Add API endpoint which provides list of role permissions available to current user

2025-04-29 12:06:44 +00:00 · 2021-02-26 17:52:06 +11:00 · 2021-02-26 17:52:06 +11:00 · 5c61c18dc4
commit 5c61c18dc4
parent cd5bc395f2
3 changed files with 54 additions and 5 deletions
--- a/InvenTree/part/templates/part/category.html
+++ b/InvenTree/part/templates/part/category.html
@ -144,7 +144,8 @@
    </div>
    <div class='panel-content'>   
        {% block details %}
-        <table class='table table-striped table-condensed' id='part-table'></table>
+        <table class='table table-striped table-condensed' data-toolbar='#button-toolbar' id='part-table'>
+        </table>  
        {% endblock %}
    </div>
 </div>
--- a/InvenTree/users/views.py
+++ b/InvenTree/users/views.py
@ -1,3 +1,9 @@
+
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from rest_framework import generics
+
 from rest_framework import generics, permissions
 from django.contrib.auth.models import User
 from django.core.exceptions import ObjectDoesNotExist
@ -9,6 +15,47 @@ from rest_framework.response import Response
 from rest_framework import status


+
+from .models import RuleSet, check_user_role
+
+
+class RoleDetails(APIView):
+    """
+    API endpoint which lists the available role permissions
+    for the current user
+
+    (Requires authentication)
+    """
+
+    permission_classes = [
+        permissions.IsAuthenticated
+    ]
+
+    def get(self, request, *args, **kwargs):
+
+        user = request.user
+
+        data = {}
+
+        for ruleset in RuleSet.RULESET_CHOICES:
+
+            role, text = ruleset
+
+            permissions = []
+
+            for permission in RuleSet.RULESET_PERMISSIONS:
+                if check_user_role(user, role, permission):
+
+                    permissions.append(permission)
+
+            if len(permissions) > 0:
+                data[role] = permissions
+            else:
+                data[role] = None
+
+        return Response(data)
+
+
 class UserDetail(generics.RetrieveAPIView):
    """ Detail endpoint for a single user """

--- a/InvenTree/users/urls.py
+++ b/InvenTree/users/urls.py
@ -1,11 +1,12 @@
 from django.conf.urls import url

-from . import views
+from . import api

 user_urls = [
-    url(r'^(?P<pk>[0-9]+)/?$', views.UserDetail.as_view(), name='user-detail'),
+    url(r'^(?P<pk>[0-9]+)/?$', api.UserDetail.as_view(), name='user-detail'),

-    url(r'token', views.GetAuthToken.as_view(), name='api-token'),
+    url(r'roles', api.RoleDetails.as_view(), name='api-roles'),
+    url(r'token', api.GetAuthToken.as_view(), name='api-token'),

-    url(r'^$', views.UserList.as_view()),
+    url(r'^$', api.UserList.as_view()),
 ]