inventree/InvenTree
2
0
Fork 0
mirror of https://github.com/inventree/InvenTree.git synced 2025-06-16 12:05:53 +00:00
Code Activity

Merge remote-tracking branch 'inventree/master'

Browse Source
This commit is contained in:
Oliver Walters
2022-06-18 14:50:42 +10:00
parent 66d072e1c2 36868ebb4c
commit b31fd6227b
9 changed files with 112 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
InvenTree/InvenTree/api.py
View File

@ -11,6 +11,7 @@ from rest_framework.response import Response
from rest_framework.serializers import ValidationError from rest_framework.serializers import ValidationError
from InvenTree.mixins import ListCreateAPI from InvenTree.mixins import ListCreateAPI
from InvenTree.permissions import RolePermission
from .status import is_worker_running from .status import is_worker_running
from .version import (inventreeApiVersion, inventreeInstanceName, from .version import (inventreeApiVersion, inventreeInstanceName,
@ -182,7 +183,10 @@ class APIDownloadMixin:
class AttachmentMixin: class AttachmentMixin:
"""Mixin for creating attachment objects, and ensuring the user information is saved correctly.""" """Mixin for creating attachment objects, and ensuring the user information is saved correctly."""
permission_classes = [permissions.IsAuthenticated] permission_classes = [
permissions.IsAuthenticated,
RolePermission,
]
filter_backends = [ filter_backends = [
DjangoFilterBackend, DjangoFilterBackend,

5
InvenTree/InvenTree/settings.py
View File

@ -841,12 +841,13 @@ for app in SOCIAL_BACKENDS:
SOCIALACCOUNT_PROVIDERS = CONFIG.get('social_providers', []) SOCIALACCOUNT_PROVIDERS = CONFIG.get('social_providers', [])
SOCIALACCOUNT_STORE_TOKENS = True
# settings for allauth # settings for allauth
ACCOUNT_EMAIL_CONFIRMATION_EXPIRE_DAYS = get_setting('INVENTREE_LOGIN_CONFIRM_DAYS', CONFIG.get('login_confirm_days', 3)) ACCOUNT_EMAIL_CONFIRMATION_EXPIRE_DAYS = get_setting('INVENTREE_LOGIN_CONFIRM_DAYS', CONFIG.get('login_confirm_days', 3))
ACCOUNT_LOGIN_ATTEMPTS_LIMIT = get_setting('INVENTREE_LOGIN_ATTEMPTS', CONFIG.get('login_attempts', 5)) ACCOUNT_LOGIN_ATTEMPTS_LIMIT = get_setting('INVENTREE_LOGIN_ATTEMPTS', CONFIG.get('login_attempts', 5))
ACCOUNT_LOGOUT_ON_PASSWORD_CHANGE = True ACCOUNT_LOGOUT_ON_PASSWORD_CHANGE = True
ACCOUNT_PREVENT_ENUMERATION = True
# override forms / adapters # override forms / adapters
ACCOUNT_FORMS = { ACCOUNT_FORMS = {

8
InvenTree/build/templates/build/detail.html
View File

@ -172,7 +172,7 @@
<h4>{% trans "Allocate Stock to Build" %}</h4> <h4>{% trans "Allocate Stock to Build" %}</h4>
{% include "spacer.html" %} {% include "spacer.html" %}
<div class='btn-group' role='group'> <div class='btn-group' role='group'>
{% if build.active and build.has_untracked_bom_items %} {% if roles.build.add and build.active and build.has_untracked_bom_items %}
<button class='btn btn-danger' type='button' id='btn-unallocate' title='{% trans "Unallocate stock" %}'> <button class='btn btn-danger' type='button' id='btn-unallocate' title='{% trans "Unallocate stock" %}'>
<span class='fas fa-minus-circle'></span> {% trans "Unallocate Stock" %} <span class='fas fa-minus-circle'></span> {% trans "Unallocate Stock" %}
</button> </button>
@ -229,7 +229,7 @@
<h4>{% trans "Incomplete Build Outputs" %}</h4> <h4>{% trans "Incomplete Build Outputs" %}</h4>
{% include "spacer.html" %} {% include "spacer.html" %}
<div class='btn-group' role='group'> <div class='btn-group' role='group'>
{% if build.active %} {% if roles.build.add and build.active %}
<button class='btn btn-success' type='button' id='btn-create-output' title='{% trans "Create new build output" %}'> <button class='btn btn-success' type='button' id='btn-create-output' title='{% trans "Create new build output" %}'>
<span class='fas fa-plus-circle'></span> {% trans "New Build Output" %} <span class='fas fa-plus-circle'></span> {% trans "New Build Output" %}
</button> </button>
@ -249,12 +249,16 @@
<span class='fas fa-tools'></span> <span class='caret'></span> <span class='fas fa-tools'></span> <span class='caret'></span>
</button> </button>
<ul class='dropdown-menu'> <ul class='dropdown-menu'>
{% if roles.build.add %}
<li><a class='dropdown-item' href='#' id='multi-output-complete' title='{% trans "Complete selected build outputs" %}'> <li><a class='dropdown-item' href='#' id='multi-output-complete' title='{% trans "Complete selected build outputs" %}'>
<span class='fas fa-check-circle icon-green'></span> {% trans "Complete outputs" %} <span class='fas fa-check-circle icon-green'></span> {% trans "Complete outputs" %}
</a></li> </a></li>
{% endif %}
{% if roles.build.delete %}
<li><a class='dropdown-item' href='#' id='multi-output-delete' title='{% trans "Delete selected build outputs" %}'> <li><a class='dropdown-item' href='#' id='multi-output-delete' title='{% trans "Delete selected build outputs" %}'>
<span class='fas fa-trash-alt icon-red'></span> {% trans "Delete outputs" %} <span class='fas fa-trash-alt icon-red'></span> {% trans "Delete outputs" %}
</a></li> </a></li>
{% endif %}
</ul> </ul>
</div> </div>

2
InvenTree/part/templates/part/detail.html
View File

@ -20,9 +20,11 @@
<h4>{% trans "Part Stock" %}</h4> <h4>{% trans "Part Stock" %}</h4>
{% include "spacer.html" %} {% include "spacer.html" %}
<div class='btn-group' role='group'> <div class='btn-group' role='group'>
{% if roles.stock.add %}
<button type='button' class='btn btn-success' id='new-stock-item' title='{% trans "Create new stock item" %}'> <button type='button' class='btn btn-success' id='new-stock-item' title='{% trans "Create new stock item" %}'>
<span class='fas fa-plus-circle'></span> {% trans "New Stock Item" %} <span class='fas fa-plus-circle'></span> {% trans "New Stock Item" %}
</button> </button>
{% endif %}
</div> </div>
</div> </div>
</div> </div>

2
InvenTree/stock/templates/stock/item.html
View File

@ -147,9 +147,11 @@
<h4>{% trans "Installed Stock Items" %}</h4> <h4>{% trans "Installed Stock Items" %}</h4>
{% include "spacer.html" %} {% include "spacer.html" %}
<div class='btn-group' role='group'> <div class='btn-group' role='group'>
{% if roles.stock.add %}
<button type='button' class='btn btn-success' id='stock-item-install'> <button type='button' class='btn btn-success' id='stock-item-install'>
<span class='fas fa-plus-circle'></span> {% trans "Install Stock Item" %} <span class='fas fa-plus-circle'></span> {% trans "Install Stock Item" %}
</button> </button>
{% endif %}
</div> </div>
</div> </div>
</div> </div>

2
InvenTree/templates/attachment_table.html
View File

@ -2,7 +2,7 @@
<div id='attachment-buttons'> <div id='attachment-buttons'>
<div class='btn-group' role='group'> <div class='btn-group' role='group'>
<div class='btn-group'> <div class='btn-group' id='multi-attachment-actions'>
<button class='btn btn-primary dropdown-toggle' type='button' data-bs-toggle='dropdown' title='{% trans "Actions" %}'> <button class='btn btn-primary dropdown-toggle' type='button' data-bs-toggle='dropdown' title='{% trans "Actions" %}'>
<span class='fas fa-tools'></span> <span class='caret'></span> <span class='fas fa-tools'></span> <span class='caret'></span>
</button> </button>

129
InvenTree/templates/js/translated/attachment.js
View File

@ -136,19 +136,56 @@ function loadAttachmentTable(url, options) {
var table = options.table || '#attachment-table'; var table = options.table || '#attachment-table';
setupFilterList('attachments', $(table), '#filter-list-attachments'); var permissions = {};
addAttachmentButtonCallbacks(url, options.fields || {}); // First we determine which permissions the user has for this attachment table
$.ajax({
url: url,
async: false,
type: 'OPTIONS',
contentType: 'application/json',
dataType: 'json',
accepts: {
json: 'application/json',
},
success: function(response) {
if (response.actions.DELETE) {
permissions.delete = true;
}
// Add callback for the 'multi delete' button if (response.actions.POST) {
$('#multi-attachment-delete').click(function() { permissions.change = true;
var attachments = getTableData(table); permissions.add = true;
}
if (attachments.length > 0) { },
deleteAttachments(attachments, url, options); error: function(xhr) {
showApiError(xhr, url);
} }
}); });
setupFilterList('attachments', $(table), '#filter-list-attachments');
if (permissions.add) {
addAttachmentButtonCallbacks(url, options.fields || {});
} else {
// Hide the buttons
$('#new-attachment').hide();
$('#new-attachment-link').hide();
}
if (permissions.delete) {
// Add callback for the 'multi delete' button
$('#multi-attachment-delete').click(function() {
var attachments = getTableData(table);
if (attachments.length > 0) {
deleteAttachments(attachments, url, options);
}
});
} else {
$('#multi-attachment-actions').hide();
}
$(table).inventreeTable({ $(table).inventreeTable({
url: url, url: url,
name: options.name || 'attachments', name: options.name || 'attachments',
@ -162,32 +199,36 @@ function loadAttachmentTable(url, options) {
onPostBody: function() { onPostBody: function() {
// Add callback for 'edit' button // Add callback for 'edit' button
$(table).find('.button-attachment-edit').click(function() { if (permissions.change) {
var pk = $(this).attr('pk'); $(table).find('.button-attachment-edit').click(function() {
var pk = $(this).attr('pk');
constructForm(`${url}${pk}/`, { constructForm(`${url}${pk}/`, {
fields: { fields: {
link: {}, link: {},
comment: {}, comment: {},
}, },
processResults: function(data, fields, opts) { processResults: function(data, fields, opts) {
// Remove the "link" field if the attachment is a file! // Remove the "link" field if the attachment is a file!
if (data.attachment) { if (data.attachment) {
delete opts.fields.link; delete opts.fields.link;
} }
}, },
onSuccess: reloadAttachmentTable, onSuccess: reloadAttachmentTable,
title: '{% trans "Edit Attachment" %}', title: '{% trans "Edit Attachment" %}',
});
}); });
}); }
// Add callback for 'delete' button if (permissions.delete) {
$(table).find('.button-attachment-delete').click(function() { // Add callback for 'delete' button
var pk = $(this).attr('pk'); $(table).find('.button-attachment-delete').click(function() {
var pk = $(this).attr('pk');
var attachment = $(table).bootstrapTable('getRowByUniqueId', pk); var attachment = $(table).bootstrapTable('getRowByUniqueId', pk);
deleteAttachments([attachment], url, options); deleteAttachments([attachment], url, options);
}); });
}
}, },
columns: [ columns: [
{ {
@ -261,19 +302,23 @@ function loadAttachmentTable(url, options) {
html = `<div class='btn-group float-right' role='group'>`; html = `<div class='btn-group float-right' role='group'>`;
html += makeIconButton( if (permissions.change) {
'fa-edit icon-blue', html += makeIconButton(
'button-attachment-edit', 'fa-edit icon-blue',
row.pk, 'button-attachment-edit',
'{% trans "Edit attachment" %}', row.pk,
); '{% trans "Edit attachment" %}',
);
}
html += makeIconButton( if (permissions.delete) {
'fa-trash-alt icon-red', html += makeIconButton(
'button-attachment-delete', 'fa-trash-alt icon-red',
row.pk, 'button-attachment-delete',
'{% trans "Delete attachment" %}', row.pk,
); '{% trans "Delete attachment" %}',
);
}
html += `</div>`; html += `</div>`;

5
InvenTree/users/models.py
View File

@ -222,6 +222,11 @@ class RuleSet(models.Model):
@classmethod @classmethod
def check_table_permission(cls, user, table, permission): def check_table_permission(cls, user, table, permission):
"""Check if the provided user has the specified permission against the table.""" """Check if the provided user has the specified permission against the table."""
# Superuser knows no bounds
if user.is_superuser:
return True
# If the table does *not* require permissions # If the table does *not* require permissions
if table in cls.RULESET_IGNORE: if table in cls.RULESET_IGNORE:
return True return True

2
requirements.txt
View File

@ -7,7 +7,7 @@ coverage==5.3 # Unit test coverage
coveralls==2.1.2 # Coveralls linking (for Travis) coveralls==2.1.2 # Coveralls linking (for Travis)
cryptography==3.4.8 # Cryptography support cryptography==3.4.8 # Cryptography support
django-admin-shell==0.1.2 # Python shell for the admin interface django-admin-shell==0.1.2 # Python shell for the admin interface
django-allauth==0.45.0 # SSO for external providers via OpenID django-allauth==0.48.0 # SSO for external providers via OpenID
django-allauth-2fa==0.9 # MFA / 2FA django-allauth-2fa==0.9 # MFA / 2FA
django-cleanup==5.1.0 # Manage deletion of old / unused uploaded files django-cleanup==5.1.0 # Manage deletion of old / unused uploaded files
django-cors-headers==3.2.0 # CORS headers extension for DRF django-cors-headers==3.2.0 # CORS headers extension for DRF