More precise right managements (closes #644)

- wizard filtered with right managements - better admin for rights related to person types
author: Étienne Loks <etienne.loks@peacefrogs.net> 2011-10-11 20:40:01 +0200
committer: Étienne Loks <etienne.loks@peacefrogs.net> 2011-10-11 20:40:01 +0200
commit: cbbaaedc6fb3552081c30ff304ab9f97798426f7 (patch)
tree: 5b6673e61cd00871718cc6e1d4859d75b7433484
parent: 9708c9524c1534c283701fb2af524aa2446eec09 (diff)
download: Ishtar-cbbaaedc6fb3552081c30ff304ab9f97798426f7.tar.bz2
Ishtar-cbbaaedc6fb3552081c30ff304ab9f97798426f7.zip
5 files changed, 74 insertions, 16 deletions
diff --git a/ishtar/ishtar_base/admin.py b/ishtar/ishtar_base/admin.py
index c1bcd9766..ac110e9e5 100644
--- a/ishtar/ishtar_base/admin.py
+++ b/ishtar/ishtar_base/admin.py
@@ -221,13 +221,18 @@ class TreatmentSourceAdmin(admin.ModelAdmin):
 
 admin.site.register(models.TreatmentSource, TreatmentSourceAdmin)
 
-basic_models = [models.PersonType, models.IshtarUser, models.FileType,
-                models.OperationType, models.DatingType, models.DatingQuality,
-                models.SourceType, models.MaterialType, models.ParcelOwner,
-                models.WarehouseType, models.ActType, models.AuthorType,
-                models.OrganizationType, models.TreatmentType,
-                models.RemainType, models.PermitType, models.Unit,
-                models.ActivityType, models.IdentificationType]
+class PersonTypeAdmin(admin.ModelAdmin):
+    model = models.PersonType
+    filter_vertical = ('rights',)
+
+admin.site.register(models.PersonType, PersonTypeAdmin)
+
+basic_models = [models.IshtarUser, models.FileType, models.OperationType,
+                models.DatingType, models.DatingQuality, models.SourceType,
+                models.MaterialType, models.ParcelOwner, models.WarehouseType,
+                models.ActType, models.AuthorType, models.OrganizationType,
+                models.TreatmentType, models.RemainType, models.PermitType,
+                models.Unit, models.ActivityType, models.IdentificationType]
 if settings.COUNTRY == 'fr':
     basic_models += [models.Arrondissement, models.Canton, models.SaisineType]
 
diff --git a/ishtar/ishtar_base/forms.py b/ishtar/ishtar_base/forms.py
index 608e54739..d947b43ae 100644
--- a/ishtar/ishtar_base/forms.py
+++ b/ishtar/ishtar_base/forms.py
@@ -107,6 +107,32 @@ class Wizard(NamedUrlSessionFormWizard):
     model = None
     modification = None # True when the wizard modify an item
 
+    @staticmethod
+    def _check_right(step, condition=True):
+        '''Return a method to check the right for a specific step'''
+        def check_right(self, request, storage):
+            cond = condition
+            if callable(condition):
+                cond = condition(self, request, storage)
+            if not cond:
+                return False
+            person_type = request.user.ishtaruser.person.person_type
+            if person_type.txt_idx == 'administrator':
+                return True
+            if person_type.rights.filter(url_name=step).count():
+                return True
+        return check_right
+
+    def __init__(self, *args, **kwargs):
+        """Check right for each step of the wizard"""
+        super(Wizard, self).__init__(*args, **kwargs)
+        for form_key in self.form_list.keys()[:-1]:
+            condition = True
+            if form_key in self.condition_list:
+                condition = self.condition_list.get(form_key, True)
+            cond = self._check_right(form_key, condition)
+            self.condition_list[form_key] = cond
+
     def get_wizard_name(self):
         """As the class name can interfere when reused, use the url_name"""
         return self.url_name
diff --git a/ishtar/ishtar_base/forms_common.py b/ishtar/ishtar_base/forms_common.py
index d6a95aa75..68ab9be5f 100644
--- a/ishtar/ishtar_base/forms_common.py
+++ b/ishtar/ishtar_base/forms_common.py
@@ -38,7 +38,8 @@ from ishtar import settings
 
 import models
 import widgets
-from forms import Wizard, FinalForm, FormSet, reverse_lazy, name_validator
+from forms import Wizard, SearchWizard, FinalForm, FormSet, reverse_lazy, \
+                  name_validator
 
 def get_town_field(label=_(u"Town"), required=True):
     help_text = _(u"<p>Type name, department code and/or postal code of the "
@@ -198,6 +199,10 @@ class PersonForm(forms.Form):
         new_item.save()
         return new_item
 
+person_search_wizard = SearchWizard([
+                    ('general-person_search', PersonFormSelection)],
+                     url_name='person_search',)
+
 person_creation_wizard = PersonWizard([
                         ('identity-person_creation', PersonForm),
                         ('final-person_creation', FinalForm)],
diff --git a/ishtar/ishtar_base/menus.py b/ishtar/ishtar_base/menus.py
index 877f8aeab..79355a6be 100644
--- a/ishtar/ishtar_base/menus.py
+++ b/ishtar/ishtar_base/menus.py
@@ -67,6 +67,11 @@ class MenuItem:
             access_control = self.model._meta.app_label + '.' + access_control
             if user.has_perm(access_control, self.model):
                 return True
+        # manage by person type
+        if hasattr(user, 'ishtaruser'):
+            person_type = user.ishtaruser.person.person_type
+            if person_type.rights.filter(wizard__url_name=self.idx).count():
+                return True
         return False
 
     def is_available(self, user, obj=None):
@@ -76,6 +81,11 @@ class MenuItem:
             access_control = self.model._meta.app_label + '.' + access_control
             if user.has_perm(access_control, self.model, obj):
                 return True
+        # manage by person type
+        if hasattr(user, 'ishtaruser'):
+            person_type = user.ishtaruser.person.person_type
+            if person_type.rights.filter(wizard__url_name=self.idx).count():
+                return True
         return False
 
     def set_items(self, user, items):
diff --git a/ishtar/ishtar_base/views.py b/ishtar/ishtar_base/views.py
index c00dd8bc9..94a37d46e 100644
--- a/ishtar/ishtar_base/views.py
+++ b/ishtar/ishtar_base/views.py
@@ -74,8 +74,11 @@ def check_permission(request, action_slug, obj_id=None):
     return menu.items[action_slug].can_be_available(request.user)
 
 def autocomplete_person(request, person_type=None):
-    if not request.user.has_perm('ishtar_base.view_person', models.Person) and \
-       not request.user.has_perm('ishtar_base.view_own_person', models.Person) :
+    person_types = request.user.ishtaruser.person.person_type
+    if (not request.user.has_perm('ishtar_base.view_person', models.Person) and
+       not request.user.has_perm('ishtar_base.view_own_person', models.Person)
+       and not person_types.rights.filter(wizard__url_name='person_search'
+                                                                     ).count()):
         return HttpResponse(mimetype='text/plain')
     if not request.GET.get('term'):
         return HttpResponse(mimetype='text/plain')
@@ -120,8 +123,11 @@ def autocomplete_town(request):
     return HttpResponse(data, mimetype='text/plain')
 
 def autocomplete_file(request):
-    if not request.user.has_perm('ishtar_base.view_file', models.File) and \
-       not request.user.has_perm('ishtar_base.view_own_file', models.File) :
+    person_types = request.user.ishtaruser.person.person_type
+    if (not request.user.has_perm('ishtar_base.view_file', models.File) and \
+       not request.user.has_perm('ishtar_base.view_own_file', models.File)
+       and not person_types.rights.filter(wizard__url_name='file_search'
+                                                                     ).count()):
         return HttpResponse(mimetype='text/plain')
     if not request.GET.get('term'):
         return HttpResponse(mimetype='text/plain')
@@ -434,9 +440,12 @@ show_file = show_item(models.File, 'file')
 revert_file = revert_item(models.File)
 
 def autocomplete_operation(request, non_closed=True):
-    if not request.user.has_perm('ishtar_base.view_operation', models.Operation)\
+    person_types = request.user.ishtaruser.person.person_type
+    if (not request.user.has_perm('ishtar_base.view_operation', models.Operation)\
        and not request.user.has_perm('ishtar_base.view_own_operation',
-                                                              models.Operation):
+                                                              models.Operation)
+       and not person_types.rights.filter(wizard__url_name='operation_search'
+                                                                     ).count()):
         return HttpResponse(mimetype='text/plain')
     if not request.GET.get('term'):
         return HttpResponse(mimetype='text/plain')
@@ -492,10 +501,13 @@ get_administrativeactop = get_item(models.AdministrativeAct,
                           'act_type__intented_to':'act_type__intented_to'})
 
 def autocomplete_organization(request, orga_type=None):
-    if not request.user.has_perm('ishtar_base.view_organization',
+    person_types = request.user.ishtaruser.person.person_type
+    if (not request.user.has_perm('ishtar_base.view_organization',
                                  models.Organization) and \
        not request.user.has_perm('ishtar_base.view_own_organization',
-                                 models.Organization):
+                                 models.Organization)
+       and not person_types.rights.filter(wizard__url_name='person_search'
+                                                                     ).count()):
         return HttpResponse(mimetype='text/plain')
     if not request.GET.get('term'):
         return HttpResponse(mimetype='text/plain')
author	Étienne Loks <etienne.loks@peacefrogs.net>	2011-10-11 20:40:01 +0200
committer	Étienne Loks <etienne.loks@peacefrogs.net>	2011-10-11 20:40:01 +0200
commit	cbbaaedc6fb3552081c30ff304ab9f97798426f7 (patch)
tree	5b6673e61cd00871718cc6e1d4859d75b7433484
parent	9708c9524c1534c283701fb2af524aa2446eec09 (diff)
download	Ishtar-cbbaaedc6fb3552081c30ff304ab9f97798426f7.tar.bz2 Ishtar-cbbaaedc6fb3552081c30ff304ab9f97798426f7.zip