inventree/InvenTree
2
0
Fork 0
mirror of https://github.com/inventree/InvenTree.git synced 2025-04-30 04:26:44 +00:00
Code

Refactored and added permission check for children models

Browse Source
This commit is contained in:
eeintech 2022-02-07 15:36:56 -05:00
parent d3b2e80e14
commit ef70e665bb
1 changed files with 32 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
InvenTree/users/models.py
View File

@ -176,8 +176,9 @@ class RuleSet(models.Model):
'django_q_success', 'django_q_success',
] ]
RULESET_CHANGE_DELETE = [ RULESET_CHANGE_INHERIT = [
('part', 'bomitem') ('part', 'partparameter'),
('part', 'bomitem'),
] ]
RULE_OPTIONS = [ RULE_OPTIONS = [
@ -229,11 +230,19 @@ class RuleSet(models.Model):
for role in cls.RULESET_NAMES: for role in cls.RULESET_NAMES:
if table in cls.RULESET_MODELS[role]: if table in cls.RULESET_MODELS[role]:
print(f'{user} | {role} | {permission}')
if check_user_role(user, role, permission): if check_user_role(user, role, permission):
return True return True
# Check for children models which inherits from parent role
for child in cls.RULESET_CHANGE_INHERIT:
# Get child model name
child_name = f'{child[0]}_{child[1]}'
if child_name == table:
# Check if parent role has change permission
if check_user_role(user, role, 'change'):
return True
# Print message instead of throwing an error # Print message instead of throwing an error
name = getattr(user, 'name', user.pk) name = getattr(user, 'name', user.pk)
@ -459,31 +468,27 @@ def update_group_roles(group, debug=False):
if debug: if debug:
print(f"Removing permission {perm} from group {group.name}") print(f"Removing permission {perm} from group {group.name}")
print(group_permissions) # Enable all action permissions for certain children models
# if parent model has 'change' permission
for (parent, child) in RuleSet.RULESET_CHANGE_INHERIT:
parent_change_perm = f'{parent}.change_{parent}'
parent_child_string = f'{parent}_{child}'
# Automatically enable delete permission for children models if parent model has change permission # Check if parent change permission exists
for change_delete in RuleSet.RULESET_CHANGE_DELETE: if parent_change_perm in group_permissions:
perm_change = f'{change_delete[0]}.change_{change_delete[0]}' # Add child model permissions
perm_delete = f'{change_delete[0]}.delete_{change_delete[1]}' for action in ['add', 'change', 'delete']:
child_perm = f'{parent}.{action}_{child}'
print(perm_change) # Check if child permission not already in group
# Check if permission is in the group if child_perm not in group_permissions:
if perm_change in group_permissions: # Create permission object
if perm_delete not in group_permissions: add_model(parent_child_string, action, ruleset.can_delete)
# Create delete permission object # Add to group
add_model(f'{change_delete[0]}_{change_delete[1]}', 'delete', ruleset.can_delete) permission = get_permission_object(child_perm)
if permission:
# Add to group group.permissions.add(permission)
permission = get_permission_object(perm_delete) print(f"Adding permission {child_perm} to group {group.name}")
print(permission)
if permission:
group.permissions.add(permission)
print(f"Added permission {perm_delete} to group {group.name}")
else:
print(f'{perm_delete} already exists for group {group.name}')
else:
print(f'{perm_change} disabled')
@receiver(post_save, sender=Group, dispatch_uid='create_missing_rule_sets') @receiver(post_save, sender=Group, dispatch_uid='create_missing_rule_sets')