title='{% trans "Admin view" %}' class='fas fa-user-shield'></span></a>
{% endif %}
</h4>
<p>{{ order.description }}</p> <p>{{ order.description }}</p>
<div class='btn-row'> <div class='btn-row'>
<div class='btn-group action-buttons'> <div class='btn-group action-buttons'>

8
InvenTree/part/templates/part/category.html
View File

@ -9,7 +9,7 @@
{% if category %} {% if category %}
<h3> <h3>
{{ category.name }} {{ category.name }}
{% if user.is_staff %} {% if user.is_staff and perms.part.change_partcategory %}
<a href="{% url 'admin:part_partcategory_change' category.pk %}"><span title="{% trans 'Admin view' %}" class='fas fa-user-shield'></span></a> <a href="{% url 'admin:part_partcategory_change' category.pk %}"><span title="{% trans 'Admin view' %}" class='fas fa-user-shield'></span></a>
{% endif %} {% endif %}
</h3> </h3>
@ -114,9 +114,9 @@
</ul> </ul>
</div> </div>
</div> </div>
<div class='filter-list' id='filter-list-parts'> </div>
<!-- Empty div --> <div class='filter-list' id='filter-list-parts'>
</div> <!-- Empty div -->
</div> </div>
</div> </div>

2
InvenTree/part/templates/part/part_base.html
View File

@ -28,7 +28,7 @@
<div class="media-body"> <div class="media-body">
<h3> <h3>
{{ part.full_name }} {{ part.full_name }}
{% if user.is_staff %} {% if user.is_staff and perms.part.change_part %}
<a href="{% url 'admin:part_part_change' part.pk %}"><span title="{% trans 'Admin view' %}" class='fas fa-user-shield'></span></a> <a href="{% url 'admin:part_part_change' part.pk %}"><span title="{% trans 'Admin view' %}" class='fas fa-user-shield'></span></a>
{% endif %} {% endif %}
{% if not part.active %} {% if not part.active %}

2
InvenTree/stock/templates/stock/item_base.html
View File

@ -65,7 +65,7 @@ InvenTree | {% trans "Stock Item" %} - {{ item }}
{% else %} {% else %}
<a href='{% url "part-detail" item.part.pk %}'>{{ item.part.full_name }}</a> &times {% decimal item.quantity %} <a href='{% url "part-detail" item.part.pk %}'>{{ item.part.full_name }}</a> &times {% decimal item.quantity %}
{% endif %} {% endif %}
{% if user.is_staff %} {% if user.is_staff and perms.stock.change_stockitem %}
<a href="{% url 'admin:stock_stockitem_change' item.pk %}"><span title="{% trans 'Admin view' %}" class='fas fa-user-shield'></span></a> <a href="{% url 'admin:stock_stockitem_change' item.pk %}"><span title="{% trans 'Admin view' %}" class='fas fa-user-shield'></span></a>
{% endif %} {% endif %}
</h4> </h4>

2
InvenTree/stock/templates/stock/location.html
View File

@ -8,7 +8,7 @@
{% if location %} {% if location %}
<h3> <h3>
{{ location.name }} {{ location.name }}
{% if user.is_staff %} {% if user.is_staff and perms.stock.change_stocklocation %}
<a href="{% url 'admin:stock_stocklocation_change' location.pk %}"><span title="{% trans 'Admin view' %}" class='fas fa-user-shield'></span></a> <a href="{% url 'admin:stock_stocklocation_change' location.pk %}"><span title="{% trans 'Admin view' %}" class='fas fa-user-shield'></span></a>
{% endif %} {% endif %}
</h3> </h3>

32
InvenTree/templates/stock_table.html
View File

@ -2,22 +2,24 @@
<div id='button-toolbar'> <div id='button-toolbar'>
<div class='button-toolbar container-fluid' style='float: right;'> <div class='button-toolbar container-fluid' style='float: right;'>
<button class='btn btn-default' id='stock-export' title='{% trans "Export Stock Information" %}'>{% trans "Export" %}</button> <div class='btn-group'>
{% if read_only %} <button class='btn btn-default' id='stock-export' title='{% trans "Export Stock Information" %}'>{% trans "Export" %}</button>
{% else %} {% if read_only %}
<button class="btn btn-success" id='item-create'>{% trans "New Stock Item" %}</button> {% else %}
<div class="btn-group"> <button class="btn btn-success" id='item-create'>{% trans "New Stock Item" %}</button>
<button id='stock-options' class="btn btn-primary dropdown-toggle" type="button" data-toggle="dropdown">{% trans "Options" %}<span class="caret"></span></button> <div class="btn-group">
<ul class="dropdown-menu"> <button id='stock-options' class="btn btn-primary dropdown-toggle" type="button" data-toggle="dropdown">{% trans "Options" %}<span class="caret"></span></button>
<li><a href="#" id='multi-item-add' title='{% trans "Add to selected stock items" %}'>{% trans "Add stock" %}</a></li> <ul class="dropdown-menu">
<li><a href="#" id='multi-item-remove' title='{% trans "Remove from selected stock items" %}'>{% trans "Remove stock" %}</a></li> <li><a href="#" id='multi-item-add' title='{% trans "Add to selected stock items" %}'>{% trans "Add stock" %}</a></li>
<li><a href="#" id='multi-item-stocktake' title='{% trans "Stocktake selected stock items" %}'>{% trans "Count stock" %}</a></li> <li><a href="#" id='multi-item-remove' title='{% trans "Remove from selected stock items" %}'>{% trans "Remove stock" %}</a></li>
<li><a href='#' id='multi-item-move' title='{% trans "Move selected stock items" %}'>{% trans "Move stock" %}</a></li> <li><a href="#" id='multi-item-stocktake' title='{% trans "Stocktake selected stock items" %}'>{% trans "Count stock" %}</a></li>
<li><a href='#' id='multi-item-order' title='{% trans "Order selected items" %}'>{% trans "Order stock" %}</a></li> <li><a href='#' id='multi-item-move' title='{% trans "Move selected stock items" %}'>{% trans "Move stock" %}</a></li>
<li><a href='#' id='multi-item-delete' title='{% trans "Delete selected items" %}'>{% trans "Delete Stock" %}</a></li> <li><a href='#' id='multi-item-order' title='{% trans "Order selected items" %}'>{% trans "Order stock" %}</a></li>
</ul> <li><a href='#' id='multi-item-delete' title='{% trans "Delete selected items" %}'>{% trans "Delete Stock" %}</a></li>
</ul>
</div>
{% endif %}
</div> </div>
{% endif %}
<div class='filter-list' id='filter-list-stock'> <div class='filter-list' id='filter-list-stock'>
<!-- An empty div in which the filter list will be constructed --> <!-- An empty div in which the filter list will be constructed -->
</div> </div>