From 5c61c18dc4bfbdb572a75a1ec40bb7ccadf7d29e Mon Sep 17 00:00:00 2001
From: Oliver Walters <oliver.henry.walters@gmail.com>
Date: Fri, 26 Feb 2021 17:52:06 +1100
Subject: [PATCH] Add API endpoint which provides list of role permissions
 available to current user

---
 InvenTree/part/templates/part/category.html |  3 +-
 InvenTree/users/{views.py => api.py}        | 47 +++++++++++++++++++++
 InvenTree/users/urls.py                     |  9 ++--
 3 files changed, 54 insertions(+), 5 deletions(-)
 rename InvenTree/users/{views.py => api.py} (67%)

diff --git a/InvenTree/part/templates/part/category.html b/InvenTree/part/templates/part/category.html
index 464482b29b..0d1d11e7fd 100644
--- a/InvenTree/part/templates/part/category.html
+++ b/InvenTree/part/templates/part/category.html
@@ -144,7 +144,8 @@
     </div>
     <div class='panel-content'>   
         {% block details %}
-        <table class='table table-striped table-condensed' id='part-table'></table>
+        <table class='table table-striped table-condensed' data-toolbar='#button-toolbar' id='part-table'>
+        </table>  
         {% endblock %}
     </div>
 </div>
diff --git a/InvenTree/users/views.py b/InvenTree/users/api.py
similarity index 67%
rename from InvenTree/users/views.py
rename to InvenTree/users/api.py
index 97e5f48355..a109884ea9 100644
--- a/InvenTree/users/views.py
+++ b/InvenTree/users/api.py
@@ -1,3 +1,9 @@
+
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from rest_framework import generics
+
 from rest_framework import generics, permissions
 from django.contrib.auth.models import User
 from django.core.exceptions import ObjectDoesNotExist
@@ -9,6 +15,47 @@ from rest_framework.response import Response
 from rest_framework import status
 
 
+
+from .models import RuleSet, check_user_role
+
+
+class RoleDetails(APIView):
+    """
+    API endpoint which lists the available role permissions
+    for the current user
+
+    (Requires authentication)
+    """
+
+    permission_classes = [
+        permissions.IsAuthenticated
+    ]
+
+    def get(self, request, *args, **kwargs):
+
+        user = request.user
+
+        data = {}
+
+        for ruleset in RuleSet.RULESET_CHOICES:
+
+            role, text = ruleset
+
+            permissions = []
+
+            for permission in RuleSet.RULESET_PERMISSIONS:
+                if check_user_role(user, role, permission):
+
+                    permissions.append(permission)
+
+            if len(permissions) > 0:
+                data[role] = permissions
+            else:
+                data[role] = None
+
+        return Response(data)
+
+
 class UserDetail(generics.RetrieveAPIView):
     """ Detail endpoint for a single user """
 
diff --git a/InvenTree/users/urls.py b/InvenTree/users/urls.py
index 312789b55b..df05ae684a 100644
--- a/InvenTree/users/urls.py
+++ b/InvenTree/users/urls.py
@@ -1,11 +1,12 @@
 from django.conf.urls import url
 
-from . import views
+from . import api
 
 user_urls = [
-    url(r'^(?P<pk>[0-9]+)/?$', views.UserDetail.as_view(), name='user-detail'),
+    url(r'^(?P<pk>[0-9]+)/?$', api.UserDetail.as_view(), name='user-detail'),
 
-    url(r'token', views.GetAuthToken.as_view(), name='api-token'),
+    url(r'roles', api.RoleDetails.as_view(), name='api-roles'),
+    url(r'token', api.GetAuthToken.as_view(), name='api-token'),
 
-    url(r'^$', views.UserList.as_view()),
+    url(r'^$', api.UserList.as_view()),
 ]